I state that I have no experience with elk but I should configure an elasticsearch cluster on REDHAT LINUX servers with 3 nodes (multi nodes) of which one node is the Master. Could someone tell me how to proceed, also what to change in the yml file. Thank you
I would like some of you to clearly write me a procedure to follow in order to configure.
Thanks to Elasticsearch v8 now Elasticsearch configures the nodes by itself. It's recommended to have at least 3 master nodes so If you have 3 nodes you can use ALL roles for all noes.
Here is a good article for resilience in small clusters.
You can follow the cluster installation article to build one.
A quote from my medium article.
1. Install elasticsearch on node-1
2. Update the elasticsearch.yml for node-1
3. Start elasticsearch node-1
4. Check the health of nodes
5. Install elasticsearch on node-2
6. Run the "elasticsearch-reconfigure-node --enrollment-token <token-here>" command on node-2 with the token from node-1
7. Update the elasticsearch.yml for node-2
8. Start elasticsearch node-2
9. check the node count GET _cat/nodes
10. Install kibana on the same or on a different node
11. create an enrollment token for kibana elasticsearch-create-enrollment-token -s kibana
12. Start the Kibana
An example elasticsearch.yml .
cluster.name: elk-logs
path.data: /data/elasticsearch
path.logs: /data/log
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
discovery.seed_hosts: ["10.10.16.45:9300", "10.10.16.46:9300", "10.10.16.47:9300"]
http.host: 0.0.0.0
transport.host: 0.0.0.0
