Hello,
I have a cluster of Graylog 4.2 servers connected to a cluster of ES 7.10.
I just added a set of 3 masters-only nodes to the ES Cluster.
In the Graylog config files , i set only the 3 master-only node in “elasticsearch_hosts”.
I’m wondering if this config is right, because i see a lot of HTTP connections between Graylogs and the master-only nodes, but only a few between Graylogs and the ES data nodes.
And I see heavy traffic on the master-only nodes.
Hello && welcome
I’m not understanding the issue, if you can explain it in great detail.
What I see from your statement is you have 3 Elasticsearch nodes?
What kind of test did you execute to make sure the configuration is correct?
Do you only have one Graylog server with MongDb?
To help you further please take a look here. This will help us, help you since we can not see your environment. Or how its configured.
Thanks
Hello,
Let me be more clear.
I have a Graylog cluster of 4 nodes.
And an Elasticsearch cluster of 11 nodes, with 3 master-only nodes.:
In /etc/graylog/server/server.conf , there is the parameter “elasticsearch_hosts”.
https://docs.graylog.org/docs/elasticsearch
My question is , do i must set in "“elasticsearch_hosts” :
Config 1
Or
Config 2
Thanks
Hello,
That’s a big setup.
Taking in consideration that ES master node/s is responsible for lightweight cluster-wide actions such as creating or deleting an index, tracking which nodes are part of the cluster, and deciding which shards to allocate to which nodes. The ES Data nodes hold the shards that contain the documents you have indexed they also handle data related operations like CRUD, search, and aggregations. I would consider your picture “Config 2” . Perhaps someone less here has a better idea.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
