ELK cluster for logs aggregation from different sites

Dear Community,

I'm relatively new to the ELK solution and would like to hear your suggestions on the following use-case.
Let's say I need to collect logs from multiples sites (around 20) each generating about 5GB of data daily and I want to set up 2 centralized logging locations where the logs from the sites will be forwarded to. So we have 10 x 5 GB per 1 central location.

Logs retention period: about 30 days.
Latency is not critical here.

What would be the optimal architecture for this case scenario?
Should I go for hot-warm or uniform cluster architecture?

Really appreciate your insights into it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.