Graylog, headquartered in Houston, offers their eponymous platform for centralized log management that helps users find meaning in data faster so as to take action immediately. Graylog is available via Enterprise and Cloud plans, but also has a Small Business Plan, and an Open (free) plan with limited features.
N/A
Logstash
Score 9.0 out of 10
N/A
N/A
N/A
Pentaho
Score 5.1 out of 10
N/A
Pentaho is a suite of open source business intelligence and analytics products, now offered and supported by Hitachi Data Systems since the June 2015 acquisition.
Logstash can be compared to other ETL frameworks or tools, but it is also complementary to several, for example, Kafka. I would not only suggest using Logstash when the rest of the ELK stack is available, but also for a self-hosted event collection pipeline for various …
For small companies, Graylog is the best solution possible. It's easy to configure and "just works." Above everything else, it's free. The only thing I hold against it is the fact that it's Linux-based. [This] makes sense because Elasticsearch is Linux-based. But Linux adds a layer of complexity that we don't need for something basic as a logging server. I'm pretty sure that we would have had a logging server years earlier if I had to convince quite a few decision-making people to go ahead with it anyway.
Perfect for projects where Elasticsearch makes sense: if you decide to employ ES in a project, then you will almost inevitably use LogStash, and you should anyways. Such projects would include: 1. Data Science (reading, recording or measure web-based Analytics, Metrics) 2. Web Scraping (which was one of our earlier projects involving LogStash) 3. Syslog-ng Management: While I did point out that it can be a bit of an electric boo-ga-loo in finding an errant configuration item, it is still worth it to implement Syslog-ng management via LogStash: being able to fine-tune your log messages and then pipe them to other sources, depending on the data being read in, is incredibly powerful, and I would say is exemplar of what modern Computer Science looks like: Less Specialization in mathematics, and more specialization in storing and recording data (i.e. Less Engineering, and more Design).
Pentaho is very well suited to perform data extraction & data mining from various cloud storage & transform that data using various available data models. However, the software struggles when it comes to visualizing the extracted data in an appealing manner & can be difficult for end-users to get an understanding of data tables created using those models.
Graylog does a great job of its core function: log aggregation, retention, and searching.
Graylog has a very flexible configuration. The backend for storage is Elasticsearch and MongoDB is used to store the configuration. You have to option to make your configuration as simple as possible by storing everything on one box, or you can scale everything out horizontally by using a cluster of Elasticsearch nodes and MongoDB servers with several Graylog servers pointed to all the necessary nodes.
Graylog does a good job of abstracting away a fair portion of Elasticsearch index management (sharding, creation, deletion, rotation, etc).
Logstash design is definitely perfect for the use case of ELK. Logstash has "drivers" using which it can inject from virtually any source. This takes the headache from source to implement those "drivers" to store data to ES.
Logstash is fast, very fast. As per my observance, you don't need more than 1 or 2 servers for even big size projects.
Data in different shape, size, and formats? No worries, Logstash can handle it. It lets you write simple rules to programmatically take decisions real-time on data.
You can change your data on the fly! This is the CORE power of Logstash. The concept is similar to Kafka streams, the difference being the source and destination are application and ES respectively.
I think the relative obscurity of the tool is a downside, not as many developers, consultants or peers you can tap into.
Lack of a solid user community held us back, looking at Power BI and Qlik, they have huge user communities that help each other out. Would have liked that here.
Smaller company means smaller sales force, and the lack of a local presence made it hard to only interact online with the account rep. Other companies have someone local who often stops by with pre-sales developers to just pitch in free of charge when they have time.
I will use Pentaho until I find a better tool with a better, easier to use report designer client. For now, Pentaho has been the most powerful reporting tool for our clients because of its ability to connect to Odoo, integrate in Odoo (reports are accessible in Odoo) and the flexibility in report design and parameter integration
Graylog is easy to deploy. The tricky part is to configure all hosts that are going to send their log data to Graylog, considering the retention period of this data, it will need a lot of disk space to store it. Its rotation works fine. It is very simple to navigate and explore the data you send to it, and very easy to filter and export them too.
