Hi All
I am relativley new to Elastic and I am just looking for some advice please.
I have a 3 node cluster with each having
- 8 cpu
- 16GB RAM
- 10 300GB 15k spinning disks
I have a 6 daily indexes. All in the format of logstash.xxx.{date}.
My largest has between 120,000,000 - 150,000,000 documents and about 15GB data
Next one after this is about half that size.
The rest are only about 1-2,000,000 dcoument and 1-2GB in size.
I am currently just using defaults and I have not used any performance tuning.
I am finding that the system can be unstable at times and perfomance on the data coming from my two largest indexes can be quites slow (and has even caused it to crash when searching over a period of 5 days)
As an example, over the weekend I just got this error in filebeat and I have no idea why. I am the only person who manages this system and the configuration has not changed..
ERR Failed to publish events (host: 10.0.107.221:5044:10200), caused by: read tcp 10.0.107.221:47868->10.0.107.221:5044: i/o timeout
I see lots of ways to tune, so I am looking for a starting point..
Any thoughs on how to tune this would be very helpful
Thanks
John