Even though there are amazing communities like this, it's still difficult to find good answers on some things. We have 1 x Kibana, 1 x LogStash, 3 x ES Cluster nodes. Is this a valid architecture; or do we have to have 1 Logstash for each cluster node? We want to minimize overall cost by having just a single Kibana node and, if practical, a single LogStash node - Most articles i see always reference a "One-for-one" between LS --> ES. And then, how to address the cluster - typically, you would think a single DNS name for a cluster (?) but, from most of what I've seen, this entails using load balancer/proxy or some prior-mentioned 'client front-end?' Thanks in advance!
This is valid. The number of Logstash nodes is not dependent on the number of Elasticsearch nodes. You can have just one, but may want to have 2 for high availability.
That is not a requirement. There may be more or less Logstash nodes compared to Elasticsearch nodes. It generally depend on the number of data types being ingested and the location of these.
You can have a load balancer in front of Elasticsearch, but that is optional. In may deployments all Elasticsearch nodes. are listed in the Logstash outputs and this allows it to connect to all nodes and spread the load.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.