I have a Graylog distributed architecture question - specifically in the context of multi node elasticsearch cluster. In reading the documentation one gets a pretty good idea behind the way elasticsearch clusters work. From what I gather everything behind this design is about speed and concurrent searches performed by multiple elasticsearch nodes. In this context where is the redundancy piece or does one not exist? By redundancy I mean the ability to loose a node and not loose ANY data which may have been stored on that specific node?
I totally get that a loss of node event isn’t catastrophic in an elasticsearch cluster but what Elastic rarely tells you is that the data on that node becomes “dark” as well. That means you will NOT get hits on your search for data which would have been stored on that specific node would the node have been on-line.
How does Graylog address redundancy if a zero-loss is required? If it isn’t via the native elasticsearch architecture do you have a third party design practices to achieve zero-loss use case?