As I said earlier, for a production-grade OpenStack Telco cloud, Logstash brings high value in flexibility, compliance, and troubleshooting efficiency. However, this brings a higher infra & ops cost on resources, but that is not a problem in big datacenters because there is no resource crunch in terms of servers or CPU/RAM
The Pentaho tools are designed so you can start playing around on your own. Of course, you will need guidance at some point, but the training teams are good at guiding new users, and the online documentation is usually pretty up-to-date.
Some of the tools, such as the Pentaho Data Integration tool and the Pentaho Server, are pretty self-explanatory. The other tools maybe are not so quickly and obvious to use, but again, with some documentation and some customer support, you can find your way around them.
Community support does not give simple straightforward answers; simply search up Graylog Issues and look at some of the responses on the forums. The documentation is your only hope if you are on the free version, as you can NOT purchase only support. The few times I have worked with Graylog Enterprise support they were great though.
They were responsive to our questions when we raised issues. They gave us workarounds when required. They were quite knowledgeable when it came to issue analysis and providing fixes. They were forthright in informing us if a bug was not due for release soon.
Course Taken: DI1000 Pentaho Data Integration Fundamentals Setup A week before your class started, the instructor will start sending out class material and lab setup instructions. This is helpful so that you understand how the environment is laid out and can start reviewing the content. Ultimately it saved about a 1/2 day trying to setup with 10 other people online which was great! The Course The 3-day course was laid out like many other technical classes with 15-30 minutes instruction and 15-60 minutes of lab exercises. The instructor was very knowledgeable with the functionality from version to version and answered questions as we went along. I was amazed at some of the functionality that was available that I was not using at the time and quickly implemented changes to many existing transformations and jobs. The novice users seemed to catch on quickly and more experienced users explained how some of the functionality was used in their home environments. Towards the end there was enough time so that we were able to ask very directed questions about our own environments. Overall, I really found the class to be informative and deliver enough information to be dangerous. My skills improved and I was able to design better and efficient transformations for the HIE. Course Description: https://training.pentaho.com/instructor-led-training/pentaho-data-integration-fundamentals-di1000
Get the right people in before starting implementation. Start small and build as you go approach is time consuming and involves lot of rework. Evangalize within the organization the capabilities and limitations equally so that correct delivery expectations are set. Set expectations with the Customer that the tool cannot replace proprietary software in terms of stability/usability and that timelines could change given the new ness of the product.
In terms of log aggregation, the free product fully stacks up with the competitors listed. Full control over the data ingests for flexible configuration. Graylog even better on that front than AlienVault USM because you cannot configure the variable mapping. We haven't used the threat exchange stuff or correlation. But with regex searches, we have created function dashboards that show threat theater pictures of our network based on logs from our firewall.
Logstash can be compared to other ETL frameworks or tools, but it is also complementary to several, for example, Kafka. I would not only suggest using Logstash when the rest of the ELK stack is available, but also for a self-hosted event collection pipeline for various searching systems such as Solr or Graylog, or even monitoring solutions built on top of Graphite or OpenTSDB.
Since the Pentaho platform offers a range of broad functionality across data preparation and advanced analytics, it also can be easily integrated to support many data sources and machine-learning frameworks. Based on that fact, we selected Pentaho to be used in our internal department. It also supports many of our BI use cases as required by company management or the business user. Last but not least, the Pentaho license is cheaper than their competitor.
Positive: LogStash is OpenSource. While this should not be directly construed as Free, it's a great start towards Free. OpenSource means that while it's free to download, there are no regular patch schedules, no support from a company, no engineer you can get on the phone / email to solve a problem. You are your own Engineer. You are your own Phone Call. You are your own ticketing system.
Negative: Since Logstash's features are so extensive, you will often find yourself saying "I can just solve this problem better going further down / up the Stack!". This is not a BAD quality, necessarily and it really only depends on what Your Project's Aim is.
Positive: LogStash is a dream to configure and run. A few hours of work, and you are on your way to collecting and shipping logs to their required addresses!
