So when I look at HEAD, I can see that the logstash node has joined the
cluster successfully, but my index is not being built. In the logstash
log, I see the following:
log4j, [2014-11-14T13:22:49.842] WARN: org.elasticsearch.discovery:
[logstash-logstash01-29863-2036] waited for 30s and no initial state was
set by the discovery
Not sure why it's not building my index as I know there is data coming in
from about 50 servers or so. I'm a little lost at this point as I was able
to get this far and don't know if I am missing a setting somewhere. All
servers are on the same network segment and there are no firewalls on the
servers or between the servers. I was able to build basic indexes without
an issue from the ES cluster using the basic commands so I know it has the
ability to create an index.
Originally, the current logstash server and elasticsearch server were our
PoC servers and were successful and now we wanted to build a cluster for ES
since it was going to be handling a large amount of data.
I highly recommend that you use the HTTP output. Works great, is immune to
the ES version, and there are no performance issues that I've seen. It Just
Works.
For example, here's my sample logstash configuration's output settings:
output {
Uncomment for testing only:
stdout { codec => rubydebug }
Elasticsearch
elasticsearch {
# Specify http (with or without quotes around http) to direct the
# output as JSON documents via the Elasticsearch HTTP REST API
protocol => "http"
codec => json
manage_template => false
# Or whatever target ES host is required
host => "localhost"
# Or whatever _type is desired:
index_type => "sample"
}
}
As you can probably surmise, I have my own default index creation template
so there's no need to splatter it all over creation; logstash runs better
on the host on which it's gathering the log files and I vastly prefer one
central index template than keeping a bazillion logstash configurations in
perfect sync. And if we happen replace logstash for something else, then I
still have my index creation templates.
So when I look at HEAD, I can see that the logstash node has joined the
cluster successfully, but my index is not being built. In the logstash
log, I see the following:
log4j, [2014-11-14T13:22:49.842] WARN: org.elasticsearch.discovery:
[logstash-logstash01-29863-2036] waited for 30s and no initial state was
set by the discovery
Not sure why it's not building my index as I know there is data coming in
from about 50 servers or so. I'm a little lost at this point as I was able
to get this far and don't know if I am missing a setting somewhere. All
servers are on the same network segment and there are no firewalls on the
servers or between the servers. I was able to build basic indexes without
an issue from the ES cluster using the basic commands so I know it has the
ability to create an index.
Originally, the current logstash server and elasticsearch server were our
PoC servers and were successful and now we wanted to build a cluster for ES
since it was going to be handling a large amount of data.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.