[Bro] ES cluster and logstash

erik clark philosnef at gmail.com
Fri Apr 27 05:48:15 PDT 2018


We are looking to set up a proper ES cluster and dumping bro logs into it
via logstash. The thought is to have 6 ES nodes (2 dedicated master, 4 data
nodes). If we are dumping 15 TB of data into the cluster a year (possibly
as high as 20 or 25TB) from Bro, is 4 data nodes sufficient? The boxen will
only have 64 gigs of ram (30 for java heap, 34 for system use) and probably
16 discrete cores. I have a feeling that this is horribly insufficient for
a data cluster of that size.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180427/81915272/attachment.html 


More information about the Bro mailing list