Graylog vs ELK – looking to the future

There is a general truism in both IT and in business: a chosen solution when implemented is both difficult and expensive to replace later, and replacement usually only happens after the pain of continued use becomes greater then the pain of replacement. Therefore when making a decision over which product to use, looking at the future is many times as important as comparing products in the present. (more…)

Continue Reading

A simple Logstash ratelimiter

There is a need to rate limit the event rate to an output in Logstash, how do you do it?  Perhaps you are outputting to some other system that is licensed based on a certain event rate per second, or perhaps it is a mechanism to protect Elasticsearch by preventing large spikes of ingested logs from being dumped at once into Elasticsearch.  (more…)

Continue Reading

ELK vs Graylog: Backend index management

Both ELK and Graylog use Elasticsearch for log storage and indexing.  Most of what makes both Kibana and Graylog work so well for searching through logs is mostly provided by Elasticsearch with Graylog and Kibana acting as a GUI to interface with it.  Data is stored in indexes in Elasticsearch and those indexes need to be maintained and managed.  How each product does it though is different. (more…)

Continue Reading
Close Menu