When I read hints about elasticsearch output plugin I noticed that
It is important to exclude dedicated master nodes from the hosts list to prevent LS from sending bulk requests to the master nodes. So this parameter should only reference either data or client nodes in Elasticsearch.
But I tried to do so and connect my logstash instance to my ES cluster with only one node:
node.data: true
node.master: true
And I found that it worked well till today, I got numerous of 400 error when writing data to ES in logstash's log.
Then I checked my ES log and found a large number of DEBUG level error like this:
[2015-12-14 00:00:52,353][DEBUG][action.bulk] [] observer: timeout notification from cluster service. timeout setting [1m], time since start [1m]
[2015-12-14 00:01:53,925][DEBUG][action.bulk] [] observer: timeout notification from cluster service. timeout setting [1m], time since start [1m]
I don't know whether it is caused by the heavy load on indexing action for my ES node, or there is something wrong with my logstash configuration.
So I wonder that is it possible to connect logstash with elasticsearch master node? And if I do so, is there any side effect?