I have a 8 node cluster with 1 logstash server collecting winlogbeats data. It has been running fine until recently. I added more endpoints and I noticed in Kibana that all the events stopped at the same time.
What is the best way of finding the errors/cause of this? I've ran into something similar before were the index size of daily was too small so I set it to weekly. Deleting the data and restarting caused data to flow.
I'm reviewing logs in /var/log/elasticsearch but haven't found indication of an error yet. Any tips or pointers? My troubleshooting skills regarding elasticsearch are weak.