Hello guys,
I want to deploy a 4 nodes graylog cluster. I have 5 machines and I would like to use them following this scheme:
1 for rsyslog filtering and load balancer using haproxy
2 for graylog inputs
2 for elasticsearch
I will use a whole bunch of extractors, so this is why I thought about using 2 graylog servers to parse all the events and then store the logs in the 2 nodes elasticsearch cluster. Maybe configuring those 2 servers as client nodes in elastic or something like that.
I am not sure if this is the best option, or maybe I should just split the memory and disk between the 4 machines and load balance the events using the 4 servers.
Can you give me a hint of what could be the best way to approach this?
Thanks