VMware Cloud Community
cgrvy
Enthusiast
Enthusiast
‎02-25-2016 06:59 AM

Log Insight Design

Hi,

I'm about to deploy log insight for a customer across two datacentres and looking to see if what I am suggesting is supported and looks right:

The customer has one vCenter managing about 10 hosts in head office and 2 hosts in a separate DC in another country. This second site *could* end up having a lot of endpoints generating a lot of logs.

I'm thinking that I will deploy Log Insight in cluster mode with a "master" in head office and one worker and another worker in the second DC. If the number of endpoints in the second site increases, I can add a second worker.

Does this sound about right? Is there any consideration around ingesters or load balancers - or do they get built in automatically?

Many Thanks!

Tags (1)
Reply
0 Kudos
3 Replies
admin
Immortal
Immortal
‎02-25-2016 08:12 AM

You don't want to do this. A Log Insight Cluster is a single fault domain and storage domain: messages sent to one node in a cluster can be routed and persisted to any node in the cluster. Cluster communication is latency-sensitive, so you want to keep all cluster members local to a single datacenter and broadcast domain.

For your situation, you'll want to deploy two clusters, on in each datacenter. You may want to configure one of those clusters with limited retention and a Forwarder to route events to a central location. Alternatively, you can keep the two groups of data separate, one per DC.

Reply
0 Kudos
sflanders
Commander
Commander
‎02-25-2016 11:05 AM

Alan is correct -- please see: Log Insight Best Practices: Server - SFlanders.net

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
cgrvy
Enthusiast
Enthusiast
‎02-26-2016 02:55 AM

For your situation, you'll want to deploy two clusters, on in each datacenter. You may want to configure one of those clusters with limited retention and a Forwarder to route events to a central location. Alternatively, you can keep the two groups of data separate, one per DC.

Thanks guys for getting back to me.

My goal would be to keep all events in one central location, so I will go with limited retention and a forwarder.

Reply
0 Kudos