I would like to know whether Winlogbeat supports the following use case:
Suppose I have 1000 machines that are configured with 2 Logstash output hosts A and B.
I would like all traffic to be sent to A. When A becomes unreachable, traffic should be sent to B.
Documentation says hosts are picked randomly for connections. Is there a workaround to implement prioritization?
With the current configuration, it cannot be predicted how many machines would send logs to host A and how many to host B if both are reachable.
If I set the loadbalance flag to true, what would happen when host A becomes unresponsive? Would Winlogbeat redirect ALL messages to host B? If yes, how frequently would it try to re-establish a connection with host A to restore load balancing?
There doesn't seem to be a way of controlling LB from a beat to multiple output
Probably the closer you can get is seting up both outputs (logstash), and also setting max_tries above the default
# The number of times a particular Elasticsearch index operation is attempted. If
# the indexing operation doesn't succeed after this many retries, the events are
# dropped. The default is 3.
#max_retries: 3
Some requests will still try to hit the non responding output endpoint though. The alternative is using some sort of external proxy, mesh like, that load balances the beat's output.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.