To address performance bottlenecks in large-scale log collection environments, the Log Collector now optimizes the master node selection process. With Log Collector Scaling, you can explicitly select master-eligible nodes. Select a maximum of four Log Collectors per Collector Group for best performance.

Previously, all Log Collectors within a Collector Group were eligible to become the master node. When the active master failed, the system would dynamically elect a new one. This election process involved continuous communication among numerous nodes, creating significant overhead, particularly in larger deployments. By reducing the number of potential master nodes, you can now achieve a higher logging rate.

Log Collector scaling supports all platforms allowing a significantly higher logging rate. With a Collector Group utilizing up to 16 M-700 appliances, you can now scale log ingestion rates to over 1 million Logs Per Second (lps). This level of scaling is currently supported only on M-700 appliances.

You can designate specific Log Collectors as master-eligible nodes based on strategic criteria such as hardware capacity, network resiliency, or geographic distribution to optimize your logging architecture.

You can configure master-eligible nodes through either the Panorama web interface or the command-line interface. When implementing this feature, consider selecting nodes with the best hardware specifications, network connectivity, and geographic placement to ensure optimal performance and availability. This approach provides more predictable behavior during failover scenarios and more efficient resource utilization across your Collector Group. By strategically designating your master-eligible nodes, you can create a more resilient logging infrastructure that maintains high performance even under demanding conditions.