Connect to elasticsearch cluster

Hello all,
I have a question about elasticsearch cluster, please advise:
I setup 3 nodes elasticsearch cluster with each node have all the default roles. But I don't know how my filebeat or logstash can push log to elasticsearch cluster and distribute index across 3 nodes. I have read on a forum that I need a "coordinating node" for routing purpose. However, on the elasticsearch guide, "Coordinating only nodes can benefit large clusters....", but I have only 3 nodes on my cluster.
So my question is, do I must setup a coordinate node for my cluster? If not, how can I push log from filebeat to all elasticsearch nodes?

Thanks for helping!

image763×495 43.9 KB

Hello!
I've got three nodes in one of my clusters.
All nodes have:

• elasticsearch
• kibana
• logstash
• filebeat

In my elasticsearch.yml i set all nodes as master and data.

node.master: true
node.data: true

and in filebeat configuration - /etc/filebeat/filebeat.yml I have got:

output.logstash:
  # The Logstash hosts
   hosts: ["111.111.1111.111:5000", "222.222.222.222:5000", "333.333.333.333:5000" ]

of course in my conf file there are real IPs ans PORTs (that I don't want to show ).

The other thing is that you can have more than one input for logstash per node - you have to create more config files:

# ls -la /etc/logstash/conf.d/
razem 16
drwxr-xr-x 2 root root 4096 08-08 14:13 .
drwxr-xr-x 3 root root 4096 08-16 11:39 ..
-rw-r--r-- 1 root root 1161 07-27 09:14 filebeat.conf
-rw-r--r-- 1 root root 1116 07-27 14:21 metricbeat.conf

Thanks for your idea, i will try that.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.