In our network, there are local nodes that are not always connected to center node and we cannot change this condition.
Our requirements are as follows;
- In local nodes; local logs will be stored and can be searched
- In center node; all collected logs will be stored and can be searched
Our current logstash setup is as follows;
Logstash collects logs in local nodes and ships using redis also store in local elasticsearch instances. In center node input from redis is again stored central elasticsearch.
Since local nodes are not always connected; logs are not transmitted to center and logs are not available at center node.
So we need additional settings to transmit logs that are recorded while node is offline. Neither Logstash nor Elasticsearch documentation includes that kind of syncronisation. Do you have any advices?