Hello Graylog Community.
I’m planning a new Graylog architecture.
Our needs are to log on premises from the source and to be able to query them locally and on a central node.
A setup like that is needed because, in any moment, we have to be able to disconnect and isolate any node from one another, keeping the ability to access to the local client browser.
The local nodes should be 3, this an example:
What do you suggest?