Hello, I think I’m in the same case than @nicozanf.
Indeed, in this architecture (official documentation), each graylog server speak with the same elasticsearch cluster.
My question is: is it possible to have two or more independant graylog architecture (graylog + elasticsearch + mongodb) which are requested by another graylog server via https, sort of “master” role?
In fact, I will only use this Graylog server with “master” role more than a frontend to request other graylog server. There will be not connection with any elasticsearch cluster or mongodb replica set.
The reason is to save bandwidth. Because, some of them (sites on which I want install an indepedant graylog archtecure) only use vsat connection and the RTT is high (~300-600ms). So I don’t want impact them and avoid to lost some packets.
Thanks for your help! Graylog is a very nice and powerfull application! 
David