Are there any rules of thumb for the machine size of an elasticsearch tribe node??
We are running two tribe nodes (for failover) unifying 8 clusters. Most of these clusters are extremely small with a total of < 50 gb data, but two of them have data stores of 500gb - 2tb (and getting bigger). Our use case is our devs using a kibana instance connected to the tribe node to search through logs, and create aggregates and visualizations. Additionally we are using elastalert to run about 15-20 alert queries against the tribe node every minute.
How should I approach determining how large those tribe nodes ought to be??
Would it be beneficial to have two sets of tribe nodes, one that manages all of the automatic elastalert queries, and a second set to connect kibana to and field all of out developers queries??
Thanks!