Hello all,
I am trying to find some specs stuff to improve a build on a Elastick SIEM full on prem (I know it's time for the cloud computing but I need to make this on premise ^^)
So I am trying to find some documentation about CPU requirement to find the best configuration to build a configuration to improve 5k EPS injest log
I have found somewere that one thread on moderne CPU can operate 1500 EPS. Can you confirme that?
If my Topic have already be answer on other topics, can you give me the link please?
When it comes to optimising for indexing speed Elasticsearch is often limited by the performance of the storage rather than CPU. You therefore need to look at the full hardware specification as well as the size and complexity of the data being ingested in order to make any kind of estimatation.
Thanks for your answer.
In fact I have understand that RAM and Storage are the most important way to focus.
And I find some informations that indicate I juste have to consider numbers of CPU thread available to make my choice.
I always highly recommend looking at our hardware specs for elastic cloud. These are best practice specs that we use across tens of thousands of clusters.
Even if you're not using Elastic Cloud, these are good profiles to start with And can provide guidance.
There's discussion in the documentation about what profiles are good for. What kind of workloads.
So I would read through it It might give you some ideas
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.