Elastic's blog post details the investigation and resolution of a significant memory leak affecting Logstash deployments on Windows, which was reported by numerous users. Despite initial difficulty in identifying the issue due to standard JVM heap analysis tools showing no anomalies, the team employed Microsoft Sysinternals' VMMap, which revealed excessive "Unusable" memory related to small, un-freed allocations. The root cause was traced to the Logstash file input plugin, particularly the FileWatch library's use of Ruby's File#stat method, which caused continuous off-heap allocations in JRuby. By narrowing down JRuby versions, the leak was pinpointed to a regression introduced in JRuby 1.7.20. The JRuby core team, alerted via IRC, quickly identified the issue within the jnr-posix library and released a fix in JRuby 9.0.4.0 and 1.7.23, which was incorporated into upcoming Logstash releases.