My setup:
Logstash Node parsing NXLog eventlogs from windows servers and sending them
to a 3 node ES Cluster.
Here's my logstash conf file:
input {
tcp {
type => "eventlog"
host => "logstash01"
port => 3515
codec => 'json'
}
}
output {
elasticsearch
{
index => "logstash-events-np-%{+YYYY-MM-dd}"
}
}
Here is the elasticsearch.yml file on my logstash server:
cluster.name: ELCluster
node.name: logstash01
discovery.zen.ping.unicasthosts: ["elsearch01", "elsearch02"] (master nodes)
So when I look at HEAD, I can see that the logstash node has joined the
cluster successfully, but my index is not being built. In the logstash
log, I see the following:
log4j, [2014-11-14T13:22:49.842] WARN: org.elasticsearch.discovery:
[logstash-logstash01-29863-2036] waited for 30s and no initial state was
set by the discovery
Not sure why it's not building my index as I know there is data coming in
from about 50 servers or so. I'm a little lost at this point as I was able
to get this far and don't know if I am missing a setting somewhere. All
servers are on the same network segment and there are no firewalls on the
servers or between the servers. I was able to build basic indexes without
an issue from the ES cluster using the basic commands so I know it has the
ability to create an index.
Originally, the current logstash server and elasticsearch server were our
PoC servers and were successful and now we wanted to build a cluster for ES
since it was going to be handling a large amount of data.
Thanks in advance.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/8166101a-4052-4ef0-be30-672aaefaa85d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
