I thought I’d share this since it was something I unfortunately, spent a good portion of my afternoon wrestling with. So you want to use an elasticsearch plugin within graylog2-server? I don’t care about your reasons, but this will help you do it. I’m going to go out on a limb and assume you’re wanting to use the kopf plugin to view cluster state, but this will work for any plugin.
1. Download the Plugins
This can be slightly tricky… I’ve found that the best option is to install ES 0.90.10 (or whatever version is compatible with your version of graylog2) and use it to install plugins. You’ll then move the one you want from /plugins to /plugins. But if you are familiar with the plugin structure that will be created, you can manually download and unzip the plugins to the graylog2 plugins directory you define.
So for example, I’d do the following for installing kopf (a site plugin) and cloud-aws (a java based plugin).
2. Specify an Elasticsearch Config File For Graylog2
This easy, just specify make sure that
elasticsearch_config_file = /etc/graylog2-elasticsearch.yml is set in your graylog2.conf. You can also just run this quick sed against the stock config file.
3. Specify a Plugin Dir
You’ll need to tell elasitcsearch where to actually look for the plugins, so add this to /etc/graylog2-elasticsearch.yml:
4. Put Any Plugin Specific Configuration in graylog2-elasticsearch.yml
This is pretty much plugin specific, but you’ll do this following the plugin’s installation instructions.
I’m currently using this method to make my graylog2-server instance autojoin a specific cluster based on security group and EC2 tag and it works pretty well so far.