Hello,
While investigating on "[main] Marking url as dead." errors, I noticed that I have lots of socket connection established from my logstash to the two coordinating nodes :
netstat -nat | grep 9200 | wc -l
93
Logstash output conf :
output {
if [identifiant] == "CUSTOMER1" {
elasticsearch {
ilm_enabled => true
hosts => ["https://192.168.145.7:9200", "https://192.168.145.8:9200"]
user => "elastic"
password => "pasword"
ssl => true
cacert => "/etc/logstash/certs/ca.pem"
index => "ims_customer1_logs"
}
}
}
output {
if [identifiant] == "CUSTOMER2" {
elasticsearch {
ilm_enabled => true
hosts => ["https://192.168.145.7:9200", "https://192.168.145.8:9200"]
user => "elastic"
password => "pasword"
ssl => true
cacert => "/etc/logstash/certs/ca.pem"
index => "ims_customer2_logs"
}
}
}
output {
if [identifiant] == "CUSTOMER3" {
elasticsearch {
ilm_enabled => true
hosts => ["https://192.168.145.7:9200", "https://192.168.145.8:9200"]
user => "elastic"
password => "pasword"
ssl => true
cacert => "/etc/logstash/certs/ca.pem"
index => "ims_customer3_logs"
}
}
}
output {
if [identifiant] == "CUSTOMER4" {
elasticsearch {
ilm_enabled => true
hosts => ["https://192.168.145.7:9200", "https://192.168.145.8:9200"]
user => "elastic"
password => "pasword"
ssl => true
cacert => "/etc/logstash/certs/ca.pem"
index => "ims_customer4_logs"
}
}
}
Do you think this is a normal behavior ? maybe this is related to the lost connection to elasticsearch errors ?
Thanks for your help !