-
|
I am using Security Onion in a distributed environment. Currently, I have configured 3 forward nodes, 1 manager node, and 3 search nodes. First question: If I want to purchase and register a paid Elasticsearch license, how many nodes should the license support in total? Second question: Upon checking, I noticed that Elasticsearch and Kibana are on the manager node, and the search nodes are clustered, with the manager node's Elasticsearch remote clustering the search nodes. Is this correct? If so, it seems that each cluster does not have a replica shard, causing the cluster status to show as yellow. I am curious about the reason behind configuring it this way. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
For questions about paid Elastic licenses, please reach out to the Elastic sales team.
In Security Onion 2.3, each search node was its own independent Elastic cluster and the manager queried each of them via cross cluster search. In Security Onion 2.4, search nodes should join the manager's cluster. |
Beta Was this translation helpful? Give feedback.
-
|
Good morning, Furthermore, if all search nodes must join manager cluster, should they be in the same network of the manager? Thanks for the attention. |
Beta Was this translation helpful? Give feedback.
-
|
From #1720:
|
Beta Was this translation helpful? Give feedback.
For questions about paid Elastic licenses, please reach out to the Elastic sales team.
In Security Onion 2.3, each search node was its own independent Elastic cluster and the manager queried each of them via cross cluster search.
In Security Onion 2.4, search nodes should join the manager's cluster.