You are going to want to have a good bit more ram for large amount of log
processing. Ideally you will want to setup multiple vms to each handle a role
as well (e.g. VM or 2 for elasticsearch, Vm or two for graylog nodes)
I have 2 elasticsearch search nodes with 12gb ran each and I still like
Hi All,
My task is to have a centralized log analysis tool that can accommodate 500
GB of log files; and can search for anything within seconds from it. So,
had a basic setup of Graylog with elasticsearch and logstash.
To start, I tried reading one log file using logstash and stored it in
