Comparing ELK and GrayLog
-
We've been planning for Prometheus + Grafana for metrics, so if we open up Elastic Stack as on option, we will have to see if we want to use it for metrics instead.
It doesn't help in the initial decision making that these products can all be combined in all kinds of ways, but I suppose it will help in the future if we need something different without having redo the entire setup to meet a new business need.
-
And what does everyone think of packetbeat? My gut feeling is that it would be a bad idea.
-
@flaxking said in Comparing ELK and GrayLog:
I'm getting the feeling that if you want a real Enterprise setup with the Elastic Stack, eventually you will end up having to pay $$
Above 5GB/day, yes.
-
@flaxking said in Comparing ELK and GrayLog:
I'm getting the feeling that if you want a real Enterprise setup with the Elastic Stack, eventually you will end up having to pay $$
I think the open source version pretty much does what you need.
-
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
I'm getting the feeling that if you want a real Enterprise setup with the Elastic Stack, eventually you will end up having to pay $$
I think the open source version pretty much does what you need.
We need Ops to have access and then Devs to have access only to data from the project they are on the team for.
I suppose we could try to put additional authentication in front of elasticsearch, and then just have multiple Kibana instances all with different access to elasticsearch. Failing that, we would be looking at separate ELK deployments per project - which could be an option, but might kind of suck for Ops
-
@flaxking said in Comparing ELK and GrayLog:
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
I'm getting the feeling that if you want a real Enterprise setup with the Elastic Stack, eventually you will end up having to pay $$
I think the open source version pretty much does what you need.
We need Ops to have access and then Devs to have access only to data from the project they are on the team for.
Doesn't the free open source GrayLog do that for you as it is?
-
@flaxking said in Comparing ELK and GrayLog:
I suppose we could try to put additional authentication in front of elasticsearch, and then just have multiple Kibana instances all with different access to elasticsearch. Failing that, we would be looking at separate ELK deployments per project - which could be an option, but might kind of suck for Ops
Right, this is why ELK doesn't do what you want, but Graylog does. That's exact why Graylog is the general recommendation here, ELK requires a lot of add ons or the enterprise version that you pay for to get basic functionality. But Graylog does it all for free.
-
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
I'm getting the feeling that if you want a real Enterprise setup with the Elastic Stack, eventually you will end up having to pay $$
I think the open source version pretty much does what you need.
We need Ops to have access and then Devs to have access only to data from the project they are on the team for.
Doesn't the free open source GrayLog do that for you as it is?
Yeah, which is why I'm leaning towards GrayLog
-
@flaxking said in Comparing ELK and GrayLog:
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
I'm getting the feeling that if you want a real Enterprise setup with the Elastic Stack, eventually you will end up having to pay $$
I think the open source version pretty much does what you need.
We need Ops to have access and then Devs to have access only to data from the project they are on the team for.
Doesn't the free open source GrayLog do that for you as it is?
Yeah, which is why I'm leaning towards GrayLog
Oh, I misunderstood your comment about needing to pay for the Elastic stack. Because Graylog is an Elastic stack as wel. ELK and Graylog are competing Elastic stacks.
-
Yes, the ELK stack you must pay to get it working in an enterprise way, that's for certain.
-
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
I'm getting the feeling that if you want a real Enterprise setup with the Elastic Stack, eventually you will end up having to pay $$
I think the open source version pretty much does what you need.
We need Ops to have access and then Devs to have access only to data from the project they are on the team for.
Doesn't the free open source GrayLog do that for you as it is?
Yeah, which is why I'm leaning towards GrayLog
Oh, I misunderstood your comment about needing to pay for the Elastic stack. Because Graylog is an Elastic stack as wel. ELK and Graylog are competing Elastic stacks.
ELK + Beats is now rebranded as "The Elastic Stack"
Strategic marketing decision -
@flaxking said in Comparing ELK and GrayLog:
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
@scottalanmiller said in Comparing ELK and GrayLog:
@flaxking said in Comparing ELK and GrayLog:
I'm getting the feeling that if you want a real Enterprise setup with the Elastic Stack, eventually you will end up having to pay $$
I think the open source version pretty much does what you need.
We need Ops to have access and then Devs to have access only to data from the project they are on the team for.
Doesn't the free open source GrayLog do that for you as it is?
Yeah, which is why I'm leaning towards GrayLog
Oh, I misunderstood your comment about needing to pay for the Elastic stack. Because Graylog is an Elastic stack as wel. ELK and Graylog are competing Elastic stacks.
ELK + Beats is now rebranded as "The Elastic Stack"
Strategic marketing decisionOh man, that's confusing.
-
Because Graylog has been an Elastic Stack for a really long time now, as has ELK. Rebranding something new as something that already exists is a mess.
-
@scottalanmiller said in Comparing ELK and GrayLog:
Because Graylog has been an Elastic Stack for a really long time now, as has ELK. Rebranding something new as something that already exists is a mess.
And I'm sure there are lots of custom elastic stacks out there
-
@flaxking said in Comparing ELK and GrayLog:
@scottalanmiller said in Comparing ELK and GrayLog:
Because Graylog has been an Elastic Stack for a really long time now, as has ELK. Rebranding something new as something that already exists is a mess.
And I'm sure there are lots of custom elastic stacks out there
That, too.
-
Having not used either - what's the main purpose of ELK and GrayLog?
Is it just to have a central place to view logs from everything?
Is it an overlap in functionality or complement to monitoring solutions like zabbix?
-
@Pete-S said in Comparing ELK and GrayLog:
Having not used either - what's the main purpose of ELK and GrayLog?
Comparing to yet other products is easiest.... Splunk, Loggly, LogRhythm
-
@Pete-S said in Comparing ELK and GrayLog:
Is it just to have a central place to view logs from everything?
Yes, but fast, protected, sometimes visually, with deep search. It's like log viewing on steroids.
-
@Pete-S said in Comparing ELK and GrayLog:
Is it an overlap in functionality or complement to monitoring solutions like zabbix?
Complimentary.
-
@Pete-S said in Comparing ELK and GrayLog:
Having not used either - what's the main purpose of ELK and GrayLog?
Is it just to have a central place to view logs from everything?
Is it an overlap in functionality or complement to monitoring solutions like zabbix?
ELK can be used for all kinds of data analytics, GrayLog's focuses just on logs
