Hi,
In a two node ELK cluster, lets say elasticsearch of NODE-01 is down. According to the /etc/logstash/conf.d/output-elasticsearch.conf , logstash always looking at
hosts => [“https://localhost:9200”]
Since the port 9200 is not available, following error will generate until the elasticsearch service is back.
error_message=>“Connection refused (Connection refused)”,
Is there a way to update the host url to next available ELK node? For example , NODE-02.
Is there a way to update it in command line using a shell script ? if possible , may i know what would be the command?
output {
elasticsearch {
hosts => [“https://localhost:9200”]
user => [“admin”]
password => [“admin”]
ssl => true
ssl_certificate_verification => false
ilm_enabled => false
manage_template => false
index => “%{[@metadata][beat]}-%{+YYYY.MM.dd}”
document_type => “%{[@metadata][type]}”
}
stdout { codec => rubydebug }
}
Thanks
Luke.