Hello,
I am looking to add a second node to my single setup running Elasticsearch, Logstash and Kibana as log management solution. I currently have 2x hosts sending logs, and for performance, I wanted to add a second node as I plan on adding 9 more Windows servers to send logs. I have been reading up on some of the threads/documentation and from my understanding, it's a matter of installing just Elasticsearch on the second node, and then ensuring they have the same name.
One question I haven't been able to get an answer, however, is will the second node be utilized for storage as well? My current node has a 1TB disk and I expect that to fill quickly, but I am looking to not retain logs for long as it's a test environment. In the future, I would like to scale up to maybe 5 nodes with logs kept for 3 months and I was wondering if someone could explain if the storage is utilized with each node added.
- What happens with Logstash? Is it aware of the other nodes? Do I need to add Logstash nodes?
I have looked at the topics already posted and have not been able to find an answer. I have also read the documentation, but it's not really in lay mans terms and for a newcomer to Elastic scene, I've found it difficult to navigate and get answers.