In our local network I have some server with Logstash + ES + Kibana to analyse the logs from others servers, let's call it log-server.
Just for information, the others servers send the logs using rsyslog facility to the log-server, so logstash get files from /var/remote-log/ directory and then passing them to ES and then to Kibana.
Recently the servers starts to work wrong... I don't know if it's the problem, but...
Some minutes after the start we see another node with the same IP :
log-server:9200/_cluster/state/nodes?pretty
{
"cluster_name" : "LOG",
"nodes" : {
"ylTo0EIRQoeTRpmeFbuKkQ" : {
"name" : "<log-server_dns_name>-1849-14534",
"transport_address" : "inet[/:9301]",
"attributes" : {
"client" : "true",
"data" : "false"
}
},
"9a9iB_OHQYaUotDV-9fcQQ" : {
"name" : "Roland Barthes",
"transport_address" : "inet[/:9300]",
"attributes" : { }
}
}
}
In the ES config there are only two uncommented lines :
cluster.name: LOG
node.name: "Roland Barthes"
All others lines are commented.
So I don't understand where the node "<log-server_dns_name>-1849-14534" comes from?
And that I should do with ?
Just for information. In the same local network there are another ES server, but the "transport_address" of my second node is the same as the log-server's one... so I do not think that there is some link with another ES- server.
logstash version : 1.5
ES version : 1.6
Kibana : 4.0
Thank you for your help.