I Installed the ELK stacks as usual, but then I had to add nodes. A lot of google gave a lot of more og less usefull hints, so here is what i did:

First, I changed the name of the cluster and node elkserver1 (the only node) in /etc/elasticseach/elasticseach.yml

And restarted elasticsearch, tailed log - everything was ok

vi /etc/elasticseach/elasticseach.yml
service eleaticsearch restart
tail -f /var/log/elasticsearch/mos-eisley.log

Notice the logfilename follows the clustername (smil)


Secondly, I changed the same on the next node (elkserver2) and added the IP on elkserver1 in the /etc/elasticseach/elasticseach.yml:

discovery.zen.ping.unicast.hosts: ["host1","host1"]


discovery.zen.ping.unicast.hosts: [""]

Then started ES with:

service eleaticsearch restart
tail -f /var/log/elasticsearch/mos-eisley.log

But the node never connected to the clusted.

After a short part of troubleshooting, ES only listens on, so in /etc/elasticseach/elasticseach.yml do change




After successfull join, I changes 

discovery.zen.ping.unicast.hosts: [""]


discovery.zen.ping.unicast.hosts: ["",""]

on both nodes.

For the 3rd node, the trickt was the same, and in the end, the /etc/elasticseach/elasticseach.yml had:

discovery.zen.ping.unicast.hosts: ["","",""]

On all servers, giving me:

root@elkserver1:/usr/share/elasticsearch/bin# curl -XGET http://localhost:9200/_cluster/health?pretty=true
  "cluster_name" : "mos-eisley",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 146,
  "active_shards" : 292,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0