Hello,
I am using ES and Kib to monitor servers, we have roughly 150 servers that need to monitored for Windows Events. I am using winlogbeat and it originally worked whilst it was installed on 3 servers, but adding 10 more killed everything. Do I need to install ES on these servers too, to help with sharding?
On what servers, exactly?
What do you mean by this?
What does your cluster look like right now?