Does not look like I’m getting data into es. How could I tell does data=false mean it’s not storring  ? 


tail -f   /var/log/elasticsearch/syslog-ng.log while restarting syslog-ng. 

[2016-04-13 12:21:26,762][INFO ][cluster.service          ] [NODE-1] removed {{NODE-1}{K0_nu3-4TKKjPQfoMUlOhw}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-node_left({NODE-1}{K0_nu3-4TKKjPQfoMUlOhw}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false})
[2016-04-13 12:21:34,440][INFO ][cluster.service          ] [NODE-1] added {{NODE-1}{mXgtXGW3Raai_L7GEdxLVQ}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false},}, reason: zen-disco-join(join from node[{NODE-1}{mXgtXGW3Raai_L7GEdxLVQ}{127.0.0.1}{127.0.0.1:9301}{client=true, data=false}])




On Apr 13, 2016, at 11:38 AM, Fabien Wernli <wernli@in2p3.fr> wrote:

On Wed, Apr 13, 2016 at 11:32:47AM -0400, Scot Needy wrote:
NOTE: I do not believe some options like server,port,.. are needed in node mode.

correct: in node mode, almost everything is in the yaml

What is the relationship to the ES service and syslog-ng in node mode?

No direct relation in any mode: the ES data node runs in a different JVM on
same or other node.

It looks like in node mode the es2 module write directly to the shard ?

Yes, syslog-ng runs an ES instance itself that joins the cluster of the
other ES instance(s). It writes documents directly to the correct nodes.