I have done a test with graylog. elasticsearch at a single node server for with 8 core processor and 32 GB of RAM but Hard disk was with 7200 RPM… and i didnt get that much great result out of it… But what i able to see that this graylog system can serve my requirements.
Now can any one help me, a suggestion, to set a specifications for server hardware for 150K/sec log, this is basically for NetFlow data analyzing.
How much core can be set to graylog system and how much RAM for elastic search.
Obviously this deploy will be with 3 node cluster.
it is hard to calculate, just because you might want to work with your data. Extract some of them or add additional information with the message pipelines.
If you can split and balance between your 3 planed servers you need to optimize them for ~50K/sec messages.
To be fair, you will end up with more than 3 Graylog Servers and a Cluster of Elasticsearch Servers to handle that and to be able to work with the data.