Server resource specifications for 150K/sec log with Graylog

Hi All,

Sorry if this is irreverent here.

I have done a test with graylog. elasticsearch at a single node server for with 8 core processor and 32 GB of RAM but Hard disk was with 7200 RPM… and i didnt get that much great result out of it… But what i able to see that this graylog system can serve my requirements.

Now can any one help me, a suggestion, to set a specifications for server hardware for 150K/sec log, this is basically for NetFlow data analyzing.

How much core can be set to graylog system and how much RAM for elastic search.

Obviously this deploy will be with 3 node cluster.

Thanks in advance.

hej @shamimrezasohag

it is hard to calculate, just because you might want to work with your data. Extract some of them or add additional information with the message pipelines.

If you can split and balance between your 3 planed servers you need to optimize them for ~50K/sec messages.

To be fair, you will end up with more than 3 Graylog Servers and a Cluster of Elasticsearch Servers to handle that and to be able to work with the data.

My suggestion would be, that you contact the Graylog Company to get help with that.


Thanks for the reply Jan…

I think i might work on that more and then get back to the Graylog Support for Final deployment.

