Hi again forum!
...I'm sad as my brand new toy lasted very little time... thank God I kept ald stuff on.
As I decided that ELK may still be suitable to have nice stats on services for IT staff, I started creting my filters and got my elasticsearch mini cluster up, and so .... but as I added a few logstash-forwarder clients with several services, problems aose very quick...
- First was logstash stopping out of memory.... inceasing max mem limit is a stopgap, so I upgraded my debian repo from 1.4 to 1.5 and upgrade, since I read that there is a memory leak on TCP connections (I use them) that is fixed on 1.5.
- Second, upgrading was not clean... since I have added some patterns on the patterns dir there were problems deleting old folders (fortunately!!!! that saved up my filters!!!!) and upgrade was a little bit bitter
-Third , As I recover from memory problems (increased the mem limit anyway) there seems to be connection problems from the LSF clients... the max_connection limit appeears on the log... and I'm starting to ecome worried... - Trying to find where is the connection limit defined, I ended up discovering it is defined nowhere...
- Out of desperation I read that increasing threads may solve the problem... so I added -w X on the init.d script, since I'm unable to find the thread parameter nowhere on the /etc/default/ file... and tried again.
- The problem persists.... now being TLS handshake everywhere...
- In addition, since -w 8 usage, start/stop is horrible...
So.... as you can read, it all is out of service... very very disapointing and, of course, far from being considered for production.... but I read people tah has being using it on thousands of servers!!! why now is not possible to run more than just 10, 12 servers? I got plenty of CPU and RAM everywhere.... and the datacenter eth connection is gigabit everywhere.... in all no system is overloaded...
So a massive full failure is really strange.... do you believe I'm missing something? it all apears a nightmare!
Best regards