Elasticsearch Cluster

This section explains the installation and configuration of Elasticsearch (ES) on a Cluster (three nodes).

Notice

  • The number of ES nodes you use in a cluster should be odd. The minimum number of nodes you can use in a cluster is 3.

  • To avoid a split-brain, specify an appropriate value for the discovery.seed_hosts parameter. To determine it, follow the rule N/2+1, where N is the number of nodes in the cluster. In a three-node cluster, the parameter should be set to 2 (3/2+1=2 - rounded down to the nearest integer).

Install and configure the Elasticsearch cluster

On Linux

Perform the following steps on Linux:

  1. Download Elastic Search 8.6.2

  2. Unzip the file in a preferred location using the command tar -xvf elasticsearch-8.6.2-linux-x86_64.tar.gz on all cluster nodes.

  3. Go to {directory}/elasticsearch-8.6.2/bin folder.

  4. Run Elasticsearch with the ./elasticsearch command.

  5. When you run ES in a terminal for the first time you get a password on the terminal (As default elastic search will run as HTTPS). You must note down the password.

    3651633182.png

  6. Open the {directory}/elasticsearch-8.6.2/config/elasticsearch.yml file for each node for editing. Configure the node in the following way:

    To run ES on HTTP and to make ES a cluster, refer to the following sample elasticsearch.yml file:

Elasticsearch Node1

network.host: 0.0.0.0
cluster.name: logging-prod
node.name: node-1

xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
  enabled: false
xpack.security.transport.ssl:
  enabled: false
discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]
cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]
http. host: 192.168.11.57

Elasticsearch Node 2

network.host: 0.0.0.0
cluster.name: logging-prod
node.name: node-1
xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
  enabled: false
xpack.security.transport.ssl:
  enabled: false 
discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]
cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]

http. host: 192.168.11.227

Elasticsearch Node 3

network.host: 0.0.0.0
cluster.name: logging-prod
node.name: node-1
xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
  enabled: false
xpack.security.transport.ssl:
  enabled: false
discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]
cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]
http. host: 192.168.11.193

7. Start ES on all nodes.

8. Check the cluster health once all nodes have started. To check the cluster health, execute the following cURL command:

curl -XGET 'http://localhost:9200/_cluster/health'

9. Install the Zephyr Enterprise application with ES host URL as:

http://192.168.0.1:9200,http://192.168.0.2:9200,http://192.168.0.3:9200

On Windows

Perform the following steps on Windows:

  1. Download Elasticsearch 8.6.2

  2. Unzip the file in the preferred location.

  3. Open the command prompt as an administrator and go to {directory}\elasticsearch-8.6.2\bin path.

  4. Run ES with the elasticsearch.bat command.

  5. Stop Elasticsearch.

  6. Open the {directory}\elasticsearch-8.6.2\config\elasticsearch.yml file for each node for editing. Configure the node in the following way:

    To run ES on HTTP and to make ES a cluster, refer to the following sample elasticsearch.yml file:

Elasticsearch Node1

network.host: 0.0.0.0
cluster.name: logging-prod
node.name: node-1

xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
  enabled: false
xpack.security.transport.ssl:
  enabled: false
discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]
cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]
http. host: 192.168.11.57

Elasticsearch Node 2

network.host: 0.0.0.0
cluster.name: logging-prod
node.name: node-1
xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
  enabled: false
xpack.security.transport.ssl:
  enabled: false 
discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]
cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]

http. host: 192.168.11.227

Elasticsearch Node 3

#ES Node 3:
network.host: 0.0.0.0
cluster.name: logging-prod
node.name: node-1
xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
  enabled: false
xpack.security.transport.ssl:
  enabled: false
discovery.seed_hosts: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]
cluster.initial_master_nodes: ["192.168.11.57", "192.168.11.227", "192.168.11.193"]
http. host: 192.168.11.193

7. Start ES on all nodes.

8. Check the cluster health once all nodes have started. To check the cluster health, execute the following cURL command:

curl -XGET 'http://localhost:9200/_cluster/health'

9. Install the Zephyr Enterprise application with ES host URL as:

http://192.168.0.1:9200,http://192.168.0.2:9200,http://192.168.0.3:9200

Enable TLS 1.2 and 1.3 versions for Elasticsearch

You need to add the following two lines to the elasticsearch.yml file:

xpack.security.http.ssl:
  supported_protocols: TLSv1.3, TLSv1.2
xpack.security.transport.ssl:
  supported_protocols: TLSv1.3, TLSv1.2

The following is the sample YML file:

Cluster.name: zephyr
node.name: node-1
http.port: 9200
network.host: 192.168.0.1
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
  Enabled: true
  keystore.path: certs/http.p12
  supported_protocols: TLSv1.3, TLSv1.2
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
  supported_protocols: TLSv1.3, TLSv1.2
http.host: 0.0.0.0
indices.query.bool.max_clause_count: 9024
action.auto_create_index: ".watches,.triggered_watches,.watcher-history-*,-zephyr*,+*"

Connect Zephyr to Elasticsearch

ES must be running before you install Zephyr Enterprise. You connect Zephyr to ES during the product installation. To do this, specify either the IP address of your ES server or its host name, depending on the settings you have selected in the elasticsearch.yml file.

Cluster installation

Specify the following IP addresses and port numbers when prompted to configure ES. Use commas to separate them:

http://192.168.0.1:9200,http://192.168.0.2:9200,http://192.168.0.3:9200

    In this section:
    © 2025
    Publication date: