build highly available ELK stack – part23 min read
build highly available ELK stack
Hi Techrunnr Readers, this document deals with how to build highly available ELK stack. Here I will show you how to setup High availability for Logstash
Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously transforms it, and then sends it to your favorite “stash.” (Ours is Elasticsearch, naturally.)
Logstash 1: 192.168.10.2
Logstash 2: 192.168.10.3
HAproxy for Logstash: 192.168.10.4
1. Log in to each logstash server and download the logstash from the following link.
2. Extract downloaded file
3. Configure Logstash.conf
Create a configuration file like this, this may change as per your environment.
In hosts, I’m entering 192.168.10.8 which is my elasticsearch HA proxy server IP.
It means logs received by each logstash server will push to elasticsearch haproxy server after transformation.
Elasticseach Haproxy server will decide which elasticseach server should serve the request.
Now you can start Logstash in each server by executing the following command.
Here is the configuration for haproxy for logstash server.
Java application send the logs to Logstash HAproxy server, then Logstash HAproxy server decides which Logstash server should serve the request as per the HAproxy configuration whether its load balancing or failover.
That is, App will send logs to 192.168.10.4 on port TCP 3200
Now login to Logstash Haproxy server (192.168.10.4).
1. Install HAproxy
2. Remove the default haproxy configuration
3. Now Create the configuration file and add the following lines.
Here I have configured failover using Haproxy for both logstash server.
By Default logstash1 is the master if it fails haproxy server automatically route all the packets to logstash2.
Once logstash1 becomes available haproxy push all the logs to logstash1 since it the master server. Logstash2 is the backup server.
if you want load balancing between the server edit your configuration file like this.
You can balance both server with the following ways,
either round robin, or leastconn
Round-robin – sends the packet to each server one after another.
leastconn – sends the packet to the server which servers fewer requests.
Now you can start haproxy service by executing the following command.
Now your Logstash high availability is ready. You can test it by stopping any of the logstash servers and check another logstash server is serving the request by using any packet tracer tools such as tcpdump.
Check this article for Elasticseach HA-