I have a question about optimizing ELK architecture.
Currently I have set up a ELK stack with 2 logstash servers, with 4 elasticsearch servers (1 client node, 3 data nodes) behind a pair of haproxy nodes. And there is one Kibana server connecting the elasticsearch cluster.
But recently we have been working on wiser AWS cost, so my colleague mentioned the idea of having 3 nodes with ELK installed on every one of them, then putting them behind a load balancer. My concern is it would make it more difficult to troubleshoot potential application issues in E, L or K. Does elastic.co have a document/blog somewhere about architecture of an efficient (in both cost and performance) ELK stack?
Thanks in advance