Every few days all our systems stop sending logs

[Frouldeste]

Every few days all our systems stop sending logs (or so it appears). But, I can get the logs to start up again once I restart logstash (via "service logstash restart"). I assume I shouldn't need to continuously restart logstash. What are some possible causes and what logs on the OS or application can I look at to try and troubleshoot the issue?

[jmichaelson]

You can check the logstash logs by entering journalctl -xeu logstash in a terminal window.

The logstash logs can be found in /usr/local/nagioslogserver/logstash/logs.

Look for anything relating to an unhandled exception. Feel free to post snippets here (sanitized, if necessary, to remove private data) and we can provide further help.