Currently we are using Elasticsearch 6.7.1 and have:
3 master nodes and 4 data nodes.
In filebeat configuration, should the output to elasticsearch point to master or the data nodes?
We also have a load balancer for the data nodes, so can the output in filebeat get configured to send the load balancer instead of data nodes?
pointing to the data nodes sounds good to me, so the master nodes do not have to deal with data but can focus on the management tasks.
How about the load balancer, if we have that in front of the data nodes, should the output in filebeat get configured to send the data to the loadbalancer instead?
That sounds ok as well. I'd just try to reduce the number of components involved, but that is more of a personal preference.
One thing worth testing would be, what happens when an ES node is not reachable, but you only connect to the load balancer. I suppose that there is some backoff waitiing time before reconnecting, where as with a list of nodes, the next host would be tried.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.