I have two standalone servers where I have installed graylog, elasticsearch and mongodb on each server and able to view the logs sent from application servers using filebeat. Now my question is can I configure active-active load balancing for those two servers and achieve high availability and fail over without configuring any cluster for graylog, elasticsearch and mongodb.
When you say standalone, you mean 2 fully separate graylog clusters? Unfortunately there isn’t any way to keep these clusters in sync with each. My recommendation is to have each log message sent to both clusters. You will still need to manually make sure everything is synced though, such as dashboards, alerts, settings, etc.
While you can’t exactly sync completely sepearate graylog clusters, you can sync both mongodb and opensearch using their native technologies:
mongodb: replica sets
opensearch: replica shards
That will allow those items to suffer failures. Graylog itself is not stateful and only needs to be able to receive and process log messages but it doesn’t matter which graylog node in a cluster does the processing. Similarly, any graylog front end will work the same for all graylog nodes in the cluster. The load balancer can sit in front of the graylog nodes to handle things like up/down check of sending log sources and using the web interface.
