[ale] Alternative to splunk?

Jeremy T. Bouse jeremy.bouse at UnderGrid.net
Fri Jun 6 10:11:43 EDT 2014


On 06.06.2014 09:25, Beddingfield, Allen wrote:
> One of my co-workers set up Logstash, but it seems to take a lot of
> care and feeding, and a lot of servers.  We are about to move that to
> Splunk.
> --
> Allen Beddingfield
> Systems Engineer
> The University of Alabama
>

Not sure exactly what is meant by "care and feeding" but Logstash 
itself is lightweight, the real storage and search is done via 
ElasticSearch. The more ES servers the more distributed the searching 
power is and the more storage your ES cluster has the more redundant and 
greater retention period you have. I've actually written scripts that 
auto-snapshot off indexes daily and the close & delete them after a 
specified retention period. Logstash stack pretty much runs on 
auto-pilot at this point.


More information about the Ale mailing list