Re: Question about Logstash Joining ES Cluster and Index

[@SQLBigG]

Brian,

I've tried using the http protocol and it did not work.  The Cluster sees 
the logstash node, but it's not creating the index still.

Thanks,
Gerald

On Friday, November 14, 2014 4:26:22 PM UTC-5, @SQLBigG wrote:
>
> My setup:
>
> Logstash Node parsing NXLog eventlogs from windows servers and sending 
> them to a 3 node ES Cluster.
>
> Here's my logstash conf file:
>
> input {
>     tcp {
>         type   => "eventlog"
>         host   => "logstash01"
>         port   => 3515
>         codec => 'json'
>     }
> }
>
> output {
>       elasticsearch
>         {
>         index => "logstash-events-np-%{+YYYY-MM-dd}"
>         }
> }
>
>
> Here is the elasticsearch.yml file on my logstash server:
>
> cluster.name: ELCluster
> node.name: logstash01
> discovery.zen.ping.unicasthosts: ["elsearch01", "elsearch02"] (master 
> nodes)
>
> So when I look at HEAD, I can see that the logstash node has joined the 
> cluster successfully, but my index is not being built.  In the logstash 
> log, I see the following:
>
> log4j, [2014-11-14T13:22:49.842]  WARN: org.elasticsearch.discovery: 
> [logstash-logstash01-29863-2036] waited for 30s and no initial state was 
> set by the discovery
>
> Not sure why it's not building my index as I know there is data coming in 
> from about 50 servers or so.  I'm a little lost at this point as I was able 
> to get this far and don't know if I am missing a setting somewhere.  All 
> servers are on the same network segment and there are no firewalls on the 
> servers or between the servers.  I was able to build basic indexes without 
> an issue from the ES cluster using the basic commands so I know it has the 
> ability to create an index.
>
> Originally, the current logstash server and elasticsearch server were our 
> PoC servers and were successful and now we wanted to build a cluster for ES 
> since it was going to be handling a large amount of data.
>
> Thanks in advance.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/1d852a5d-8621-4b76-b127-c7a886c00561%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.