Are you sure your logs are generated linearly without bursts? --
Itamar Syn-Hershko http://code972.com | @synhershko <https://twitter.com/synhershko> Freelance Developer & Consultant Lucene.NET committer and PMC member On Tue, Feb 10, 2015 at 6:29 PM, Yuval Khalifa <iyuv...@gmail.com> wrote: > Hi, > > We just installed an ELK server and configured the logstash configuration > to match the data that we send to it and until last month it seems to be > working fine but since then we see very strange behavior in the Kibana, the > event over time histogram shows the event rate at the normal level for > about a half an hour, then drops to about 20% of the normal rate and then > it continues to drop slowly for about two hours and then stops and after a > minute or two it returns to normal for the next half an hour or so and the > same behavior repeats. Needless to say that both the /var/log/logstash and > /var/log/elasticsearch both show nothing since the service started and by > using tcpdump we can verify that events keep coming in at the same rate all > time. I attached our logstash configuration, the > /var/logstash/logstash.log, the /var/log/elasticsearch/clustername.log and > a screenshot of our Kibana with no filter applied so that you can see the > weird behavior that we see. > > Is there someone/somewhere that we can turn to to get some help on the > subject? > > > Thanks a lot, > Yuval. > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to elasticsearch+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/c2e5a524-1ba6-4dc9-9fc3-d206d8f82717%40googlegroups.com > <https://groups.google.com/d/msgid/elasticsearch/c2e5a524-1ba6-4dc9-9fc3-d206d8f82717%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZsRoNmJ__QdLnB6NYLhoDVaD9CR1RNkC_9_c%2Boaqccqww%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
