Fire and forget logs
Ciaran Kendellen | TrustRadius Reviewer
October 02, 2020

Fire and forget logs

Score 8 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with SolarWinds Loggly

We use Loggly as an aggregation point to stream logs from network access switches and core routers. There can be quite a lot of data and existing solutions relied on older database technologies which broke down after a time and we'd have to manually intervene to truncate tables, etc. Loggly manages the entire process for us and just works.
  • Keeps working!
  • Fast searches.
  • Easy to configure searches - you don't have to be an expert in RegExp...
  • Not all searches are intuitive.
  • We have to use a log aggregating device to ship our logs to Loggly as our network devices can not connect on an encrypted protocol. I would prefer if we could use some sort of VPN-based connector to ship logs securely.
  • Sometimes when drilled down, it can be difficult to fully reset a search term to back all the way out of a drill down.
  • Our ability to monitor and solve problems has improved since using Loggly.
  • Our confidence level in the log solution we have in place has improved.
  • We spend less (actually no) time maintaining our log solution.
  • Although Loggly is more expensive than the solution it replaced, I believe it to be better value.

Do you think SolarWinds Loggly delivers good value for the price?

Yes

Are you happy with SolarWinds Loggly's feature set?

Yes

Did SolarWinds Loggly live up to sales and marketing promises?

Yes

Did implementation of SolarWinds Loggly go as expected?

No

Would you buy SolarWinds Loggly again?

Yes

We haven't used any of the preconfigured dashboards so far. They seem only suited to development environments and probably suit services oriented or event based architectures very well. I guess we have a very specific use-case being an internet service provider and this wasn't considered by the Loggly developers, so there aren't any preconfigured dashboards we can use.
Changes of state (OSPF adjacency, spanning tree topology changes, bgp peer flapping) are very important to use as they indicate stability levels across the network. By creating specific derived fields and parsing rules we can capture these specific events which of most interesting to us. Unfortunately, we're on a plan that doesn't allow access to derived fields, so we're not allowed to make any use of them. The more expensive plans wouldn't represent good value in our use case, so I guess we'll have to live without derived fields...
I actually couldn't get anybody from Datadog to engage with me, the main problem we had was that our devices couldn't connect to an encrypted port, but we didn't want to send our logs in plain text over the internet. We implemented an on-net log aggregator which then connects to Loggly over encrypted UDP. In theory Loggly made this particularly easy providing configuration snippets for most of the common log services (e.g. rSyslog, syslog-ng). Unfortunately the documentation was out of date and none of the provided configs worked, fortunately they were close enough that combined with our own syslog-ng experience we were able to get it up and going relatively painlessly. The choice then of going with Loggly, backed by an industry favourite in Solarwinds was a no brainer.
MUCH easier to use than the MySQL-backed syslog-ng aggregator we were using, complete with an open-source web based GUI we used to browse and search for logs. Loggly is both quicker and easier to configure searches for, quicker and easier to produce the results and at the same requires zero maintenance, it *just* works...
We had a bumpy start to using Loggly, as mentioned the documentation to get our log aggregator connecting to Loggly was massively out of date and none of the provided snippets worked. We set-up originally on rSyslog as it *seems* to be what Loggly prefers, but when the provided configuration snippets didn't work we had to fall back on a syslog-ng aggregator to rely on our own expertise. It was needed too, as the config snippets provided for syslog-ng didn't work either!
After I signed up I was repeatedly contacted by the pre-sales guy to asking if I was going to sign up - he couldn't find our account and questioned me multiple times, multiple times I provided the email address I used to sign up and he still couldn't find the account I was using - seemed a little unprofessional to me...
It is well suited to very large volumes of logs where the immediate past is the area of interest, e.g. in situations where the issues are in the recent past. Loggly makes it very easy to search for particular terms of interest, within a specific time frame across the entire estate of devices or, indeed, within a subset, or on a specific device of interest. There does seem to be a short delay in the logs though, even with the "live tail" feature, Loggly might be less suited to "emerging" situations where the issues are occurring in real time.