pevma
commented
6 years ago I think the biggest perf part is going to be Elasticsearch so you may need to look into - https://www.elastic.co/guide/en/elasticsearch/guide/master/deploy.html
For suricata you may want to budget around 4 CPUs with 8-16GBRAM
I want to ask for requirement of SELKS system to read about 1Gb/s data. Can you give me some recomment for my issue?