I'm unsure of whether you got a response on your cross-post, but please don't do that. I will answer briefly here.
For a production cluster, we recommend 3 dedicated master nodes. These can be VMs, but they should not be used as anything but master nodes (which means, do not send index or search requests to these boxes).
After that, I suggest 2 or 3 data nodes to start. You can just keep adding nodes as needed from there.
Best-case scenario you wouldn't have any other applications. Elasticsearch nodes only run Elasticsearch, Logstash nodes only run Logstash, Kibana nodes only run Kibana. Next best-case: only adding "metricbeat" running on these otherwise single-purpose machines to collect performance metrics.
For Elasticsearch, the data nodes and master nodes would have those configuration options different.
For Logstash, that depends on what you're trying to accomplish, but a single Logstash box can do a lot. Just spawn more Logstash processes to fill up the CPU.
For Kibana, a single machine is also probably sufficient, or even a VM.
I'm not sure what you mean by this. If you're referring to remote systems forwarding their logs to Logstash, which then parses them in preparation for ingestion by Elasticsearch, then I would suggest that box is the target.