Hi Team,
I am planning to have one more node to my Elasticsearch cluster, but only for a specific use case. I need that node to be used only for ingesting logs from our Cisco ASA using filebeat. How can i restrict this node. Can i use index level shard allocation filtering with a custom node attribute so that only indexes related to Cisco ASA is created in this specific node.
Please help.
Thanks
Ajesh
Yes you can use shard allocation filtering for this.
Thank you David. One more query , As soon as i add this node to cluster, will the other indices (winlogbeat-, auditbeat- etc) will be moved to this new node as a part of cluster node re balancing. Currently i can see all the indices are equally distributed across all the nodes.
i do have an explicit config below for other indices to keep the data in hot nodes only
"routing": {
"allocation": {
"require": {
"data": "hot"
}
}
},This won't affect other indices until you change the allocation settings for those indices as well and exclude the hot nodes.
Thanks David
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.