Re: Question about Logstash Joining ES Cluster and Index

2014-11-17 Thread @SQLBigG 
Brian,

I've tried using the http protocol and it did not work.  The Cluster sees 
the logstash node, but it's not creating the index still.

Thanks,
Gerald

On Friday, November 14, 2014 4:26:22 PM UTC-5, @SQLBigG wrote:
>
> My setup:
>
> Logstash Node parsing NXLog eventlogs from windows servers and sending 
> them to a 3 node ES Cluster.
>
> Here's my logstash conf file:
>
> input {
> tcp {
> type   => "eventlog"
> host   => "logstash01"
> port   => 3515
> codec => 'json'
> }
> }
>
> output {
>   elasticsearch
> {
> index => "logstash-events-np-%{+-MM-dd}"
> }
> }
>
>
> Here is the elasticsearch.yml file on my logstash server:
>
> cluster.name: ELCluster
> node.name: logstash01
> discovery.zen.ping.unicasthosts: ["elsearch01", "elsearch02"] (master 
> nodes)
>
> So when I look at HEAD, I can see that the logstash node has joined the 
> cluster successfully, but my index is not being built.  In the logstash 
> log, I see the following:
>
> log4j, [2014-11-14T13:22:49.842]  WARN: org.elasticsearch.discovery: 
> [logstash-logstash01-29863-2036] waited for 30s and no initial state was 
> set by the discovery
>
> Not sure why it's not building my index as I know there is data coming in 
> from about 50 servers or so.  I'm a little lost at this point as I was able 
> to get this far and don't know if I am missing a setting somewhere.  All 
> servers are on the same network segment and there are no firewalls on the 
> servers or between the servers.  I was able to build basic indexes without 
> an issue from the ES cluster using the basic commands so I know it has the 
> ability to create an index.
>
> Originally, the current logstash server and elasticsearch server were our 
> PoC servers and were successful and now we wanted to build a cluster for ES 
> since it was going to be handling a large amount of data.
>
> Thanks in advance.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/1d852a5d-8621-4b76-b127-c7a886c00561%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Question about Logstash Joining ES Cluster and Index

2014-11-14 Thread @SQLBigG 
My setup:

Logstash Node parsing NXLog eventlogs from windows servers and sending them 
to a 3 node ES Cluster.

Here's my logstash conf file:

input {
tcp {
type   => "eventlog"
host   => "logstash01"
port   => 3515
codec => 'json'
}
}

output {
  elasticsearch
{
index => "logstash-events-np-%{+-MM-dd}"
}
}


Here is the elasticsearch.yml file on my logstash server:

cluster.name: ELCluster
node.name: logstash01
discovery.zen.ping.unicasthosts: ["elsearch01", "elsearch02"] (master nodes)

So when I look at HEAD, I can see that the logstash node has joined the 
cluster successfully, but my index is not being built.  In the logstash 
log, I see the following:

log4j, [2014-11-14T13:22:49.842]  WARN: org.elasticsearch.discovery: 
[logstash-logstash01-29863-2036] waited for 30s and no initial state was 
set by the discovery

Not sure why it's not building my index as I know there is data coming in 
from about 50 servers or so.  I'm a little lost at this point as I was able 
to get this far and don't know if I am missing a setting somewhere.  All 
servers are on the same network segment and there are no firewalls on the 
servers or between the servers.  I was able to build basic indexes without 
an issue from the ES cluster using the basic commands so I know it has the 
ability to create an index.

Originally, the current logstash server and elasticsearch server were our 
PoC servers and were successful and now we wanted to build a cluster for ES 
since it was going to be handling a large amount of data.

Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/8166101a-4052-4ef0-be30-672aaefaa85d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.