Graylog and mongodb cluster issue

Hello,

I would like to put in place a cluster with 2 instances of Graylog. Ideally, one of them will receive logs from servers in the cloud and the other one on premise will receive logs from servers that are running on the premise itself. After reading the documentation, I’ve understood that I have to put in place a replication of Mongodb instances.
Mongodb recommended to have an odd number of servers in the cluster but I would like to ask whether or not it’s mandatory for the cluster to function properly or would it be ok to make a cluster only with 2 servers?

• At this point, it seems like my Graylog instance located in the cloud will get logs only from servers in the cloud. Same is applicable for the on premise Graylog instance which will get logs only from on premises servers. According to the documentation, the data from the primary will be replicated on secondary servers. However, I wonder whether or not primary servers will add the data over the data which is already existing on the secondary instance. Will it replace them instead?
  Could you please let me know how can I get 1 instance in the cloud and one on premises yet reach all the of my data from one point/location?

Thank you for your help in advance

I have found it best to split the roles out in to diffrent servers ( mongo, graylog, elasticsearch ).
you can install it all on one server but if you hope to do more then POC/testing, your opening your self up for some odd problems (it works but you have to get all three to balance just right).

Graylog cluster just need a shared mongodb.

mongo needs a odd number of votes if you are going to build a rep set.

If you only have two servers to run mongodb on an arbiter may be a way to go.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.