Multiple Datacenter Setup

lli · June 26, 2017, 6:11pm

Hi, on this FAQ page for multi-datacenter setup: http://docs.graylog.org/en/2.2/pages/faq.html.

"I have datacenters across the world and do not want logs forwarding from everywhere to a central location due to bandwidth, etc. How do I handle this?"
Answer: “You can have multiple graylog-server instances in a federated structure, and forward select messages to a centralized GL server.”

Can someone provide the documentation for a federated structure setup?

For smaller datacenters, will you still recommend a full production architecture, or will a minimum setup be sufficient?
(http://docs.graylog.org/en/2.2/pages/architecture.html)

jochen · June 27, 2017, 6:48am

This refers to the possibility to create a GELF output in Graylog and send the messages of all streams (or of the “All messages” stream) to another Graylog node, see System / Outputs in the Graylog web interface.

What is a “small” datacenter? How many clients, how many events per second (on average and in peak), and how big are the messages?

lli · July 7, 2017, 6:11pm

There are about 50 clients. On average there’s 1 event per second per node. So there are 50 events per second on average.

I do not have a good estimation of the peak but assume that’s double the size (100 events per second).

Each message is about 4KB.

lli · July 7, 2017, 8:40pm

Average: 10,000KB/s
Peak: 20,000KB/s

jochen · July 10, 2017, 7:04am

This is a load that a very small single node Graylog installation can handle (if you don’t care for high availability).

You could install the OVA on a machine with a few CPU cores and 4 GB of memory and it could handle the load.

What are these specifications for? That doesn’t match the 50 events per second (50 eps * 4 KB == 200 KB/s).

lli · July 10, 2017, 7:16am

Thanks. At what number of clients/events per second would you recommend a full production setup (at least 2 graylog nodes with a load balancer, and at least 3 elasticsearch nodes)?

Please ignore the 2 values I provided earlier. Thanks.

jochen · July 10, 2017, 7:39am

That’s hard to say without all details and I’d rather not generalize this.

system · July 24, 2017, 7:39am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Centralized independent architecture Graylog Central (peer support)	2	408	October 8, 2022
Graylog over MPLS link in second DC Graylog Central (peer support)	3	410	July 20, 2021
Graylog Sizing 10,000 msgs per second Graylog Central (peer support)	9	4096	May 2, 2018
Sizing GrayLog (GB/day) Graylog Central (peer support)	4	3031	April 16, 2021
Best practice for graylog server Graylog Central (peer support) capacity_planning	3	385	June 13, 2024

Multiple Datacenter Setup

Related topics