We use the elasticsearch_http output to send logs to ElasticSearch. Since we upgraded to v1.2.1, we very often see this in Logstash logs :
The host is an FQDN in the elasticsearch_http output. Yet, the DNS lookup s seem to work flawlessly on the machine when the issue happens. dnsmasq is used as a local DNS client cache. Logstash didn't throw this error in v1.1.x.
When using an IP address instead of an FQDN, it seems to work.