There was a similar post here not to long ago.
By default Graylog puts down four shards per index which gives it immediate compatibility with a clustered environment. If you aren’t’ clustered, you don’t need 4… The info in the post will help more, ask away if you need more clarification! 