(I already asked this questions in Elastic forum, but as I have received no answer, I repost it here)
We have 3 hosts with Logstash 2.4.1 and Elasticsearch 2.4.1 on each host, with Logstash configured to receive gelf and syslog/tcp logs.
Sometimes some gelf logs are lost.
- With tcdump I see that the UDP packet reaches the host
- With netstat -c --udp -an | grep 12201 I see the udp queue is always empty
- Logstash is using nearly no CPU (~15% of a core)
- The index queue of Elasticsearch is always empty
- The volume of logs saved to ES is pretty low (<1000/s)
What is happening to my logs?
