I currently have this as my output for logs to my elasticsearch cluster:
output {
elasticsearch {
bind_host => "10.1.55.4"
host => "10.1.55.8,10.1.55.9,10.1.55.10,10.1.55.11,10.1.55.12,10.1.55.13,10.1.55.14,10.1.55.15,10.1.55.16,10.1.55.17"
cluster => "CLUSTER-NAME"
embedded => false
template => "TEMPLATE"
template_name => "TEMPLATE-NAME"
template_overwrite => true
index => "INDEX"
}
}
I'd like to replace the host => field with the domain name for the ES cluster. I'd like to do this to make it easy to spin up new nodes with minimal changes to configuration files. I tried to change the host => field from IP address to domain, logstash starts but doesn't seem to process any data. Is this possible to do? Do I have to use the FQDN or can I use just the shortname.
Thanls