Hi Experts,
We are considering onboarding ELK on production with multi node architecture.
3 ES data nodes, 3 ES master nodes, 2 Logstash, 2 Kibana.
Main challenges:
If anybody has a reference architecture on AWS, can you share that?
FYI we’ve renamed ELK to the Elastic Stack, otherwise Beats feels left out 
I'd use snapshots to S3 instead of volume level ones, there is no way to quiesce Elasticsearch and it's unlikely to play nicely with your proposed model.
If you are running in a region with multiple zones, put nodes in each and then make them aware, eg https://www.elastic.co/guide/en/elasticsearch/reference/5.6/allocation-awareness.html
Thanks Mark, we will be using EBS attached to the AWS EC2 as the primary storage for the instances, and S3 will be used for backup storage for snapshots.
High availability is needed for two main reasons:
Obviously in one region the instances and EBS volumes will be in different availability zones.
All being said, do you have any reference architecture that we can use as far as AWS is considered?
Make sure to turn of ARP caching on nodes in AWS. That thing bit in my proverbial behind.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.