Is it possible to connect logstash with elasticsearch master node?

When I read hints about elasticsearch output plugin I noticed that

It is important to exclude dedicated master nodes from the hosts list to prevent LS from sending bulk requests to the master nodes. So this parameter should only reference either data or client nodes in Elasticsearch.

But I tried to do so and connect my logstash instance to my ES cluster with only one node:

node.data: true
node.master: true

And I found that it worked well till today, I got numerous of 400 error when writing data to ES in logstash's log.

Then I checked my ES log and found a large number of DEBUG level error like this:

[2015-12-14 00:00:52,353][DEBUG][action.bulk] [] observer: timeout notification from cluster service. timeout setting [1m], time since start [1m]
[2015-12-14 00:01:53,925][DEBUG][action.bulk] [] observer: timeout notification from cluster service. timeout setting [1m], time since start [1m]

I don't know whether it is caused by the heavy load on indexing action for my ES node, or there is something wrong with my logstash configuration.

So I wonder that is it possible to connect logstash with elasticsearch master node? And if I do so, is there any side effect?

Hello Yangc,

These timeouts are an indication of high load on the cluster - probably long garbage collection cycles. As you say that you have only one node which is both data and master, then you must send all your requests to it. Only in the case where you have dedicated master nodes should you ensure not to send any requests to them.

To increase throughput, you will need to have more data nodes, and better still dedicated master nodes.

Cheers,
-Robin-