radin/my-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update From Dev To Main #1

Merged
radin merged 20 commits from dev into main 2026-03-13 10:35:06 +00:00
Conversation 0 Commits 20 Files Changed 11 +220
1 changed files with 220 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit d3f932a896 - Show all commits

220
Monitoring & Logging/ELK/02-Node-Types.md Normal file
View File

@@ -0,0 +1,220 @@
# ELK Node Types
## Overview
The ELK Stack (Elasticsearch, Logstash, Kibana) is commonly deployed using multiple node types (roles) to ensure scalability, performance, and resilience. This document outlines the main node types used in production-grade ELK deployments from a DevOps perspective.
---
## 1. Elasticsearch Node Types
Elasticsearch nodes can be assigned one or more roles. In production environments, roles are usually separated for stability and performance.
### 1.1 Master Node (Dedicated Master)
**Purpose:** Cluster coordination and management
Responsibilities:
* Manages cluster state
* Controls shard allocation
* Handles node joins and failures
Best Practices:
* Deploy 3 dedicated master nodes (odd number for quorum)
* Do not assign data or ingest roles
* Require minimal CPU and disk, but stable memory
Configuration:
```yaml
node.roles: [ master ]
```
---
### 1.2 Data Nodes
**Purpose:** Store data and execute search and indexing operations
#### a. Hot Data Node
* Handles recent and high-traffic data
* Requires fast SSD storage
* Heavy indexing and querying workload
```yaml
node.roles: [ data_hot ]
```
#### b. Warm Data Node
* Stores less frequently accessed data
* Moderate CPU and disk requirements
```yaml
node.roles: [ data_warm ]
```
#### c. Cold Data Node
* Stores rarely accessed data
* Optimized for cost efficiency
```yaml
node.roles: [ data_cold ]
```
#### d. Frozen Data Node
* Archival data with searchable snapshots
* Minimal local storage requirements
```yaml
node.roles: [ data_frozen ]
```
---
### 1.3 Coordinating Node
**Purpose:** Query routing and result aggregation
Characteristics:
* No data storage
* No master role
* Acts as a load balancer for search requests
Use Case:
* Kibana and client applications connect to coordinating nodes
```yaml
node.roles: [ ]
```
---
### 1.4 Ingest Node
**Purpose:** Data preprocessing before indexing
Responsibilities:
* Executes ingest pipelines
* Performs grok parsing, enrichment, geoip, and transformations
* Reduces load on data nodes
```yaml
node.roles: [ ingest ]
```
---
### 1.5 Machine Learning Node
**Purpose:** Run machine learning jobs
Use Cases:
* Anomaly detection
* Advanced analytics
```yaml
node.roles: [ ml ]
```
---
### 1.6 Transform Node
**Purpose:** Data transformation and aggregation
Use Cases:
* Pivot and latest transforms
* Pre-aggregated indices
```yaml
node.roles: [ transform ]
```
---
## 2. Logstash Node Types
Logstash does not use formal roles but is deployed based on function.
### 2.1 Ingest / Collector Nodes
* Receive data from Beats, syslog, Kafka, etc.
* Minimal processing
### 2.2 Processing Nodes
* Perform heavy parsing and enrichment
* CPU-intensive workloads
### 2.3 Output Nodes
* Focused on reliable delivery to Elasticsearch
---
## 3. Kibana Node Types
### 3.1 Kibana Server Node
* Provides UI and REST API
* Stateless and horizontally scalable
### 3.2 Reporting / Task Manager Node
* Handles scheduled tasks and reporting
* Often separated in large deployments
---
## 4. Beats and Agents (Edge Nodes)
Although not part of the core ELK stack, Beats are critical for data collection.
Common Beats:
* Filebeat: Log collection
* Metricbeat: System and service metrics
* Auditbeat: Security events
* Heartbeat: Uptime and endpoint monitoring
---
## 5. Typical Production Architectures
### Small Cluster
* 3 nodes with combined roles (master, data, ingest)
### Medium to Large Cluster
* 3 Dedicated Master Nodes
* Hot, Warm, and Cold Data Nodes
* Dedicated Ingest Nodes
* Coordinating Nodes
* Optional ML and Transform Nodes
---
## 6. Node Role Summary
| Node Type | Purpose |
| --------------------------- | ---------------------------- |
| Master | Cluster coordination |
| Data (Hot/Warm/Cold/Frozen) | Data storage and querying |
| Coordinating | Query routing |
| Ingest | Data preprocessing |
| ML | Anomaly detection |
| Transform | Data aggregation |
| Logstash | Data pipeline |
| Kibana | Visualization and management |