My company is planning a pilot project to test Elastic Security (including Elasticsearch, Kibana, Logstash, and Fleet). We are also looking into integrating it with various third-party services.
For this testing phase, we intend to deploy the entire stack on a single machine (All-in-One setup). Could you please provide recommendations regarding the system requirements? Specifically, I would appreciate guidance on:
CPU: Recommended number of cores (vCPU).
RAM: Minimum and recommended memory allocation for a stable environment.
Storage: Recommended disk space and type (SSD/NVMe).
Let’s say, for 10 log sources with different integrations, 20 vCPU, 32gb RAM, 750gb NVMe SSD is the recommended baseline. You can go bigger if you can/want. Me and my team did it with almost this same requirements, but with each machine of their own in the stack.
I would strongly recommend that you use SSD disks as both indexing and querying in Elasticsearch can be very I/O intensive, especially at higher data volumes. NVMe SSD is ideal but SAS SSDs might also work. If you are considering using HDD I would strongly recommend against that.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.