We've deployed a one node cluster. We'll use logstash only to capture syslog events from 100 devices and windows events from 150 computers aprox.
I think 1 shard is enough....not ?? how could i change it ?? My default installation has 5 shards
Is this good ???
PUT _template/logstash
{
"index_patterns": [
"logstash-*"],
"settings": { "number_of_shards": 1}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.