Help with create true ES cluster

Hello!
I have the next equipment:

virtual machine 1:
12 CPU E5-2698 v4 @ 2.20GHz with 16Gb memory
This server contains:
logstash with -Xms256m -Xmx1g
elastic (node.master: true node.data: false node.ingest: true) with -Xms4g -Xmx4g
kibana

hardware machine 1:
24 CPU X5660 @ 2.80GHz with 96Gb memory and 18Tb filesystem
This server contains:
elastic (node.master: false node.data: true node.ingest: true) with -Xms30g -Xmx30g

hardware machine 2:
16 CPU E5620 @ 2.40GHz with 96Gb memory and 18Tb filesystem
This server contains:
elastic (node.master: false node.data: true node.ingest: true) with -Xms30g -Xmx30g

Elastic, logstash and kibana version 6.1.2 with x-pack (basic license)

My index rate 2000-3000 events per second with burst up to 15000-25000 events per second.

When I have burst , My master elastic is down with error "out of memory".

Than I added new elastic node:

virtual machine 2 :
4 CPU E5-2698 v4 @ 2.20GHz with 8Gb memory
This server contains:
elastic (node.master: false node.data: false node.ingest: true) with -Xms6g -Xmx6g

and change elastic on virtual machine 1 to elastic (node.master: true node.data: false node.ingest: true) with -Xms2g -Xmx2g

Is it right?
Who can give recommendations on how to use my servers more profitably?

You ideally want to have 3 master-eligible nodes in a cluster, so the cluster can continue operating even if 1 master nodes drops. I would therefore recommend the following:

• Make both data nodes master eligible and set minimum_master_nodes to 2.
• Make the smaller node a dedicated master node by setting node.ingest to false.
• Send all traffic directly to the two nodes holding data. Avoid sending any requests through the small dedicated master node.
• Keep the dedicated ingest node you just added if you feel you need it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.