Perfect for projects where Elasticsearch makes sense: if you decide to employ ES in a project, then you will almost inevitably use LogStash, and you should anyways. Such projects would include: 1. Data Science (reading, recording or measure web-based Analytics, Metrics) 2. Web Scraping (which was one of our earlier projects involving LogStash) 3. Syslog-ng Management: While I did point out that it can be a bit of an electric boo-ga-loo in finding an errant configuration item, it is still worth it to implement Syslog-ng management via LogStash: being able to fine-tune your log messages and then pipe them to other sources, depending on the data being read in, is incredibly powerful, and I would say is exemplar of what modern Computer Science looks like: Less Specialization in mathematics, and more specialization in storing and recording data (i.e. Less Engineering, and more Design).
Great for standard web application performance monitoring, analytics and error reporting. Shows line level code errors, gives insight into performance issues (plugins, API issues, etc.). Automation and scheduled scanning in production gives client visibility into 'after deployment' value. Also lets a relatively small number of developers keep tabs on a handful of different site/applications without needing a bunch of tools. The UI is pretty complicated and can be overwhelming for new users. Documentation could be better for the learning curve,
Logstash design is definitely perfect for the use case of ELK. Logstash has "drivers" using which it can inject from virtually any source. This takes the headache from source to implement those "drivers" to store data to ES.
Logstash is fast, very fast. As per my observance, you don't need more than 1 or 2 servers for even big size projects.
Data in different shape, size, and formats? No worries, Logstash can handle it. It lets you write simple rules to programmatically take decisions real-time on data.
You can change your data on the fly! This is the CORE power of Logstash. The concept is similar to Kafka streams, the difference being the source and destination are application and ES respectively.
Great web interface. Lots of data available in a really clean format, with filtering options and more.
Per-user exception tracking. User is complaining about something being broken? Look up their account ID in Sentry and you can see if they've run into any exceptions (with device information included, of course).
Source map uploading. Took a little while to figure this out but now we have our deploy script upload sourcemaps to Sentry on each deployment, meaning we get to see stack traces that aren't obfuscated!
Very generous free tier – 10,000 events per month. We're nowhere near that yet.
As I said earlier, for a production-grade OpenStack Telco cloud, Logstash brings high value in flexibility, compliance, and troubleshooting efficiency. However, this brings a higher infra & ops cost on resources, but that is not a problem in big datacenters because there is no resource crunch in terms of servers or CPU/RAM
Its incredibly versatile, but that leads to complexity for the uninitiated, which can be intimidating. Nevertheless its a well polished product, in our case leading to only using it for a focus on frontend is still more cost effective than buying a one-to-rule-them-all tool...
Logstash can be compared to other ETL frameworks or tools, but it is also complementary to several, for example, Kafka. I would not only suggest using Logstash when the rest of the ELK stack is available, but also for a self-hosted event collection pipeline for various searching systems such as Solr or Graylog, or even monitoring solutions built on top of Graphite or OpenTSDB.
It is cheaper and offers better support for front-end applications for enterprise large environments with more then 30 scrum teams and hundreds of micro frontend applications. The configuration options, both with the agent and from the user interface, are superior to other tools, and the documentation is also very easy to use.
Positive: LogStash is OpenSource. While this should not be directly construed as Free, it's a great start towards Free. OpenSource means that while it's free to download, there are no regular patch schedules, no support from a company, no engineer you can get on the phone / email to solve a problem. You are your own Engineer. You are your own Phone Call. You are your own ticketing system.
Negative: Since Logstash's features are so extensive, you will often find yourself saying "I can just solve this problem better going further down / up the Stack!". This is not a BAD quality, necessarily and it really only depends on what Your Project's Aim is.
Positive: LogStash is a dream to configure and run. A few hours of work, and you are on your way to collecting and shipping logs to their required addresses!
