Hello there I am making a HOT-WARM Elastic Search Design for a logging solution requirement. My total Storage calculations is: 180 TB for the below requirement 7200 EPS ingestion 350 Bytes / event (average Size) 1x Replica for HA 1x year retention I will be starting a cluster of 3 Warm-nodes (6…

[image] jorj: I will be starting a cluster of 3 Warm-nodes (60 TB Each) for that (including Replica Shards) As explained in this blog post , each shard comes with some amount of overhead in terms of heap usage. Since heap is finite, there is a limit to how much data a node can hold, and this d…

Hello Christian Thank you for your quick response, [image] Christian_Dahlqvist: As explained in this blog post , each shard comes with some amount of overhead in terms of heap usage. Since heap is finite, there is a limit to how much data a node can hold, and this depends on the type of data as…

Yes, There is always overhead that you need to consider, although this can vary depending on mappings, shard sizes etc. The only thing that removes this is if you close indices, but that also means that they are no longer searchable and Elasticsearch will also not make sure they are replicated in ca…

Hot-Warm Architecture - Storage Handling

Elastic Stack Elasticsearch

jorj (George) August 28, 2018, 10:35am 3

Hello Christian

Thank you for your quick response,

Regarding point 1, even if by doing a shrinking and 1 segment configuration (as per the Hot-Warm best practice), it will still be the same scenario?
Noting that the main requirement of this design is to be able to search old logs (and export the results) based on a Time-range and Source/Destination IP.

It's a CGNAT event log collection

Regards,
Jorj

Topic		Replies	Views
How much data for a warm node Elasticsearch	2	379	January 10, 2019
Is there Disk Limit on Warm/Hot Nodes Elasticsearch	6	5110	June 13, 2018
How hot node differ from warm node Elasticsearch	5	377	April 11, 2021
“Hot-Warm” Architecture in Elasticsearch best practice Elasticsearch	8	4792	July 24, 2019
Designing elasticsearch cluster for a SOC Elasticsearch	5	1384	February 19, 2023

Hot-Warm Architecture - Storage Handling

Related topics