Hi,
Thank you for your valuable suggestions on sizing. I have some queries on sizing still.
As I mentioned earlier we have 300 servers postfix mail logs data will be pushed to logstash and the current live data of 300 mail servers will be around 1500mb data daily.
We want the postfix-mail logs data of 30days in logstash to get view of data in Kibana where how elastic search node/server should be scalable. Now my question is in what server configuration I need to look for logstash and elastic search separately?
Please suggest and help me to build a server seperately.