Create an Elasticsearch Cluster element

The Elasticsearch Cluster element defines the settings for contacting the Elasticsearch cluster. You can create one Elasticsearch Cluster element.

Before you begin

  • You must already have an Elasticsearch cluster deployed and configured in your environment.
  • You must create a TLS Profile element if you want to use an imported certificate to secure the connection between the Log Server or Management Server and the Elasticsearch cluster.

Important: Forwarding log data to an Elasticsearch cluster is an advanced feature that requires knowledge of how to configure Elasticsearch. You must already have an Elasticsearch cluster deployed and configured in your environment.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. In the Management Client, select Configuration, then browse to Network Elements.
  2. Browse to Servers.
  3. Right-click Servers, then select New > Elasticsearch Cluster.
  4. Configure the settings, then click OK.

Elasticsearch Cluster Properties dialog box

Use this dialog box to configure an Elasticsearch Cluster element.

Option Definition
General tab
Name The name of the element.
Product
You can select from one of the following search engines:
  • Elasticsearch
  • OpenSearch
Note: The Elasticsearch search engine is selected as the default option if an Elasticsearch cluster is newly defined, or the user has upgraded to a newer SMC version. To continue using the OpenSearch search engine, the user must configure the Elastic Cluster Properties to change the search engine option from Elasticsearch to OpenSearch.
Addresses Enter the fully qualified domain name (FQDN) or IP addresses of the Elasticsearch cluster. Separate multiple IP addresses with commas.
Location

(Optional)

 Specifies the location to which the server belongs if there is a NAT device between the server and other SMC components.
Contact Addresses section

(All optional settings)

Default Used by default when a component that belongs to another Location connects to this server.
Exceptions Allows you to define exceptions to the default contact address. Opens the Exceptions dialog box.
Port

(Optional)

 The port number on which the Elasticsearch cluster communicates.

The default port is 9200.
Retention Period

(Optional)

Specifies the maximum length of time for which log data is kept on the Elasticsearch cluster. Log data older than the specified period is deleted from the Elasticsearch cluster.
Number of Shards

(Optional)

The number of shards for the Elasticsearch index in which logs and alerts are stored. When the value is Auto, the number of shards is synchronized with the number of data nodes in the cluster.

Changes are applied when future daily indexes are created.
Number of Replicas

(Optional)

The number of replicas for all indexes.

Changes are applied immediately.
Enable Cluster Sniffer

(Optional)

 When selected, the Elasticsearch cluster sniffer tracks changes in the cluster topology and adapts automatically.
Enable Indexing When selected, the log indexing process is started across all logs capable servers from storage to the Elasticsearch cluster.
Note:
You can also pause or resume the log indexing of a Elasticsearch cluster from the context menu without opening the Elasticsearch cluster properties dialog-box:
  • To pause the indexing, right-click the Elasticsearch cluster element and select the Pause indexing option.
  • To resume the indexing, right-click the Elasticsearch cluster element and select the Resume indexing option.
Category

(Optional)

 Includes the element in predefined categories. Click Select to select a category.
Comment

(Optional)

 A comment for your own reference.
Option Definition
Security tab
TLS Profile

(Optional)

 The TLS Profile element that defines the trusted certificate authorities.
Client Authentication Settings Defines how the connection between SMC servers and the Elasticsearch cluster is secured.
TLS Certificate

Specifies the TLS certificate that is used to secure the connection between the SMC Server and the Elasticsearch cluster.

  • Use Internal Certificate — Each SMC server uses its own internal certificate.
  • Use Imported Certificate — All SMC servers use the specified external certificate.
  • No Client Authentication — The connection is not authenticated.
Option Definition
NAT tab

(All optional settings)

Engine Shows the selected engine.
NAT Type Shows the NAT translation type: Static or Dynamic.
Private IP Address Shows the Private IP Address.
Public IP Address Shows the defined Public IP Address.
Port Filter Shows the selected Port Filters.
Comment An optional comment for your own reference.
Add NAT Definition Opens the NAT Definition Properties dialog box.
Edit NAT Definition Opens the NAT Definition Properties dialog box for the selected definition.
Remove NAT Definition Removes the selected NAT definition from the list.