Hi everyone, i am new in ELK Stack, i am interested to use ELK in production environment with purpose centralize logs all my application
I need to your help to configure production server for below requirement.
all my application log file size per day about 3G
We need to keep 30 days data
Is the purpose of centralizing logs necessary to have multiple nodes?
Maybe I think installing all ELK using Docker in the same server, is this ok?
if you run it for the first time, it will load a lot of previously existing logs so someone suggest what are the server configuration we need to use?
Your first self-administered stack should not be for production. You can make a "best guess" and build a stack as proof-of-concept, even ingest your production data, but be prepared to throw it all away if it doesn't work.
Docker or any virtualization hosting platform depends on the performance of the base hardware. For example, ELK clusters on physical hardware can use slower disks because they spread the I/O across multiple physical hosts. The same load on Docker might require much faster disk.
Docker may not provide any hardware resilience if it's all in the same host. Many want a "rack aware" ELK stack so you can lose some hardware and still have a stack. Your needs determine your resources.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.