Hi Experts,
Sorry if I am asking this question in wrong group. I have Archsight CEF data which I will be ingesting into ES using LS . To achieve HA I have total 8 machines 2-ES, 2-LS(these also have syslog-ng), 2-Kibana and 2-Nginx(for reverse proxy and load balance).
Now, In the above architecture I am not able to distribute traffic equally between two syslog-ng/LS machines in round-robin method from Nginx. So below is what I want to achieve
CEF DATA -> NGINX INSTANCE ----REDIRECT(load balance) ---> syslog-SERVER 1(LS1) AND syslog-SERVER 2 (LS2).
Can someone help me to achieve highly available ELK stack without duplicating data.I already checked https://www.elastic.co/guide/en/logstash/current/deploying-and-scaling.html but no luck yet .
Regards
Vikas