Loggly is good
Eric Cobb | TrustRadius Reviewer
September 29, 2020

Loggly is good

Score 9 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with SolarWinds Loggly

We are a small startup that makes training and marketing software. Our platform is our entire business, and we use Loggly for a few things:

* Aggregating all of our logs.
* Deriving metrics from our logs.
* Sending alerts to our team when those metrics change in some way that matters to us.
  • Putting our logs in one place and making them searchable. We use AWS, and CloudWatch has always been a little frustrating in this regard (though it has gotten better recently).
  • Deriving metrics from our logs. I think log-based metrics is such a good idea because your logs are the ultimate source for truth in regards to what the hell is going on inside your app. I have really loved the simplicity with which I can just count certain statements and call that a metric because just through the normal course of development certain log statements just naturally become a straightforward recording of an event having occurred.
  • Alerts. I actually have a few complaints about email alerts, but just the way I was able to set them up so easily has been huge. Since we started using Loggly, there have been at least 3 bugs that Loggly exposed that were frankly very bad. And withoutt Loggly or without a user reporting them, we would have never known they were happening! This is stuff I tried to set up in CloudWatch in various ways, but because of my own ignorance or perhaps the complexity/limitations of CloudWatch (or the complexity of my stack?), I wasn't getting the information that I needed until I was able to just tell Loggly to send me an email whenever the word "error" showed up.
  • I would love the ability to able to suppress a particular "event" instead of an entire alert. For example, sometimes an error is caught and handled but the word "error" is still printed to the logs. It would be nice if I could mark an event as "handled" without suppressing the entire alert for n minutes- if I do that then I would miss a real error that happened in that window. Also if I have my alerts set to run every minute checking the last five minutes, I will get 5 emails. It would be nice if there was some de-duplication. I have actually considered setting up webhooks into some API of my own instead of just emails to do this.
  • I find the query language to be a little cumbersome. I suspect this is something you guys inherited from whatever index you use, but things like the __exists__ flag are strange. If I just type something into the field I am often surprised that I have to put quotation marks in (instead of it just searching for the term I supplied without any advanced features).
  • Derived fields sometimes frustrate me, especially when I am using regex. I will sometimes create regexes that work in a test bed but do not work in Loggly. It is frustrating that I always have to match the beginning and the end of the string.
  • The dashboards can be frustrating, especially when I am just trying to put a single number metric in a chart. I should be able to create a chart with multiple metrics: multiple charts with a single metric in each takes up a ton of space and limits the usability of the dashboard
  • Loggly has alerted us to several bugs, ranging from major to small to "would have been a major problem under load."
  • It's great having our disparate logs collected and the alerts we have set up around them let us know recently that somebody used an incorrect document to generate a mass email. Users were trying to log in with the link provided but getting 401s and I have an alert configured to tell me about high numbers of 4xx errors.
  • Metrics and alerts around metrics have given us peace of mind that automated fulfillment systems aren't going off the rails and costing us hundreds of dollars.

Do you think SolarWinds Loggly delivers good value for the price?

Not sure

Are you happy with SolarWinds Loggly's feature set?

Yes

Did SolarWinds Loggly live up to sales and marketing promises?

Yes

Did implementation of SolarWinds Loggly go as expected?

Yes

Would you buy SolarWinds Loggly again?

Yes

I use dashboards extensively but do not use any of the built in ones. My dashboards are all created from metrics that I have defined.

I think the most useful dashboards are just numbers. I have some that show me error counts, average request times, etc. These have helped me identify when I am getting abnormal amounts of unauthorized errors, which helped me identify quickly that someone had used an incorrect CSV to email a bunch of users bad sign-up links. I have created a chart of my common API requests which helped me identify a bug in my client code that was essentially ddosing myself. Lastly, average request times and outliers (max request time) have helped me identify and fix slow queries.
Custom parsing was a very important feature for us. I use it to extract arbitrary timers from our logs or to identify API requests' method, route, and timing. I was excited that I could just use regex, though I am often frustrated when I try to use it. It is weird to me that I *have* to match the beginning and end of a string, and even when I think I have it correct (I will test my expressions elsewhere) they will not work in Loggly. Key:value extraction works great though, so usually when I am thrown off by this I will just change my logs.
I honestly didn't shop around that much. I came from CloudWatch, which though it has been improving, was very frustrating when it came to just setting up a simple alarm when a specific log message is found, or extracting useful metrics from logs. Loggly was recommended to me by a business partner and the timing worked out when SolarWinds reached out to me and offered me a discount (we were extremely price sensitive at that time, like this rest of the world at the beginning of the pandemic).
It works pretty well. I sometimes get confused in the UI, like when something will open a new tab, or that it sorts descending by default (which is fine but I am used to looking at logs the opposite way). I mentioned the issues I have with regex. I also wanted to mention again that I would really love to be able to put multiple metrics into a table so they take up an appropriate amount of room for a single number.

I also get confused around updating a saved search. I always create a copy because 'save as a copy' is the primary action button, which seems like that could arguably be a secondary action when you make changes to a thing.
Loggly has provided good support the few times I have had to reach out. I reached out about some questions with using regex in my queries and I was very busy, and ultimately the issue was closed without giving me an answer because I guess I wasn't responding quickly enough. I totally get that, but I hope they had enough info to look into the problem (I haven't tried it again).
I think even for a small organization, and perhaps more so for a small organization, Loggly would be super valuable. There have been several issues that we simply wouldn't know about without Loggly. I lose sleep over that. Our stack isn't *super* complicated, but like (I suspect) many, even a relatively uncomplicated stack can generate a ton of logs from disparate sources. For example, I often use lambdas for "glue code" and without a centralized Loggly tool tracking what is going on in some of these flows was very difficult. The alarms are great. Some of my complaints in the last screen are the only thing preventing me from giving it a perfect 10.