Graylog-server instances in a federated structure

nicozanf · March 20, 2017, 1:20pm

Hello, I’ve read about it in the FAQ section of the 2.2 documentation - but it’s not so clear to me. Could someone kindly explain it a little more?

In my case, I have two sites and I’m thinking about installing two servers that receive everything (one on each site). Then, they forward only what I really need to a third central one. Is there a way to automatically synchronize the configuration of the front line servers?

Thank you,
Nico

jochen · March 20, 2017, 2:18pm

You can use any configuration management solution, such as Puppet, Chef, or Ansible for this.

nicozanf · March 21, 2017, 8:25pm

I see …

And what about the Graylog-server instances in a federated structure? Can you explain it?

Thank you

jochen · March 22, 2017, 8:40am

See http://docs.graylog.org/en/2.2/pages/architecture.html#bigger-production-setup for a description of a load-balanced HA setup for Graylog.

How you’re going to implement that is completely up to you and your requirements.

david · March 29, 2017, 5:56pm

Hello, I think I’m in the same case than @nicozanf.

Indeed, in this architecture (official documentation), each graylog server speak with the same elasticsearch cluster.

My question is: is it possible to have two or more independant graylog architecture (graylog + elasticsearch + mongodb) which are requested by another graylog server via https, sort of “master” role?

In fact, I will only use this Graylog server with “master” role more than a frontend to request other graylog server. There will be not connection with any elasticsearch cluster or mongodb replica set.

The reason is to save bandwidth. Because, some of them (sites on which I want install an indepedant graylog archtecure) only use vsat connection and the RTT is high (~300-600ms). So I don’t want impact them and avoid to lost some packets.

Thanks for your help! Graylog is a very nice and powerfull application!

David

jochen · March 29, 2017, 7:43pm

No, that’s not possible.

david · March 29, 2017, 8:27pm

Ok. Shorter is better…usually. Thanks.

david · May 17, 2017, 8:32pm

Hello, I think the “Tribe” node could be a solution for us: Tribe-node

From what I understand, the tribe node create a cluster that includes other clusters to be able to read in an almost transparent (depending the latency of network of course).

What do you think? It is compatible with Graylog?

David

jochen · May 18, 2017, 7:12am

No, it’s not and it’s on the way out of Elasticsearch: Tribe Nodes & Cross-Cluster Search: The Future of Federated Search in Elasticsearch | Elastic Blog

david · May 19, 2017, 2:16am

I didn’t know this article, thank you for the link. Back to square one…

Topic		Replies	Views
Can I configure load balancing for a two standalone graylog server and achieve high availability? Graylog Central (peer support)	2	265	August 21, 2023
Cluster setup graylog Graylog Central (peer support)	3	975	February 6, 2018
Question about cluster Graylog Central (peer support) docker , architecture	8	447	September 1, 2023
Cluster Infrastructure Graylog Central (peer support)	36	3402	May 9, 2019
High availability Graylog Central (peer support)	14	4403	December 24, 2019

Graylog-server instances in a federated structure

Related Topics