We have 3 elasticsearch nodes and a client node.
node 1, node 2, node 3
The current output of elastic agent is node 1.
If the node 1 goes down is there a way for elastic agent to automatically sent its output to node 2 or node 3? (Is it possible to set multiple IP addresses when we specify the output of elastic agent so that we can address node failure)
Is, hosts is an array for a list of hosts.
Check the documentation.
hosts(list) The list of Elasticsearch nodes to connect to. The events are distributed to these nodes in round robin order. If one node becomes unreachable, the event is automatically sent to another node.
Actually we were trying to use fleet to manage the agents.
Is there a way to specify multiple elasticsearch outputs for a single elastic-agents when they are managed by fleet?
Oh I see.
Just edit the output and click in Add row to add a new output host.
It worked.
Thank you 
We have given multiple outputs (node1,node2, node3) in the fleet settings.
Now the logs are reaching the elasticsearch even when one elasticsearch node goes down.
but, the fleet server and the client agents are shown as offline when the node 1 of elasticsearch goes down, even though the data ingested using the client agent is reaching elasticsearch.
(We used the node1 to enroll the fleet server)
As a result we cannot push new policies when node 1 of elasticsearch is down.
Is multiple fleet servers the solution here? If so how to enroll them?
Thanks a lot for the support.
Shi
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.