We are new to elasticsearch and running a POC and nodes are hosted as EC2 instance in aws. We have a query for elasticsearch node redundancy. How do we configure multiple elasticsearch nodes in auditbeat/filebeat to achieve redundancy during a node failure.
We have 1500 servers which needs audit/file beats to be configured to point to elasticsearch nodes. In audit/filebeat config can we point to a ALB/NLB so that we can add multiple nodes under ALB/NLB when required and no config change is required on auditbeat/filebeat config every time. Please help
I'm not familiar with ALB/NLB but it sounds like these are load balancers fronting your Elasticsearch nodes. If so, as long as these load balancers are configured to talk to the Elasticsearch nodes' HTTP ports (the one which is 9200 by default), then yes, you can simply set output.elasticsearch.hosts in your Auditbeat/Filebeat configuration to point to the ALB/NLB. Depending on the load balancing policy, the HTTP traffic coming from Beats will be routed to various Elasticsearch nodes.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.