Hello!
Resently i noticed, that i doesn't get some Windows logs. I use WEF collector - Winlogbeat - Logstash - Elasticsearch.
I checked WEF, messages were on it and it was ok, than i check winlogbeat logs - there is no errors or something strange. I even use debug mode.
After it i check Logstash - i look for /var/log/logstash/logstash* logs and doesn't find any problems. I look for healthcheck in Kibana: CPU were near 10% and Heap near 9 Gb from 30Gb for JAVA.
Than i disable other logs, except winlogbeat. Before this action i has near 80 EPS for (winlogbeat-wef) pipe, after i have 3500 EPS! So, a lot of events simply dropped, as i understand and i coudnt find any logs about it.
Here you can see overal EPS for Logstash
So, my questions are:
- how to determine that something goes wrong with Logstash?Is there is some secret logs?
- How can i know about queues?
- How can i ckeck the health of every pipe?