Good Morning
We have the following concern, we currently have several UFs sending information to the indexers, but we see that some servers have outdated information in the outputs.conf
for example
The current configuration of our cluster is 6 indexer
[tcpout]
disabled = false
defaultGroup = indexCluster
[tcpout: indexCluster]
useACK = true
server = x.x.x.1: 9999, x.x.x.2: 9999, x.x.x.3: 9999, x.x.x.4: 9999, x.x.x.5: 9999, x.x.x.6: 9999
And certain servers have only some
[tcpout]
disabled = false
defaultGroup = indexCluster
[tcpout: indexCluster]
useACK = true
server = x.x.x.1: 9999, x.x.x.2: 9999, x.x.x.3: 9999, x.x.x.4: 9999
1- Is there any problem if all the machines are not defined in the outpus.conf?
2- We see an overload in some indexer, will it be because all the indexers in our UFs are not defined?
3- When the UF sends information to the cluster it will be sent by the first ip that establishes communication or the cluster assigns which machine will take this task?
4- What happens when the cluster has a lot of load in an indexer, for example indexer 1 (xxx1: 9999) does the cluster perform a balancing and designates another indexer for this task? But if my only forwarder has only that IP pointing, how will i know that the idx2, or idx3 are without less loads, if i do not have these ip defined (xxx2: 9999, xxx3: 9999) in the outputs.conf?
Any information is appreciated
regards
↧