Hey
my environment betas -> logstash -> ES ( 1 node )
I am planning to use the filebeat module to do some parsing
betas -> ES( 1node )
I am handling about max 1.5 TB(MAX) of logs with 10 diff index created on a daily basis
with 32 gig ram and JVM has 16 gig.
Also running heavy query on daily basis
- Do i need a separate ingest node
- If so can I put separate Ingset node to get data from filebeat and send it to my main ES node where i do searching and storing (data node )
- I have read that ES ingest node cannot handle data as good as logstash ?
when there is a log bust can ES ingest node handle it same as logstash - IS this possible
Filebeat --> Ingest node -> main ES node
do i have join the two nodes into a cluster if so how do i handle split brain
or else use as a data path without adding into cluster is it a good practice ?