Which Elasticsearch Node Roles should be connected to Graylog?

Hi : ),

I am creating a new multi node installation which look as follows:

  • 3 Graylog Nodes
  • 3 Elasticsearch Master Nodes
  • 1 Elasticsearch Data Node (I am planning to add more data nodes in the future)

Could you tell me please which elasticsearch hosts I should include in the Graylog configuration file?
Shall I add only elasticsearch master nodes or I should add all nodes (master + data nodes)?

Thank you in advance.

  • OS Information: The Graylog/Elasticsearch nodes are running Ubuntu Server 22.04
  • Package Version:
    Graylog 4.3
    Elasticsearch 7.10.2

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Hi @mobk

welcome to the Community! :slight_smile:

I haven’t found any documentation about that while I was setting up our 3x nodes OpenSearch (OS) cluster. WIth that said, our Graylog cluster points to all OS members (master and data roles), and everything works fine.


Hello && Welocm @mobk

In the documentation here
Basically what I did with 6 node cluster 3 ES & 3 GL/Mongo.
This was configure on each graylog node.

elasticsearch_hosts =,,

Depending on how the cluster is set up you could use something like this


This was only done for ES master nodes since they ingest from Graylogs journal.

Probably a better way would be a load balancer, if you expanding larger then three nodes. It would make this task much easier down the road.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.