I have most certainly done that. I have trawled those logs for the directive and I cannot find any.
I have run sudo graylog-ctl reconfigure-as-server to reconfigure my graylog to not run elasticsearch.
So I have been able to get it working by manually setting the graylog.conf file to point to my external elasticsearch.
What I’m after is if it’s possible somehow to set the elasticsearch_hosts so that graylog-ctl reconfigure does not overwrite it. Say by editing graylog-settings.json to include the elasticsearch_hosts property. All the docs say is set the elasticsearch_hosts property. They don’t tell you where to set it.
Then I poked around for a way to customise the elasticsearch_hosts property but concluded that it is not possible to customise it to what I need as I need the whole url customised.
Overriding the elasticsearch_hosts configuration setting is currently not possible when using the Graylog omnibus package (which is being used in the OVAs and AMIs).
This being said, the omnibus package (AMI, OVA) is supposed to be a turnkey solution and was not designed for maximum customization. I’d recommend starting with your own Graylog setup instead of using the pre-baked AMI if you want to use the AWS Elasticsearch Service.
Thanks @jochen I ended up doing what you suggested (logged a feature request). See post before yours.
If I was more skilled in ruby et all I’d probably do a pull request as well
One comment I do want to make about
This being said, the omnibus package (AMI, OVA) is supposed to be a turnkey solution and was not designed for maximum customization
The thing is it’s got a lot of customisation already. Like being able to turn off elasticsearch and customise the elasticsearch nodes etc such that I don’t think the addition of this extra piece of customisation would significantly affect it’s turnkey aspect.
Let me say that there is no way I would have got up running this quickly without this prebuilt AMI to start with.