I recently set up a graylog and elasticsearch cluster in my main data center and that is working great. no issues there. I’m trying to extend that cluster by adding a couple more graylog nodes in another datacenter as well as a couple more elasticsearch nodes. I’ve configured the two nodes in this remote datacenter to only use the two local elasticsearch nodes in /etc/graylog/server/server.conf and have made those two elasticsearch nodes a cluster. what’s happening now is that, from my main DC, I cannot see the logs coming into those two graylog nodes nor can I see any logs of any kind coming into the remote graylog servers into the search screen (only errors about not finding any of the indices that I have configured in my main DC (this is expected, I guess). I don’t care so much about being able to search for logs directly from the remote graylog servers but I would like to see them from the main DC. Is this scenario possible? I basically just want to view everything from a single pane of glass but I don’t want the data to replicate between sites. I want the remote indices to stay on those two remote elasticsearch nodes but still searchable from the main graylog boxes I have in my main DC.
please see this feature request at github:
tl;dr: Your wish is currently not possible but might be at some point in the future.
Thanks, Jan. I guess for now I’ll access them separately until there’s support for this.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.