Hi Tom, you need to configure the Elasticsearch cluster name, the network host, and a list of Elasticsearch nodes in your Graylog configuration, see http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#configuration .
Additionally, you need to configure (at least) the cluster name in the configuration files of your Elasticsearch nodes (usually in /etc/elasticsearch/elasticsearch.yml). The cluster name in the Graylog configuration and the configuration of your Elasticsearch nodes *must* be identical. Cheers, Jochen On Wednesday, 6 July 2016 23:39:57 UTC+2, [email protected] wrote: > > I have a 3 node Graylog cluster, two nodes have both the Graylog server > and elasticsearch installed, the other has only elasticsearch installed, > and I am having difficultly understanding where to place the elasticsearch > configuration information. Should it be placed in the server.conf file or > in the elasticsearch.yml? > > > > If the elasticsearch configuration should be placed in the server.conf > file what information needs to be placed in the elastcisearch.yml file? > > > > The only way that I can get Graylog to operate is to have the cluster > name, the node name, the network hostname and the zen discovery hosts in > both files, but I end up with 5 elasticsearch clusters instead of three. 2 > of the elasticsearch clusters are advertised by the server.conf file > configuration and three by the elastcisearch.yml configuration. In this > configuration Graylog show the elastcisearch cluster as being green, but > elastcisearch show it being yellow > > > > See below. > > curl 'server1:9200/_cat/nodes?v' > > host ip heap.percent > ram.percent load node.role master name > > > 10.85.7.187 10.85.7.187 62 76 0.75 c > - graylog-cc56d951(exposed by > server.conf) > > 10.42.2.31 10.42.2.31 3 98 0.04 > - - server3 (exposed by > elasticsearch.yml) > > 10.42.2.21 10.42.2.21 51 70 3.02 c > - graylog-efba9df3(exposed by > server.conf) > > 10.42.2.21 10.42.2.21 9 70 3.02 > d m server1 (exposed by > elasticsearch.yml) > > 10.85.7.187 10.85.7.187 11 76 0.75 d > * server2 (exposed by > elasticsearch.yml) > > > > Thank you, > > Tom > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/4529cdfb-5955-437f-825b-fd0bf87c5a1b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
