我设置了一个graylog堆栈(graylog / ES / Mongo)一切顺利(差不多),昨天我尝试使用以下命令获取一些信息:
curl 'http://127.0.0.1:9200/_nodes/process?pretty'
{
"cluster_name" : "log_server_graylog",
"nodes" : {
"Znz_72SZSyikw6DEC4Wgzg" : {
"name" : "graylog-27274b66-3bbd-4975-99ee-1ee3d692c522",
"transport_address" : "127.0.0.1:9350",
"host" : "127.0.0.1",
"ip" : "127.0.0.1",
"version" : "2.4.4",
"build" : "fcbb46d",
"attributes" : {
"client" : "true",
"data" : "false",
"master" : "false"
},
"process" : {
"refresh_interval_in_millis" : 1000,
"id" : 788,
"mlockall" : false
}
},
"XO77zz8MRu-OOSymZbefLw" : {
"name" : "test",
"transport_address" : "127.0.0.1:9300",
"host" : "127.0.0.1",
"ip" : "127.0.0.1",
"version" : "2.4.4",
"build" : "fcbb46d",
"http_address" : "127.0.0.1:9200",
"process" : {
"refresh_interval_in_millis" : 1000,
"id" : 946,
"mlockall" : false
}
}
}
}
我确实看起来(至少对我来说有两个节点正在运行,ES IRC上有人告诉我可能有一个运行的客户端运行(显示为第二个节点)......
我真的不明白为什么这个传输客户端来自哪里,来自IRC的人告诉我它曾经是一个常见的设置(使用传输客户端)但是现在不鼓励这样做,我怎么能将配置转换为遵循ES最佳实践? (我在文档上找不到)
仅供参考,我的配置文件:
cat /etc/elasticsearch/elasticsearch.yml cluster.name:log_server_graylog
node.name: test
path.data: /tt/elasticsearch/data
path.logs: /tt/elasticsearch/log
network.host: 127.0.0.1
action.destructive_requires_name: true
# Folowing are useless as we are defining swappiness to 1, this shloud prevent ES memeory space from being sawpped, unless emergency
#bootstrap.mlockall: true
#bootstrap.memory_lock: true
由于
答案 0 :(得分:0)
我使用graylog IRC找到了答案,第二个客户端是由Graylog服务器创建的graylog客户端:)
所以一切正常并且符合预期。