In this chapter, we went through the requirements that are needed when designing an Elastic Stack using Elasticsearch, Logstash, and Kibana. For Elasticsearch, we determined that the minimum CPU requirement is two vCPUs for small setups, and the CPU speed should be kept above 2 GHz. If these minimum requirements are not met, Elasticsearch will take longer to start up and will perform more slowly. This manifests as a decrease in the number of indexes per second and an increased search latency, both of which are things that need to be avoided in order for us to be able to take full advantage of the near-instant searches that Elasticsearch provides.
Memory sizing is probably the most important specification when designing an Elasticsearch setup. Part of the system memory will be used for the filesystem cache (also known as the page cache), which helps with searches and indexes per second. Swapping is not recommended, as it is considered extremely slow when compared to actual RAM access, and so swapping should be disabled on Elasticsearch nodes. If the correct memory requirements are not met, Elasticsearch will fail to start altogether since there will not be enough memory for the JVM to start. If, on the other hand, enough memory is present to start the JVM, but the load increases over time and the system runs out of memory, the OOM or out-of-memory killer will be engaged to avoid a system crash that would lead to a failure of the application. The very minimum amount of RAM required is 2.5 GB, but resource constraints will be seen relatively quickly.
Storage capacity and performance play an important role when setting up Elasticsearch. The capacity depends on the amount of data that needs to be kept and the number of sources configured. Latency needs to be kept to a minimum in order for our searches to be fast. Ideally, SSD should be used.
Lastly, for Logstash and Kibana, the minimum requirements are one vCPU and 2 GB of RAM for each component. For Logstash, there is a space requirement for the persistent queues.
In the next chapter, we will jump into deploying an Elastic Stack using Elasticsearch, Logstash, and Kibana using the facts that learned in this chapter.