I'm new to the ELK stack. I will be logging Windows Events, Syslogs from firewalls, routers etc into my elasticsearch.
I am expecting daily data of around 2GB to be logged into my elasticsearch server. I will be creating indices on daily or weekly basis.
And my logs are going to be stored for atleast a year online and offline after that.
I have been looking around and also searched this forum, but I was not able to find a definitive guide that explained how to design the architecture - RAM, # of CPU cores, # of Elastcisearch nodes and shards / node.
The system will be mainly used for logging purposes only. So there won't be that many concurrent users.
Appreciate any pointers on best practices in setting up the Elasticsearch deployment.