Multi-site architecture?

I’ve been digesting the “Bigger production setup” and am wondering how it could work with two datacenters or sites, with logging needed in both and global load balancing (f5 GTM/LTM) available.

I’d like to not create two isolated “bigger production setups” if possible and provide only one URL for the client browser interface/dashboards. Ideally, hosts would submit logs to the local LTM load balancer.

Here’s a shot…

I’m not sure about a number of things here, with one being the “stretched” Elasticsearch. I see there is Cross Cluster Search in beta, so maybe this could remain two 3-node clusters at each datacenter. Not sure if Graylog would even support this…

Any input would be appreciated!

the backend for Graylog is Elasticsearch, which does not support an arcitecture with multiple geographically separated datacenters https://www.elastic.co/blog/clustering_across_multiple_data_centers

“Tribe nodes” would work for my purposes, but is on its way out…

Deprecated in 5.4.0.
The tribe node is deprecated in favour of Cross Cluster Search and will be removed in Elasticsearch 7.0.

If Graylog is or will be compatible with cross cluster search that will work for me.

You should keep in mind:

• Each Elasticsearch Node need to communicate with each other ( location awareness for being sure that data is in both DC)
• Each Graylog need to communicate to each Graylog and to all Elasticsearch Nodes and each MongoDB Instance
• MongoDB need to be a replica set that is located in both DC

This part of the documentation covered multi node setup.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.