I am planning to test out SIEM app in production and I have around 70-80 servers [60 of are those Windows/rest are all Linux/Unix] then have PAN Firewall, 4-5 Cisco routers.
So around 90 off devices that needs to be monitored. the log retention period will be around 6 months.
Can someone please give me insight about elastic search host sizing parameters like
- How many hosts I must adapt? Like one for Elastic search, other for logstash etc.
- If I must adopt elasticsearch cluster for data resiliency
- What should be the ideal memory/cpu/cores each node must have?
- Any other advice?