How to size virtual systems for running Graylog/Opensearch?

Hi,

currently I have some ressources on an ESX server available for me:
68 Cores at 2.2GHz, 224 GB RAM. Hardware is distributed on 2 datacenters.

My current Graylog setup on this machine:
4x Graylog with 8 cores and 24 GB RAM each, 2 on each datacenter
4x Opensearch with 8 cores and 32 GB RAM each.

We started with 3 nodes for each GL and OS and added 2 nodes later on, as log rates increased over time…
At the moment we consume about 40-60.000 Logs/s.

Now I’m wondering, if this is the optimal setup, or would it be better to have e.g. 2 nodes each (1 on different sites), but with more CPU/RAM attached to each node?
Or even a completely different setup?

In the beginnuing I installed GL and OS by myself, but the newer installation methods suggest to use Docker. So I’m thinking about changing the setup to docker, too.

With docker, would I have GL and OS on one host with two docker containers? Or better - just like now - GL and OS seperated on two machines (e.g. with only one container on each VM)?

Thanks for every hint or thought!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.