Actually, the journal is only written to right after the message is received on an input. From there it is picked up by the processing system and “processed” and then sent to the output processor to be sent to ES. If ES can not write the message, the output buffer begins to fill up, then the process buffer fills up, then the journal fills up. Once the journal reaches it’s limit (either size or age) it purges the oldest messages to make room for the new ones. Once the road block (in this case ES) is cleared or fixed. The messages start getting written to ES, the output buffer empties, the process buffer sends messages to the output buffer, the process buffer starts picking up messages from the journal… and slowly the system starts to recover.
Output buffer problems are usually related to either and issue with ES or insufficient/oversubscription of CPUs. output processing doesn’t require alot of processors, but should have at least 1 dedicated CPU.