ELK Logstash Review

Stable, with good documentation, but needs better email notification


What is most valuable?

Documentation is very good, so implementation is fine.

What needs improvement?

Email notification should be done the same way as Logentries does it. Because of the notification issue we moved to Logentries, as it provides a simple way to get notification whenever a server encounters an error or something unexpected happens (which we have defined using Regex).

We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there).

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

Not really, but we did set up a cron job to delete old logs so that we wouldn't hit a disk space issue.

How is customer service and technical support?

ELK documentation is very good, so never needed to contact technical support.

Which solutions did we use previously?

We used Logentries, but because it is open-source we moved to ELK as a part of cost-cutting strategy and evaluation of ELK. But the lack of a notification feature caused us to go back to Logentries.

How was the initial setup?

Slightly complex, especially when you are configuring machines which are on a separate IP rather than on a single machine. In my case Elasticsearch, Kibana, and Logstash were on different machines. Along with that, we added a proxy server (nginx) ahead of the Kibana server. We used the proxy server for user authentication so that only known users should be able to access the Kibana dashboard. ELK didn’t have a free version for user authentication and that made us go for the alternative. We have, in total, four machines.

What other advice do I have?

I give it a seven out of 10. They don't provide user authentication and authorisation features (Shield) as a part of their open-source version.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Add a Comment
Guest
Sign Up with Email