Hello, Currently I have my syslog-ng --> logstash --> elasticsearch1 & elastisearch2 setup working pretty good. It's accepting over 300 events per second and hasn't bogged the systems down at all. However I'm running into 2 issues that I don't quite understand.
1. When viewing the information in Kibana, it appears to be anywhere from 15 min to an hr behind on the "all events" view. Sometimes when I search for new logs it shows up correctly but overall it seems like it's lagging behind trying to keep up with what logstash is sending it. That being said, I'm concerned that logs are being dropped and I don't know about it. Are there any commands I can use to validate this type of information or what I can do to make sure elasticsearch/KIbana is keeping up? 2. I've had to restart elasticsearch a few times and every time I do, it completely breaks things. Once it starts back up it doesn't continue to show the logs in Kibana correctly and when I run a health check, it says there are unassigned shards. I've not been able to fix this and in the past I've always just had to delete them and start from scratch again. Any idea what is going on with this or how I can more cleanly restart or reboot the servers and recover from it? Thanks, Eric -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/cab9c4e5-4e1a-4acd-b3ac-77fdc7ef6bef%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
