Some questions

  1. Is it a good idea to use Elasticsearch master nodes IPs(3 nodes) in the logstash or filebeat Or do we need to tell beat to use datanodes directly? Please note that master nodes has lots of resources but master nodes minimum resources. If we specify the master nodes in the filebeat, it will just act as coordinator between application servers and datanodes? Or does that impact the performance of master nodes? What is the best way of doing it?
  2. Is there any cluster IP sort of concept in ELK cluster where we can use "single" IP in the beats configurations. In some case with some applications like mule, we cant tell it to use multiple IPs, only single IP is allowed.
  3. Is there any way we can rollup( may be reduce time frame) the old time series data to save disk space.

Send data directly to the data nodes.

That will require you to put a load balancer in front of Elasticsearch.

Have you looked at the rollup API?

1 Like

@Christian_Dahlqvist thanks for your answers.

And finally is there any way we integrate AD with Kibana login with community version of Elasticsearch?

No, it is not possible. The basic free version of the Elastic License only have the native authentication, if you want to integrate with an Active Directory you need at least the gold license.

1 Like

@leandrojmp Thank you.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.