Hello everyone,
I feel like this is a stupid question, but I have not been able to find the answer on my on.
I am trying to store logs for 5+ years. I have 4 Elasticsearch servers in a cluster behind the 3 graylog cluster.
I am taking in around 70 gigs a day, and Elasticsearch has 44 TB of storage. What I can not figure out is how does the system decide which Elasticsearch server to store a log on?