We collect logs on site and send them to a local Graylog instance and do the parsing and normalisation there. We then send the logs to a clustered Graylog environment in Azure to perform analysis and alerting on the logs. We are trying to load balance as then we can split the log traffic equally between two Graylog nodes and get increased performance cheaper.
We have set up a traffic manager in Azure which has a DNS name, we then send the logs from the local Graylog to the DNS name of the load balancer via GELF TCP + TLS, this means that a connection is opened to one server but is never dropped and the traffic only ever goes to one node until the connection is manually stopped.
Does anyone load balance with GELF TCP + TLS? Or can anyone provide me with any other ways of splitting my traffic evenly between two remote nodes.