I'm relatively new to the ELK solution and would like to hear your suggestions on the following use-case.
Let's say I need to collect logs from multiples sites (around 20) each generating about 5GB of data daily and I want to set up 2 centralized logging locations where the logs from the sites will be forwarded to. So we have 10 x 5 GB per 1 central location.
Logs retention period: about 30 days.
Latency is not critical here.
What would be the optimal architecture for this case scenario?
Should I go for hot-warm or uniform cluster architecture?
Really appreciate your insights into it.