I am on a very initial setup and I want to know if I can use ES offered by AWS as a service to the Graylog2?
I am quite sure this cannot be accomplished since AWS doesn't offer anything to configure.
Asked
Active
Viewed 1,064 times
1
-
What is ES? You can run anything you like an Amazon in an EC2 virtual machine, or you can use Cloudwatch logs which has accepts logs and can alert on them as required. AWS is INCREDIBLY flexible and configurable, "AWS doesn't offer anything to configure" is demonstrably and wildly incorrect. – Tim Nov 18 '16 at 22:46
-
ES: https://aws.amazon.com/elasticsearch-service/ – Jason Martin Nov 18 '16 at 23:03
1 Answers
2
Not having anything to configure would be a feature of cloud service...
You can try yourself by spinning instances of an ES domain and the official Graylog AMI, which is what I did.
The primary obstacle at the moment seems to be that AmazonES does not offer the TCP transport, and instead has only REST. It is not going to work without radical changes in Graylog's ES client.
A couple things you would need to line up between the two for this to theoretically work:
- Access policy of ES to allow the IPs of the Graylog cluster. Oh, and there's no VPC.
- elasticsearch_cluster_name in graylog.conf. This will have your ES domain name and an ID.
Elasticsearch itself has an EC2 discovery plugin, but it is not anticipated to be integrated into Graylog in the near term. Further, I don't think the EC2 features that discovery uses are exposed for the ES service, making it doubly unsupported.
Seems like you need to run your own cluster. At least there's graylog-ctl on the cloud images.
John Mahowald
- 30,009
- 1
- 17
- 32
-
1This has changed as of Graylog v2.3 with support of the HTTP API explicitly including AWS. – John Mahowald Aug 24 '17 at 19:14