If elasticsearch service is DOWN

Hi,

In a two node ELK cluster, lets say elasticsearch of NODE-01 is down. According to the /etc/logstash/conf.d/output-elasticsearch.conf , logstash always looking at
hosts => [“https://localhost:9200”]

Since the port 9200 is not available, following error will generate until the elasticsearch service is back.

error_message=>“Connection refused (Connection refused)”,

Is there a way to update the host url to next available ELK node? For example , NODE-02.
Is there a way to update it in command line using a shell script ? if possible , may i know what would be the command?

output {
elasticsearch {
hosts => [“https://localhost:9200”]
user => [“admin”]
password => [“admin”]
ssl => true
ssl_certificate_verification => false
ilm_enabled => false
manage_template => false
index => “%{[@metadata][beat]}-%{+YYYY.MM.dd}”
document_type => “%{[@metadata][type]}”
}
stdout { codec => rubydebug }
}

Thanks
Luke.

You can put multiple hosts in the output section:

hosts => [ “https://localhost:9200”, “https://node-02:9200” ]

2 Likes

Thank you so much. Yes, it works.

2 Likes