Requirements production cluster

diegz · May 31, 2022, 11:11am

Hello everyone,

I would like to implement the elk stack for log management for a SIEM.
In a production context I would like to create a cluster of 3 elastic nodes.
What are your advices and best practices?
2 x node.roles: [ master, voting_only, ... ]
1 x node.roles: [ master, voting_only, data ... ]

How many nodes for logstash?
And for kibana?

And what are the hardware recommendations for each node in a virtualized environment?
Number of cores? RAM? How many disks? What size?

Thank you very much in advance for your advice

RabBit_BR · May 31, 2022, 1:09pm

Hi!!
Maybe this discussion can help you.

diegz · June 1, 2022, 7:18am

Hi,

Thank you @RabBit_BR.

Someone who has worked on a virtualized architecture with a cluster of 3 elastic nodes, 2 logstash and 1 kibana can share his hardware configuration.
CPU ? RAM ? number of disks and their sizes ?

I know that the infrastructure can be evolving but I would like to have an idea.

Best regards,

Topic		Replies	Views
New installation questions Logstash	2	422	June 16, 2017
Hardware configuration - tips Elasticsearch	10	1423	July 5, 2017
Deployment Question Elasticsearch	4	391	June 20, 2019
Deploy Cluster ES with multiple node? Elasticsearch	10	3495	July 5, 2017
Installation questions Elasticsearch	5	677	May 22, 2017

Requirements production cluster

Related topics