Hello all,
I have a good question, since im not sure to understand everything about "tribe node" Kafka and other thing like that... I assume its a good place to ask !
Lets say, I have two different site limited bandwidth BUT need to be able to "gather" logs from devices in two different site BUTTTTTT it needs to be in the same indices ( for now , lets call it Fortigate-YYYY.MM.DD )
( actualy doing it for one location and it work "great" using ng-syslog and logstash file input output to ES single node cluster, no replicas)
The actual puzzle :
Many different device are linked to one Fortianalyzer for the moment, wich stock logs --- Location A
More devices connected to another fortianalyzer device in another location --- Location B
both need to be indexed in the same "index-*" so I can view visualisation of all the device no matter what site they are located in. That, using the less ressources possible. ( in term of hardware and bandwitdth )
FailOver is not something vital, High Availability neighter, we only really need to be able to "gather" all the data and be able to search in it . fastest as possible
Think you could lend me a hand in a "setup" diagram or something ? I have read many thing.. but not sure where to stop.
Thank you !