Hi Alex,
I had a fluentd daemon set on my kubernetes cluster for collecting the logs, which buffers and pushes a max of 320MB chunk of data every 2s to ES cluster. I frequently get buffer overflow on fluentd end and it appears to be a bottleneck on the ES cluster side. So I believe that increasing the value from default 100MB makes sense. For this I suppose that I need to edit the elasticsearch.yml file of my nodes on ES cluster, but not sure if I need to do it to all my nodes(i.e master, data and client node) or only to the client node as they are the one who receives the request and then load balance.