Is it possible to send same data records/events from Logstash output section to two different elastic targets - one 2-node cluster and another separate elastic instance ? Second target would be for testing - so that same data feed is used for that.
Thanks
Great - thank you
.. forgot to ask - if there are two outputs - one for each elastic target - what if one of those is down? Will that stop the data from getting into the other one - is it 'all-or-none' output from Logstash or will events still flow to the available elastic cluster if the other one is down?
It's an all or nothing thing.
Got it - thank you.
I would like to reopen this question - with 5 x ES, did this change? All or none is not practical when feeding same data to prod and non-prod (for testing/QA for example) since the availability is different.
If not, could that be done at filebeat level?
Thanks
You can have multiple output configs.
You can then use IF statements to decided what gets to the output target.
Mine looks like this:
output {
if [pipeline] =~ /(?i)(####|####)/ {
# elasticsearch {
# hosts => ["http://x.x.x.x:9200","http://x.x.x.x:9200","http://x.x.x.x:9200","http://x.x.x.x:9200"]
# index => "logstash-%{+YYYY.MM.dd}"
# }
}
}
I have another one, with the same setup, just different values in the IF statement.
Thank you, I am assuming that within one 'hosts' line all the listed target hosts are all-or-none? Those 4 you listed in this IF ... Then using multiple IF blocks one could more flexibly control different target groups, that are not necessary equally available ...
Thank you
If you define multiple targets within a single output, the data shipped off is round robin load balanced. In my case, that config will send log A to the first IP, log B, to the second IP, log C to the third IP, and log D to the forth IP. Then log E will go back to the first IP.
If you want the same data, in two places, you have to define two separate outputs.
Thank you Jason!
Not a problem.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.