I have LogStash feeding 3 ElasticSearch nodes. I am only getting output to the logs on one of them. The logs on the other two don't seem to updating at all., systemctl confirms ElasticSearch is running on all three and I can curl/telnet to port 9200 on all three machines so not a connectivity issues. I am also sending Logstash to output to file and the file looks correct.
If you want to write to 3 different clusters you need 3 separate Elasticsearch outputs. Do you have this in your config?
Yes I have three separate Elasticsearch hosts listed`
output {
elasticsearch {
hosts => ["10.0.1.96:9200", "10.0.1.97:9200", "10.0.1.101:9200"]
index => "snmplogger-%{+YYYY.MM.dd}"
template_overwrite => true
template_name => "snmplogs"
manage_template => true
template => "/etc/logstash/templates/snmplogs.json"
}
`
Three outputs, not three hosts in one output.
That load balances across three hosts, but does not send data to all three.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.