There is a general truism in both IT and in business: a chosen solution when implemented is both difficult and expensive to replace later, and replacement usually only happens after the pain of continued use becomes greater then the pain of replacement. Therefore when making a decision over which product to use, looking at the future is many times as important as comparing products in the present.

Four years ago the comparison between Graylog and ELK was much different then it is today; Graylog was already mature and a full featured logging solution while the ELK stack was still lacking in many ways. One could make an argument that ELK had potential but it was too early to tell, but Graylog already checked all the requirement boxes. In the past four years there has been a major shift and ELK is becoming the defacto standard that is directly competing against and even replacing commercial products.

One important note about ELK is that using it as a logging solution is just one of the use cases for Elasticsearch, it is widely used across many different products and solutions; many websites run with Elasticsearch as the back end data source and it has been gaining popularity as a full text search engine for a while. Elasticsearch is a general purpose tool it has a multitude of different uses, uses that Elastic.co can sell and make money off of. Wider market = more money = more product development. A good example of this is Elasticsearch 6.0 GA release was in November 2017 and at the time of this blog, the most recent version of Graylog 2.4.6 does not yet support Elasticsearch 6.x. Another good example is compare Graylog from 4 years ago to the most recent versions, there are changes and improvements but the product is mostly still the same. Current ELK 6.5 compared to 4.x from 4 years ago is similar enough to recognize but significantly improved.

Noticeable trends:
– Both are OSS projects. Both are in GitHub. Check the number and developers over time. ELK is accelerating in speed, Graylog is not.
– Check release and the volume of improvements in each release. ELK has more releases, more frequently, with more improvements.
– Look at the community. Many major cities now have local Elastic user groups and Elastic has the traveling Elastic{ON} conference.
– ELK and/or Elastic products are increasingly being included as core functionality in other products and OSS projects.
– Buzz. There are a lot of recent blog posts and articles about ELK, not so much about Graylog.
– Third party addons. ELK has a whole OSS community built around it. There are even a few commercial plugins to ELK that cost as much or more then many Graylog Enterprise installations.
– ELK has dozens of different cloud service offerings from a variety of sources and flavors.

Graylog is a good product so it will continue to be around, but the trend is becoming clear that ELK is the new ‘big thing’ and for good reason. Neither is the wrong choice, but choose wisely.

Leave a Reply

Close Menu