From 53322bbec8f699a2557f2bbffdc45a0096f8ddae Mon Sep 17 00:00:00 2001
From: cadoming <carlos.dominguez@wazuh.com>
Date: Tue, 20 Nov 2018 10:49:37 +0000
Subject: [PATCH 1/2] Multiple IPs option

---
 playbooks/wazuh-logstash.yml                                 | 4 ++--
 roles/elastic-stack/ansible-logstash/defaults/main.yml       | 5 ++++-
 .../ansible-logstash/templates/01-wazuh.conf.j2              | 2 +-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/playbooks/wazuh-logstash.yml b/playbooks/wazuh-logstash.yml
index 93aa256c4..90a96158e 100644
--- a/playbooks/wazuh-logstash.yml
+++ b/playbooks/wazuh-logstash.yml
@@ -1,3 +1,3 @@
-- hosts: <your logstash host>
+- hosts: logstash
   roles:
-    - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, elasticsearch_network_host: 'localhost' }
+    - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, elasticsearch_network_host: ["localhost"] }
diff --git a/roles/elastic-stack/ansible-logstash/defaults/main.yml b/roles/elastic-stack/ansible-logstash/defaults/main.yml
index 3d8842576..3c6d25b69 100644
--- a/roles/elastic-stack/ansible-logstash/defaults/main.yml
+++ b/roles/elastic-stack/ansible-logstash/defaults/main.yml
@@ -2,7 +2,10 @@
 logstash_create_config: true
 logstash_input_beats: false
 
-elasticsearch_network_host: "127.0.0.1"
+#You can introduce Multiples IPs
+# elasticseacrh_network_host: ["Localhost1", "Localhost2", "Localhost3", ...]
+elasticsearch_network_host: ["Localhost"]
+
 elasticsearch_http_port: "9200"
 elasticsearch_shards: 5
 elasticsearch_replicas: 1
diff --git a/roles/elastic-stack/ansible-logstash/templates/01-wazuh.conf.j2 b/roles/elastic-stack/ansible-logstash/templates/01-wazuh.conf.j2
index e0a6f2c7c..6ef868e1b 100644
--- a/roles/elastic-stack/ansible-logstash/templates/01-wazuh.conf.j2
+++ b/roles/elastic-stack/ansible-logstash/templates/01-wazuh.conf.j2
@@ -66,7 +66,7 @@ filter {
 output {
     #stdout { codec => rubydebug }
     elasticsearch {
-        hosts => ["{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}"]
+        hosts => {{ elasticsearch_network_host | to_json}}
         index => "wazuh-alerts-3.x-%{+YYYY.MM.dd}"
         document_type => "wazuh"
     }

From 505c960029c38cc49465f73bb9f13a5dfc064a44 Mon Sep 17 00:00:00 2001
From: cadoming <carlos.dominguez@wazuh.com>
Date: Tue, 20 Nov 2018 10:52:44 +0000
Subject: [PATCH 2/2] fix

---
 playbooks/wazuh-logstash.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/wazuh-logstash.yml b/playbooks/wazuh-logstash.yml
index 90a96158e..5c13bd88c 100644
--- a/playbooks/wazuh-logstash.yml
+++ b/playbooks/wazuh-logstash.yml
@@ -1,3 +1,3 @@
-- hosts: logstash
+- hosts: <your logstash host>
   roles:
     - { role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-logstash, elasticsearch_network_host: ["localhost"] }