I have an elastic 7.16 cluster that consist of 4 dedicated masterand 16 data nodes. I have logstash sending syslog data from various network systems, firewalls, etc and just noticed the logstash config on some devices did not list all 16 datanodes. Should I have all 16 data nodes configured on the logstash agents to send to or should I use a small subset of the nodes? All the data nodes are spec'd the same, we have some many to retain the amount of data. We send about 2.2 TB of events per day to the cluster.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.