Hello EveryOne,
I have to build an ELK architecture to process gigas of logs per day in real time.
For this I have at my disposal 2 servers on a geographic site and 2 other in an other geographic site.
For now I have chosen the following architecture :
First site :
VM1 : Master Node 1 / None Data + Logstash primary
VM2 : Master Node 2 / Data + Kibana
Second site :
VM3 : Logstash secondary (if the primary breaks down)
VM4 : Master Node 3 / Data + Kibana
I would need your advice if it is a good architecture or not ! Thank you very much !