I Installed the ELK stacks as usual:

sudo apt-get install openjdk-8-jdk
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-5.x.list
sudo apt-get update && sudo apt-get install elasticsearch

 

But then I had to add nodes. A lot of google gave a lot of more og less usefull hints, so here is what i did:

First, I changed the name of the cluster and node elkserver1 (the only node) in /etc/elasticseach/elasticseach.yml

And restarted elasticsearch, tailed log - everything was ok

vi /etc/elasticseach/elasticseach.yml
service eleaticsearch restart
tail -f /var/log/elasticsearch/mos-eisley.log

Notice the logfilename follows the clustername (smil)

 

Secondly, I changed the same on the next node (elkserver2) and added the IP on elkserver1 in the /etc/elasticseach/elasticseach.yml, changing:

discovery.zen.ping.unicast.hosts: ["host1","host1"]

to

discovery.zen.ping.unicast.hosts: ["77.243.52.135"]

Then started ES with:

service eleaticsearch restart
tail -f /var/log/elasticsearch/mos-eisley.log

But the node never connected to the cluster.

After a short part of troubleshooting, ES only listens pr. default on 127.0.0.0:9200, so in /etc/elasticseach/elasticseach.yml do change

#network.host: 127.0.0.1

to

network.host: 0.0.0.0

After successfull join, I changed:

discovery.zen.ping.unicast.hosts: ["77.243.52.135"]

to

discovery.zen.ping.unicast.hosts: ["77.243.52.135","77.243.52.155"]

on both nodes.

For the 3rd node (elkserver3), the trickt was the same, and in the end, the /etc/elasticseach/elasticseach.yml had:

discovery.zen.ping.unicast.hosts: ["77.243.52.135","77.243.52.155","77.243.52.153"]

On all servers, giving me:

root@elkserver1:/usr/share/elasticsearch/bin# curl -XGET http://localhost:9200/_cluster/health?pretty=true
{
  "cluster_name" : "mos-eisley",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 146,
  "active_shards" : 292,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}
root@elkserver1:/usr/share/elasticsearch/bin#

Meet me at