Is there a reason the redis output can use an array but the redis input cannot.
I would like to use my domain name (a DNS entry for many IP's with the same domain name) in the redis input so that I can spin up new nodes as needed without changing any of my configurations. If I understand the current setup correctly I need to have an input statement that includes each redis nodes IP address on each of my indexers such as:
input {
redis {
host => [ "x.x.x.x" ]
data_type => "list"
key => "bro"
}
redis {
host => [ "x.x.x.x" ]
data_type => "list"
key => "bro"
}
redis {
host => [ "x.x.x.x" ]
data_type => "list"
key => "bro"
}
redis {
host => [ "x.x.x.x" ]
data_type => "list"
key => "bro"
}
}
To help my current setup is I have multiple IDS sensors sending logs to a local redis queue on the sensor, that local queue sends data to a central redis queue with 8 redis nodes (each on their own vm's) I have 4 logstash indexers reading from that queue and sending into a multi node ES cluster. As stated earlier I think having the redis input able ro trad from an array or from a domain name that has multiple IP addresses would be helpful in a setup like mine because it would allow me to spin up a new node when needed and just add that nodes IP address to my DNS server and not have to change any config in my ELK stack.
Just a thought, and please if I have this information wrong correct me.