Does not look like I’m getting data into es. How could I tell does data=false mean it’s not storring ? tail -f /var/log/elasticsearch/syslog-ng.log while restarting syslog-ng. [2016-04-13 12:21:26,762][INFO ][cluster.service ] [NODE-1] removed {{NODE-1}{K0_nu3-4TKKjPQfoMUlOhw}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-node_left({NODE-1}{K0_nu3-4TKKjPQfoMUlOhw}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}) [2016-04-13 12:21:34,440][INFO ][cluster.service ] [NODE-1] added {{NODE-1}{mXgtXGW3Raai_L7GEdxLVQ}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-join(join from node[{NODE-1}{mXgtXGW3Raai_L7GEdxLVQ}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}])
On Apr 13, 2016, at 11:38 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
On Wed, Apr 13, 2016 at 11:32:47AM -0400, Scot Needy wrote:
NOTE: I do not believe some options like server,port,.. are needed in node mode.
correct: in node mode, almost everything is in the yaml
What is the relationship to the ES service and syslog-ng in node mode?
No direct relation in any mode: the ES data node runs in a different JVM on same or other node.
It looks like in node mode the es2 module write directly to the shard ?
Yes, syslog-ng runs an ES instance itself that joins the cluster of the other ES instance(s). It writes documents directly to the correct nodes.