Elk cluster plan with 7000EPS an 100/s search

Hi folks,

I am building an elk cluster to index and search lots of http access log,
about more than 7000Event per second and also there will be more than 100
cocurrent searchs.

I have 2 machines. One of them has 24 cpu cores, 64G memory and 2T sata
disk(no raid). The other one is much powerful, which has 24 core cpu, 384G
memory and 300G sas disk*8.

My plan is to build a 3-node elasticsearch, one running on small server, the
other two running on the big one. Can I route all index request to one node
while all search request to the other two nodes? Is this a good idea to do
like this? Any comments?

Thank you guys and happy holiday!

Alan

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/000801d019ac%2400659130%240130b390%24%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Just a note: if you have a machine where 24 cores must handle six times the
RAM than another machine, it is not more powerful, it is less powerful.

You should really use machines with exact same hardware specs for ease of
node deployment, data distribution, maintenance times, and scalability.

Jörg

On Wed, Dec 17, 2014 at 4:46 AM, Wang Yong cnwangyong@gmail.com wrote:

Hi folks,

I am building an elk cluster to index and search lots of http access log,
about more than 7000Event per second and also there will be more than 100
cocurrent searchs.

I have 2 machines. One of them has 24 cpu cores, 64G memory and 2T sata
disk(no raid). The other one is much powerful, which has 24 core cpu, 384G
memory and 300G sas disk*8.

My plan is to build a 3-node elasticsearch, one running on small server,
the other two running on the big one. Can I route all index request to one
node while all search request to the other two nodes? Is this a good idea
to do like this? Any comments?

Thank you guys and happy holiday!

Alan

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/000801d019ac%2400659130%240130b390%24%40gmail.com
https://groups.google.com/d/msgid/elasticsearch/000801d019ac%2400659130%240130b390%24%40gmail.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAKdsXoH6TtbnXWf-m0ihYP%2BAcNN%2BCfbV2g1O%2Ba2S07bR%2BNiUOQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.