I am fairly new to ELK stack. I have three servers and they have same processor and disk size, they only differ in size of RAM
server 1: 16 GB RAM
server 2: 8 GB RAM
server 3: 8 GB RAM
I read about various nodes in an articles and decide following architecture based on very little information.
server 1: elasticsearch (as it is taking more memory), data node, eligible master node, logstash, ingest
server 2: data node, eligible master node, logstash, ingest
sever 3: dedicated master node, kibana
I want to configure Kibana, logstash, elasticsearch on these sever so that it will give a result of query in minimum time. What is the best trade off or architecture suitable for this kind of specification and does the mentioned design make sense.
I'd put elasticsearch alone to give it the maximum resources as possible.
Colocation of Kibana will only reduce the latency between elasticsearch and Kibana but I doubt that network is an issue those days or you have a very bad network you should fix
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
