Correct Stack setup, especially ES

Hi Guys,

currently we have an Elastic Stack with just one node. So Kibana, Logstash and Elasticsearch are running there. Now i want to add a further to disburden the ressources and want to have another Logstash and Elasticsearch instance at server 2.
I know more servers would be better but unfortunately it's not possible to add more "real" physical servers at the moment, just a virtual server would be possible (same subnet).

So what would be the "correct" setup? At the moment i think i can install Logstash and Elasticsearch at server 2. For Elasticsearch i will change the config so that server 1 and 2 will create a cluster through the internal network interface. Both with almost the same config (so they would run as master, data and ingest node).
The output section of Logstash config would be changed to serve the data to both Elasticsearch servers.
The output section of the Filebeat configs would be changed to serve the data to both Logstash servers.

Is that the correct way with my current devices or how i have to change the setup? Will Kibana still have access to all data from both servers?

I read many articles but it's not so obvious to me if i'm right with my assumption, so thank you for your help :slight_smile:

Andi

2 nodes is not ideal, you really want 3. But as you mention you have restrictions on that, so that's ok.

What you have suggested will work within the constraints you have :slight_smile:

Thank you :slight_smile: I'll do the setup later today.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.