Logstash failing to process messages
Kernel Panic
kpnemesis at gmail.com
Wed May 23 15:23:58 UTC 2018
Hello, I'll just list the versions before I start:
FreeBSD 11.1
Logstash 6.23
Elasticsearch 5.6.8
Kibana 5.6.8
The issue I'm having is that after a few days Logstash will stop processing
any messages; I'm using the same config file that I used with Logstash
5.3.0 which worked without issue and was rock-solid. There's nothing in the
Logstash log file apart from messages about a field in my Cisco logs being
the wrong type and therefore failing to index, however this has always been
the case. I have tried enabling the 'dead letter' feature in Logstash to
process these Cisco logs but that just makes Logstash even more unstable.
The Logstash service doesn't actually crash, it just stops processing
messages and fails to respond to the restart command so I end up having to
reboot the server. I should say though that Logstash continues to respond
the the monitor API commands.
I have tried updating all Logstash plugins however that has not fixed the
issue.
As I said, I never had any problems with Logstash 5.3.0 but the latest
version (and version 5.6.8) just seem to become unstable after a few days.
Any help is greatly appreciated.
More information about the freebsd-ports
mailing list