time_wait in logstash server

0
votes

I have setup logstash, kibana, elasticsearch in logstash-server and logstash-forwarder in client-servers. I have setup five client-servers where logstash-forwarder is installed. It was working fine when there was two and three client-servers but after adding more servers I was unable to see the log in kibana. Is this because client-servers sending too much data? I am using port 5000 for sending and receiving the logs. Because there was no log I use command netstat -an to see what is happening. From the command I see results as follows:

xxx.xx.xxx.xx => logstash-server, yyy.yy.yyy.yy => client-server

tcp        0      0 ::ffff:xxx.xx.xxx.xx:5000  ::ffff:yyy.yy.yyy.yy:44693  TIME_WAIT
tcp        0      0 ::ffff:xxx.xx.xxx.xx:5000  ::ffff:xxx.xx.xxx.xx:9300   TIME_WAIT
tcp        0      0 ::ffff:xxx.xx.xxx.xx:5000  ::ffff:yyy.yy.yyy.yy:48026  TIME_WAIT
tcp        0      0 ::ffff:xxx.xx.xxx.xx:5000  ::ffff:yyy.yy.yyy.yy:9300   TIME_WAIT
tcp        0      0 ::ffff:xxx.xx.xxx.xx:5000  ::ffff:yyy.yy.yyy.yy:49719  TIME_WAIT

I have already Google it and didn't find any solution till now. My question is how do I remove this TIME_WAIT or kill these and restart accepting the logs from the server. Is there anyway so that I can optimize it?

1
logstashnetstat

1 Answers

0
votes

Well I am running logstash-1.4.2 and elasticsearch-1.2.1, I am debugging the problem, I ran following command in client-server /opt/logstash-forwarder/bin/logstash-forwarder.sh -config /etc/logstash-forwarder (it may be different for you). The problem I see till now is that the ssl certificate has expired. I again regenerated the ssl key and configured the logstash again and see problems like

Failure connecting to xxx.xxx.xxx.xxx: dial tcp xx.xxx.xxx.xxx:5000: i/o timeout,

and

Read error looking for ack: EOF

This may be additional question, why I am getting it. May be a bug.