Hi,
currently I have some ressources on an ESX server available for me:
68 Cores at 2.2GHz, 224 GB RAM. Hardware is distributed on 2 datacenters.
My current Graylog setup on this machine:
4x Graylog with 8 cores and 24 GB RAM each, 2 on each datacenter
4x Opensearch with 8 cores and 32 GB RAM each.
We started with 3 nodes for each GL and OS and added 2 nodes later on, as log rates increased over time…
At the moment we consume about 40-60.000 Logs/s.
Now I’m wondering, if this is the optimal setup, or would it be better to have e.g. 2 nodes each (1 on different sites), but with more CPU/RAM attached to each node?
Or even a completely different setup?
In the beginnuing I installed GL and OS by myself, but the newer installation methods suggest to use Docker. So I’m thinking about changing the setup to docker, too.
With docker, would I have GL and OS on one host with two docker containers? Or better - just like now - GL and OS seperated on two machines (e.g. with only one container on each VM)?
Thanks for every hint or thought!