Elastic cluster is not realtime when displaying data for some hosts

MikeC · December 3, 2015, 8:30pm

(previous question here)

Hi,

i have an elastic 2.0 cluster with 3 data nodes m003/4/5, 1 master m004 and 1 dummy node m006.
The server with the dummy node (not data, not master) has a kibana running.
Behind all that, i've got a logstash server running that distributes events with this configuration

elasticsearch {
    hosts => ['m003', 'm004', 'm005']
}

The issue that im seeing is that my kibana graphs are not real time any more for all hosts.
For a group of hosts, there is a 2-3 min delay and for another group the data are update real-time.

I've used this guild for my setup.

warkolm · December 5, 2015, 12:20am

KB reads from ES, and ES can only display what it has.
Are you sure that the data exists in ES when you see this gap?

Client node, not dummy

MikeC · December 7, 2015, 10:22am

thanks for the correction, im still getting used to the terminology.

This might be a sneaky firewall issue from the IT department - Ill post an update when i rule that out (or confirm it).

Cheers