Hi Joshua, Hardware requirements: It is obviously very difficult to give you exact numbers. The requirements for 300 syslog messages vs 300 multi-line logs where one extracts 50 key value pairs per entry will have different requirements. That said, 300 messages is trivial and you can get away with very low resources, at a guess I'd say 1 or 2 cores and 4-8Gb ram will be more than adequate, again, depending on what you are sending it.
Configs are actually fairly straight-forward. Most GrayLog config has moved to Mongo, so you only _really_ need to worry about server.conf file in /etc/graylog/server. Keep in mind that Mongo and Elasticsearch is used by Graylog, but not included, so their configs are managed separately. If you have more specific questions around the config, that might help as well. Apart from that, if you are using puppet, the manifest they provide is really good and does everything for you! You mention you've hit a roadblock - are you struggling to get the system running, is it running slow? Might help to let us know a bit more detail on what is keeping you from moving forward? Cheers On Friday, November 18, 2016 at 5:50:17 AM UTC+13, Joshua Waclawski wrote: > > As the title states, I'm pretty new to Graylog and Elasticsearch. I've > read the documentation thoroughly and I've watched a few educational videos > describing how elasticsearch works from the ground up; everything is very, > very cool and I'm excited to start using it! Using the AMI provided on the > Github, I've setup an EC2 instance and have started work on learning how to > configure and use this tool, but I've hit a bit of a road block and need > some answers... > > 1. Hardware requirements - what exactly are they? I'm attempting to > deploy graylog to an environment that receives no more than maybe 200-300 > messages per second, if that. I can't imagine that managing a few > thousand > logs per minute requires 12gb of RAM to do, but I'm new to Elasticsearch > so > I'm asking for clarification. Every white paper, forum post, blog post, > or > guide that I've read so far assumes 5000+ messages per second. > 2. Configurations - This is what annoys me the most. The > configuration files are very, very scattered (at least they seem so) and > the official documentation does a very poor job of explaining what's > required to configure for basic functionality on a single server. Using > the AWS AMI, what configuration files need editing to inflict changes upon > the system? I'm seeing .conf, .yml, and .cfg files all over my operating > system with seemingly redundant settings that I can't find explanations > for. Again, this could be my ignorance of the architecture, but the file > hierarchy is explained no where. > > That's really it for now.. if I can hammer out these answers with some > level of certainty then I'll have what I need to move forward in > configuring and testing this software. As thing stand now, I have no idea > if I'm editing the proper config file half the time as all I receive are > errors in logs and alerts in the webUI. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/94f6878a-bdb8-406f-8c17-0505068443ba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
