Guidance on setting up elasticsearch to handle terrabytes of logs

deepak_deore · October 29, 2019, 3:40am

I need guidance on setting up an ES cluster which can consume ~1TB of logs per day and storing them for 30days.

Here is what I am thinking to do by procuring Basic license:

Elastisearch - 3 master nodes (x-pack and tls enabled) running on kubernetes (aws EKS), I have no idea about how much heap so will start with 10G heap and will increase gradually as needed. 1 replica of each index.
ES storage - gp2 EBS for starting, its max size is 16TB, I may need to increase the master nodes to accommodate more data if disks are getting full.
fluentd daemonset configured to send logs from k8 to ES (this is straight forward)
Kibana running on k8 with 2G heap to start with.

Can anyone guide me if I need to do the things differently here?

stephenb · October 29, 2019, 3:52am

Might be worth taking a look at this blog

Recently we have changed Warm ratio to 160:1

Also might take a look at this

Christian_Dahlqvist · October 29, 2019, 6:12am

I would also recommend you look at these webinars:

system · November 26, 2019, 6:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Best ES Configuration for my case Elasticsearch	2	406	September 23, 2019
Realistic Sizing for ElasticSearch Elasticsearch	2	358	March 13, 2020
Suggestion on Elasticsearch scaling and performance for log management Elasticsearch	9	705	October 15, 2019
Need Help with Hardware configuration for EK-Stack for 2.5 TB of data per day Elasticsearch	19	2250	January 23, 2018
Any guideline with Elasticsearch nodes and AWS instance types? Elasticsearch	7	14679	April 18, 2017