Hello,
I have 3 servers. 1 for Graylog2, 1 for Elasticsearch, 1 for MongoDB.
And here’s the detailed specification :
Graylog2
- 4 cores; 8GB memory
Elasticsearch - 4 cores; 16GB memory
MongoDB - 1 core; 1GB memory
I believe that i need to setup Graylog2 and Elasticsearch config.
Graylog2 config (/etc/default/graylog-server)
GRAYLOG_SERVER_JAVA_OPTS=“-Xms5g -Xmx5g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThro
w”
(/etc/graylog/server/server.conf)
elasticsearch_shards = 5
elasticsearch_replicas = 1
Elasticsearch Config (/etc/elasticsearch/jvm.options)
-Xms8g
-Xmx8g
What do you think guys ?
Is that good config ? Because when i visit System > Input > Show received messages i need to wait for 20 seconds. Is it normal ?
I hope you can give me the best suggestions from your experiences 
Thanks all