"I have always valued the support of this community, and I find myself in need of assistance once again. Here's the situation: I currently have Elasticsearch installed on VM1, but I'm facing disk space issues, and the cluster status is yellow. To resolve this, I've created another VM, VM2, on the same host with the intention of setting up an Elasticsearch cluster across both VMs with two nodes.
I'm collecting three different logs, let's call them A.log, B.log, and C.log. Each of these logs has its own logstash.conf file for extracting important features and creating their respective indices in Elasticsearch. Additionally, I have a separate logstash configuration file, merge.log, which combines and maps data from all three indices (A, B, and C) based on a common attribute. I used to run this merge.conf file via crontab at a scheduled time to create an index pattern that includes attributes from all three logs.
Now, with a two-node cluster in place, I'm encountering difficulties running the merge.conf file effectively. Moreover, Kibana is also giving error
Validation Failed: 1: [ccs_minimize_roundtrips] is not supported on async search queries;
I have two specific questions:
Is this the correct approach for my setup?
Do I need to run the merge.conf file on both nodes or will it work with just one?"