Comparing ELK and GrayLog

scottalanmiller

@flaxking said in Comparing ELK and GrayLog:

@scottalanmiller said in Comparing ELK and GrayLog:

@flaxking said in Comparing ELK and GrayLog:

@scottalanmiller said in Comparing ELK and GrayLog:

@flaxking said in Comparing ELK and GrayLog:

I'm getting the feeling that if you want a real Enterprise setup with the Elastic Stack, eventually you will end up having to pay $$

I think the open source version pretty much does what you need.

We need Ops to have access and then Devs to have access only to data from the project they are on the team for.

Doesn't the free open source GrayLog do that for you as it is?

Yeah, which is why I'm leaning towards GrayLog

Oh, I misunderstood your comment about needing to pay for the Elastic stack. Because Graylog is an Elastic stack as wel. ELK and Graylog are competing Elastic stacks.

scottalanmiller

Yes, the ELK stack you must pay to get it working in an enterprise way, that's for certain.

flaxking

@scottalanmiller said in Comparing ELK and GrayLog:

@flaxking said in Comparing ELK and GrayLog:

@scottalanmiller said in Comparing ELK and GrayLog:

@flaxking said in Comparing ELK and GrayLog:

@scottalanmiller said in Comparing ELK and GrayLog:

@flaxking said in Comparing ELK and GrayLog:

I'm getting the feeling that if you want a real Enterprise setup with the Elastic Stack, eventually you will end up having to pay $$

I think the open source version pretty much does what you need.

We need Ops to have access and then Devs to have access only to data from the project they are on the team for.

Doesn't the free open source GrayLog do that for you as it is?

Yeah, which is why I'm leaning towards GrayLog

Oh, I misunderstood your comment about needing to pay for the Elastic stack. Because Graylog is an Elastic stack as wel. ELK and Graylog are competing Elastic stacks.

ELK + Beats is now rebranded as "The Elastic Stack"
Strategic marketing decision

scottalanmiller

@flaxking said in Comparing ELK and GrayLog:

@scottalanmiller said in Comparing ELK and GrayLog:

@flaxking said in Comparing ELK and GrayLog:

@scottalanmiller said in Comparing ELK and GrayLog:

@flaxking said in Comparing ELK and GrayLog:

@scottalanmiller said in Comparing ELK and GrayLog:

@flaxking said in Comparing ELK and GrayLog:

I'm getting the feeling that if you want a real Enterprise setup with the Elastic Stack, eventually you will end up having to pay $$

I think the open source version pretty much does what you need.

We need Ops to have access and then Devs to have access only to data from the project they are on the team for.

Doesn't the free open source GrayLog do that for you as it is?

Yeah, which is why I'm leaning towards GrayLog

Oh, I misunderstood your comment about needing to pay for the Elastic stack. Because Graylog is an Elastic stack as wel. ELK and Graylog are competing Elastic stacks.

ELK + Beats is now rebranded as "The Elastic Stack"
Strategic marketing decision

Oh man, that's confusing.

scottalanmiller

Because Graylog has been an Elastic Stack for a really long time now, as has ELK. Rebranding something new as something that already exists is a mess.

flaxking

@scottalanmiller said in Comparing ELK and GrayLog:

Because Graylog has been an Elastic Stack for a really long time now, as has ELK. Rebranding something new as something that already exists is a mess.

And I'm sure there are lots of custom elastic stacks out there

scottalanmiller

@flaxking said in Comparing ELK and GrayLog:

@scottalanmiller said in Comparing ELK and GrayLog:

Because Graylog has been an Elastic Stack for a really long time now, as has ELK. Rebranding something new as something that already exists is a mess.

And I'm sure there are lots of custom elastic stacks out there

That, too.

1337

Having not used either - what's the main purpose of ELK and GrayLog?

Is it just to have a central place to view logs from everything?

Is it an overlap in functionality or complement to monitoring solutions like zabbix?

scottalanmiller

@Pete-S said in Comparing ELK and GrayLog:

Having not used either - what's the main purpose of ELK and GrayLog?

Comparing to yet other products is easiest.... Splunk, Loggly, LogRhythm

scottalanmiller

@Pete-S said in Comparing ELK and GrayLog:

Is it just to have a central place to view logs from everything?

Yes, but fast, protected, sometimes visually, with deep search. It's like log viewing on steroids.

scottalanmiller

@Pete-S said in Comparing ELK and GrayLog:

Is it an overlap in functionality or complement to monitoring solutions like zabbix?

Complimentary.

flaxking

@Pete-S said in Comparing ELK and GrayLog:

Having not used either - what's the main purpose of ELK and GrayLog?

Is it just to have a central place to view logs from everything?

Is it an overlap in functionality or complement to monitoring solutions like zabbix?

ELK can be used for all kinds of data analytics, GrayLog's focuses just on logs

scottalanmiller

@flaxking said in Comparing ELK and GrayLog:

@Pete-S said in Comparing ELK and GrayLog:

Having not used either - what's the main purpose of ELK and GrayLog?

Is it just to have a central place to view logs from everything?

Is it an overlap in functionality or complement to monitoring solutions like zabbix?

ELK can be used for all kinds of data analytics, GrayLog's focuses just on logs

Which helps make GrayLog way easier to use than ELK for logging.

gotwf

Well, alrighty then....

Moving forward... more modern times is "Elastic Stack", featuring "Beats" more prominently than the infamously pita Logstash. Also known as ELKB. Or at least to a feeble pivot effort by marketing.... Reality is more likely to be EFK, Elasticsearch, Fluendo, Kibana.

Time series data side: Prometheus and Loki seem very attractive combo, visualized via Grafana. Loki design document (draft) here: https://docs.google.com/document/d/11tjK_lvp1-SVsFZjgOTr1vV3-q6vBAsZYIQ5ZeYBkyM/view#heading=h.xmomb5buwgxj

I am curious as to the thoughts of the greater mind hive?

Elastic Stack: Beats may be a modular blast but you still need Logstash for any "manipulations". Be that as it may, you still end up with full text searchable logs. JVM and fiends (typo not intended but apropos?) are going to chew up as much RAM as you can throw at it. CPU cycles as well. So, big enterprise and big hardware kind of deal. Elastic Ph.D. requisite.

Loki: Give up log content for a meta data approach. Substantially less resource provisioning requirements. Hence more affordable/cost effective small to medium biz/enterprise side? High bar of entry learning curve wise since this is complex 'chit but still much lower bar than Elastic Stack. Keeping w/analogy, yer' maybe gonna' need a Bachelor's fer' this one.

Alrighty then... inquiring minds are curious about such things. Let 'er buck!

gotwf

P.S.; While the ability to "pivot" from e.g. alert to metrics to log seamlessly from w/in a single UI is indeed attractive, the time series data model of the PLG stack (Prometheus Loki Grafana) does not lend itself well to "The Tail at Scale" problem.

https://www2.cs.duke.edu/courses/cps296.4/fall13/838-CloudPapers/dean_longtail.pdf

IOW; it is all a lot more complex than one may initially imagine... lol.