Getting to grips with ELK really is easy: you merely have to install three archives through the site that is official unzip them and run a couple of binaries. The system’s simpleness allowed us to check it away more than a days that are few realise how good it suited us.
It truly did fit like a glove. Theoretically we could implement every thing we are in need of, and, whenever necessary, compose our personal solutions and build them in to the basic infrastructure.
Even though we wanted to give the third contender a fair shot that we were completely satisfied with ELK.
However we concluded that ELK is a more system that is flexible we’re able to customise to match our requirements and whoever elements could possibly be changed down easily. You don’t desire to pay for Watcher — it is fine. Make your very very own. Whereas with ELK all of the components can be simply eliminated and changed, with Graylog 2 it felt like eliminating some right components included ripping out of the really origins associated with system, as well as other elements could not be integrated.
Therefore we made our decision and stuck with ELK.
At an extremely stage that is early managed to get a requirement that logs need to both result in our bodies and stick to the disk. Log collection and analysis systems are excellent, but any system experiences delays or malfunctions. In these instances, absolutely nothing surpasses the features that standard Unix utilities like grep, AWK, sort etc. offer. A programmer should be in a position to log in to the host and find out what exactly is taking place here with regards to eyes that are own.
There are many various ways to deliver logs to Logstash:
We standardised “ident” as the daemon’s name, secondary title and variation. As an example, meetmaker-ru.mlan-1.0.0. Therefore we could differentiate logs from different daemons, in addition to from several types of solitary daemon (for instance, country or reproduction) and also have information on the daemon variation that is running.