Multiple clients send there documents to the old elasticsearch location (IP). Instead of changing the config of all these clients I want to put a logstash instance at the old ES location and let it forward all the traffic to the new elasticsearch instance. I am sure this is possible quite easily but I don't find the exect logstash configuration I need for that.
Or am I off the track?
One reason that I do not want to change these old clients is that I can't. Some of them can't use encryption and the only way to the new location is via SSL.
Are you going to do any processing of the message in this logstash instance? If not, why not do port forwarding using something like SSH.
Thanks for your answer. Great, simple and self-evident solution.
Yes that should be possible and I will think about it. The main reason against this solution is probably my lazyness. It's easier for me to configure logstash than a VPN (or a reliable SSH tunnel).
But still and now partly just because I am curious. Do you know how to do this with logstash?
If you use an http input and an http output you could probably glue them together and get the requests into elasticsearch. But you would not be able to get a response back to the client.
Hmm, the longer I think about it, the more your first Idea seems the way to go. I will try it.
Thanks a lot!
Yip, I did it with an SSH tunnel plus a socat process that transforms syslog UDB packets to TCP so they can be forwarded by the tunnel,
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.