Graylog Server with 2 Elasticsearch nudes and indexing

I have implemented a Graylog server with single elasticsearch node. Now it has more than 100 indices. After one month later I want to add a another elasticsearch node to existing setup.

After I have change the relevant settings on Graylog and 2 elasticsearch nodes servers and restarted all services, Graylog create indexes from 0, not continue from previous setup last index.

Existing architecture:
one graylog server + one elasticsearch node -> has more than 100 indexes

New architecture
one graylog server + two elasticsearch nodes -> indexing start with index 0 (graylog_0) after configure relevant settings and restart the services

My Question -
How do I configure graylog + easticsearch to continue indexing from existing setup last index ?

@tharu85

how did you configured your two elasticsearch nodes and how did you configure graylog?

can you post a diff of the configuration settings you had changed?

After spending several hour to read lot of articles and documentations, I am able to fix the issue. Now 2 elasticsearch node are working together as cluster. I am able to do it without loosing the existing indexes. Still Graylog server initiating the shards.

@jan, Thanks for reply to follow up the query.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.