We only have one server to host our new ELK stack. It's a pretty beefy server which will be used to query application logs from our in-house application using Filebeat on the clients. I have a test ELK stack running on a single VM and it works well but I need to know if there's any special considerations I need to make since it's on a single node for example number of shards, etc. Most of the documentation I've read is related to cluster configurations, not single node. I'm aware having a single node is not the most desirable way to store our data but we have a budget and all we get is one. The data is expendable as it's also stored on each server. We just want to consolidate it in one place for easier searching. I'd appreciate any links or insight on how to best configure the node.
Thank you