Howdy folks,
I have what I hope will be a fairly simple question for you. I'm going to
be pumping netflow records into an ES cluster. In order to ensure that I
catch all of these messages, I'm going to have multiple netflow
destinations configured on the originating devices (routers, switches, etc)
- and the records will be caught by individual Logstash instances.
Unfortunately, that means that each Logstash instance will attempt to
store identical netflow records into the ES cluster.
I have seen mixed opinions on how ES will respond to this. Some
discussions suggest that the the first CREATE attempt will succeed, and the
second attempt will fail - because the record/object will already exist.
That would be a good outcome, as far as I'm concerned. That's the
behavior I want to see - but is that what I'll actually see?
Is the object ID created in a deterministic manner, such that both Logstash
instances will derive the same value?
Any insight would be appreciated.
Thanks,
Alan
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/6d2d54f8-a74e-4f71-a6ec-47dfc8035e31%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.