Hi Guys,

currently we have an Elastic Stack with just one node. So Kibana, Logstash and Elasticsearch are running there. Now i want to add a further to disburden the ressources and want to have another Logstash and Elasticsearch instance at server 2.
I know more servers would be better but unfortunately it's not possible to add more "real" physical servers at the moment, just a virtual server would be possible (same subnet).

So what would be the "correct" setup? At the moment i think i can install Logstash and Elasticsearch at server 2. For Elasticsearch i will change the config so that server 1 and 2 will create a cluster through the internal network interface. Both with almost the same config (so they would run as master, data and ingest node).
The output section of Logstash config  would be changed to serve the data to both Elasticsearch servers.
The output section of the Filebeat configs would be changed to serve the data to both Logstash servers.

Is that the correct way with my current devices or how i have to change the setup? Will Kibana still have access to all data from both servers?

I read many articles but it's not so obvious to me if i'm right with my assumption, so thank you for your help :slight_smile:

Andi

---
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB