Hello there,
I'm new to the ELK stack. I will be logging Windows Events, Syslogs from firewalls, routers etc into my elasticsearch.
I am expecting daily data of around 2GB to be logged into my elasticsearch server. I will be creating indices on daily or weekly basis.
And my logs are going to be stored for atleast a year online and offline after that.
I have been looking around and also searched this forum, but I was not able to find a definitive guide that explained how to design the architecture - RAM, # of CPU cores, # of Elastcisearch nodes and shards / node.
The system will be mainly used for logging purposes only. So there won't be that many concurrent users.
Appreciate any pointers on best practices in setting up the Elasticsearch deployment.
Thanks,
Gopinath