I wonder if the SQL hold the insert traffic, because if it did... I would guess one could argue file->logstash->redis->ES would be overarchitecting it :)
Well actually ... I have one. I worked at a big corporate that decided to create a link between SMS and IM for emerging markets, that was a few years after the iPhone was introduced. At some point we were 100 people, 5 dev groups (4 services and 1 infrastructure), another PM and QA group and a few more Ops. After 9 months the project was live, and had a problem with market acceptance (although there were focus groups showing it would catch with teens that dont have access to their IM before they go to sleep, or at school). The funny thing that a "pilot" version was ready after a month, written by 2 developers, that was almost feature complete. The joke was we should have shipped the pilot after a month.
I did suggest they use files on disk and then logstash / fluentd / whatever, but they just said it wouldn't hold...
Go figure