Hi!
I use Elasticsearch along wih Logstash and Filebeat, to save logs.
In order to get high availability, I am thinking in using CCR, because half or more than half of my nodes could be lost at any time.
Elasticsearch clusters will be in different datacenters, however, datacenters are near one from the other, I mean, I do not need CCR to get geo-proximity solution.
We use logstash in order to send data to Elasticsearch, but some of our applications could sometime write directly to Elasticsearch.
We use Kibana to consume Elasticsearch data, but we also have third party application that consumes data from Elasticsearch.
When Elasticsearch is down, the applications which write logs does not stop.
Then, is CCR a good solution for our problems?
When Elasticsearch is not working, how do we have to do in order to use the replicated cluster? I mean, Kibana is pointing to the first cluster. Logstash is also pointing to the stoped cluster. Our third party application is pointing to the stoped cluster. Do we have to quickly change configurations of these applications , so they point to the replica cluster?
Thanks in advance!