I have a Logstash setup with 4 nodes that collects logs from several OpenShift (OCP) clusters. However, all of the logs from these OCP clusters use the same pipeline. Lately, the logs have been coming in intermittently (not consistently). Could you please help me identify where the issue might be? Thank you.
Welcome back to the community!
Intermittent data usually points to input or pipeline bottlenecks. Check Logstash logs for backpressure warnings, pipeline worker usage, and queue size. Also verify network/connectivity between OCP clusters and all 4 Logstash nodes. Testing each node individually can help isolate where the drop happens.