Hi, I'm currently setting up a Graylog environment which has 2x Graylog-Servers which will be used for receiving syslog data. (Lets call them the Collector-Hosts) The setup is completed by a 3-node Elasticsearch cluster and a 3-node MongoDB replica-set.
I know that the graylog-web component has been removed from the architecture with 2.x but because of compliance requirements we need to have separate UI servers (they're connected to a special UI-network) which will be used by the users to search log-data. I'm kinda wondering if this is still possible? What kind of configurations do I need to have on the graylog hosts? Would I need to put all four graylog machines in one "Graylog Cluster"? Or do I need to split the Collector-Hosts from the UI-Hosts but point them to the same MongoDB and Elasticsearch-cluster? (I would configure one of the Collector-Hosts as "master", all the other hosts as "is_master = false" and enable the WEB-Interface only on the two UI-hosts). Has anyone done this? Any ideas To get a better idea about my setup I made the following sketch... I did not draw the connection between the UI-Hosts and the Elasticsearch-Network but I'm aware that there needs to be some kind of connection to forward the search-queries to the ES-cluster. <https://lh3.googleusercontent.com/-Ku1VKULCmEI/V3JUhm-UEeI/AAAAAAAANZg/6HU2fa3FdggFR-i2oD3escoeaDFNycbzQCLcB/s1600/Graylog-Arch.png> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/70b6d82b-63c6-435f-b081-1991b05e0d7c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
