Hi, people.
My company and I wishes to use Elasticsearch for SIEM and possible XDR for our costumers -- we want to substitute Zabbix.
But We can´t go on with the project because of the numerous questions about the infraestructure -- planning to build it with a cloud provider like AWS (or a cheaper one for us Brazilians xD). Knowing that we are a MSP with a multitenent environment, can you guys help us to understand some things?
1- How many nodes should we have? -- thinking about high availability and fail proof. We do the "hot" "warm" with 3 nodes each instance?
2- How many hosts can each instance support? Do you have numbers like: a machine with 4vCPUs, 8Gib RAM can hold 100 hosts in an environment.
3- How about storage consumption? Can you give us an estimation of how many storage we need for an especific number of devices?
It would mean a lot to us if you shed us a light, or give us a case study maybe haha?
Thanks