I have like 5 elastic nodes in total. One node ingest and coordinating node while two are dedicated master nodes and the other two are dedicated data nodes.
I have elasticsearch install on all my five nodes with respective settings.
What i am confused about and want to know is.
Does i need to include all the elasticsearch nodes ip addresses in filebeat.yml file
which is install on seperate node. output.elasticsearch.hosts: ['https://x.x.x.x', '' '',"" ]
or i should add only the data nodes. Actually i am really confuse and don't know much about this. Filebeat will be inserting data into elasticsearch so can anyone guide on this.
but you can install kibana on seperate vm as well if you want too..... as far as filebeat or logstash is concerned it will be install from where you want to ship data to elasticsearch .... so it can be directly connected to elasticsearch you will not be needed to install filebeat along elasticsearch on that machine.
Did you ever find out the answer to your original question regarding which hosts must be included in the output.elasticsearch hosts property (master, data, indest)? My guess is it's the data nodes unless you're using logstash or dedicated ingest nodes, but the ingest/pipeline nodes also have to send their data somewhere. I agree it's confusing for a beginner like me. I've searched and searched Elastic's documentation and I just can't find a definite answer. The documentation always just says "Elasticsearch nodes".
Thank you! I think I finally get it. All Elasticsearch nodes are ingest nodes by default. Our ingest volume is still quite low so until volume increases enough that we need to start using dedicated ingest-only nodes I will send filebeat data to the data nodes. My master-eligible nodes are master-only so they will not be included in the filebeat output.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
