Question on cluster performance

I currently have a single node Graylog instance which is starting to come to a crawl which think it’s probably because it’s backed by an old, slow SAN. I do have another ESXi host backed by a different SAN and so I’m wondering if I create a second node and cluster them, would this inherently improve performance?
Does a single query get distributed across the elasticsearch cluster to retrieve results from multiple indices?

First you need to understand what is the bottleneack in your system.
After that you should know, how to solve it.

If you think the disk is the problem, test is. Try to write data to the disk, check the speed, check all of your performance, and if your have evidence the storage has problem, you can think in another node.
Also it would be good, if your share your numbers ( messages/sec, CPU, mem, and usages…)
What buffers come full first?

Maybe a GL performance tuning can help (eg if you over 40-80k msg/sec).

And also a good question, do you need high availability? If yes, the second node node an option (it’s a condition).

Thanks for your response. I will look to get some metrics out of it and go from there.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.