[ale] Alternative to splunk?
Jeremy T. Bouse
jeremy.bouse at UnderGrid.net
Fri Jun 6 10:11:43 EDT 2014
On 06.06.2014 09:25, Beddingfield, Allen wrote:
> One of my co-workers set up Logstash, but it seems to take a lot of
> care and feeding, and a lot of servers. We are about to move that to
> Splunk.
> --
> Allen Beddingfield
> Systems Engineer
> The University of Alabama
>
Not sure exactly what is meant by "care and feeding" but Logstash
itself is lightweight, the real storage and search is done via
ElasticSearch. The more ES servers the more distributed the searching
power is and the more storage your ES cluster has the more redundant and
greater retention period you have. I've actually written scripts that
auto-snapshot off indexes daily and the close & delete them after a
specified retention period. Logstash stack pretty much runs on
auto-pilot at this point.
More information about the Ale
mailing list