Is it best practice to put Elasticsearch behind a LB in graylog.conf?

merceskoba · April 25, 2022, 5:49am

Currently, i use Graylog in Production stage with ~2TB in a day. In my configuration server.conf, i put settings like this elasticsearch_hosts = http://10.199.255.25:9200

10.199.255.25 is a TCP LoadBalancer. And then behind that LB, there are 7 Elasticsearch servers.

Is it best practice to put all of my Elasticsearch servers behind LB in the graylog.conf ? or should i put the config like this
elasticsearch_hosts = http://10.8.1.1:9200,http://10.8.1.2:9200,http://10.8.1.3:9200,....http://10.8.1.7:9200 ?

I am affraid config elasticsearch_max_total_connections_per_route, or elasticsearch_socket_timeout, etc will not be useful because the elasticsearch to be hit as LB not real Elasticsearch.

I use Graylog v3.2.4, Elasticsearch v6.8.
Thank you for your time and help

patrickmann · April 25, 2022, 9:56am

Elasticsearch performs its own load-balancing. Generally you would want to use these native capabilities instead of adding a separate LB.
So to answer your question: list all the individual nodes in the elasticsearch_hosts setting.

system · May 9, 2022, 9:57am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Question regarding Graylog with Coordinator Nodes Graylog Central (peer support)	2	577	November 6, 2018
Question regarding Elasticsearch hosts in config Graylog Central (peer support)	3	370	November 20, 2018
Graylog Cluster Architecture Graylog Central (peer support)	1	506	July 23, 2018
Elasticsearch_hosts recommended setting Graylog Central (peer support)	2	689	March 14, 2018
Cluster, placement of Elasticsearch instances Graylog Central (peer support)	3	484	August 26, 2021

Is it best practice to put Elasticsearch behind a LB in graylog.conf?

Related Topics