Elasticsearch cluster design

peterch · July 31, 2018, 7:51am

Hi All,

I'm new on elk stack and planning the design of elasticsearch cluster which needs advice. I have around 9 to 10 million log every day. The log retention is 6 months, 1 year would be the best. I have following question of the cluster design

How much nodes should have? For now, i can have 2 to 3 tb to store log. I plan to have 2 to 3 nodes. 1 node is master and the others are data nodes. The availability of master node down is not my main concern, the cpu and memory usage is the main concern.
Do I need to decrease the amount of Shards and how much would be better in this situation?
If have more than 1 data node, Kibana should point to which data node.
Is it good to place kibana and elasticsearch master into the same node or separate is better.

Thanks

Best Regards,
Peter Chow

dadoonet · July 31, 2018, 9:13am

May I suggest you look at the following resources about sizing:

https://www.elastic.co/elasticon/conf/2016/sf/quantitative-cluster-sizing

system · August 28, 2018, 9:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Setting up Multi-node Architecture of ELK for log monitoring Elasticsearch	6	684	June 10, 2019
How should I configure ELK stack for saving logs everyday? Elasticsearch	2	372	August 21, 2018
Designing elasticsearch cluster for a SOC Elasticsearch	5	873	February 19, 2023
Configuration of ELK Stack Elasticsearch	3	345	July 11, 2019
Need advices for my cluster design Elasticsearch	4	1016	July 5, 2017

Elasticsearch cluster design

Related topics