Everytime I restart any of the elasticsearch nodes they logstash server stops sending logs to any of them. I have it setup to send data to all 5 host in my cluster from the netflow on our core router. The output lines look like this:
output {
elasticsearch {
index => "logstash-cisco-asa-5512-netflow-%{+YYYY.MM.dd}"
hosts => ["172.16.0.5:9200", "172.16.0.4:9200", "172.16.0.3:9200"]
flush_size => 1
}
I am still pretty new to this whole ELK process but am really enjoying learning it and being able to process the data from our busy core router in real time is an awesome feat.
Brad