Until now we had an elk stack consisting of 2 servers, 1 kibana/logstash and 1 with elastichsearch on it.
Since we expect our data to multiply, I would like to expand the single ES node to a cluster. So I got 5 extra vm's with enough resources, installed ES on it and am puzzling now what to do.
I can find a lot on moving to a new cluster, but actually this is a live system and I want the current node to stay the node which is contacted by logstash and kibana.
Please correct me if doing something stupid, but what I had in mind was this:
New servers become ES datanodes.
Current server becomes client/master node (I can combine these in 1 node, right?)
Now my question is how I can I make the current data available on the new servers and then have it function the way I want it? Or is it strongly advised to take another approach?