The wsgi container for Striker running on californium is configured to send logs both to local disk and to the WMF ELK stack. Investigating behavior because of a reported fatal error on irc that I could find in the error messages in the on-disk logs on californium but not in a kibana search.
I found the real problem in T151422#2858048. The UDP packets are being limited to 1500 bytes with 1472 bytes for payload. So any json string longer than 1472 will be truncated in transit and discarded by the logstash json codec.
It looks like the proper firewall holes are not open to actually allow this. (hypothesis disproven in T151422#2857363)
$ telnet logstash1003.eqiad.wmnet 11514 Trying 10.64.48.113... # connection attempt sits open here for minutes... telnet: Unable to connect to remote host: Connection timed out
The ferm rules that need to be fixed are likely on the logstash100 servers themselves.