[ale] Alternative to splunk?
JD
jdp at algoloma.com
Fri Jun 6 10:39:06 EDT 2014
A presentation topic in the making?
"Handling system logs for a site with fantastic query/deep dive facilities"
On 06/06/2014 10:11 AM, Jeremy T. Bouse wrote:
> On 06.06.2014 09:25, Beddingfield, Allen wrote:
>> One of my co-workers set up Logstash, but it seems to take a lot of
>> care and feeding, and a lot of servers. We are about to move that to
>> Splunk.
>> --
>> Allen Beddingfield
>> Systems Engineer
>> The University of Alabama
>>
>
> Not sure exactly what is meant by "care and feeding" but Logstash itself is
> lightweight, the real storage and search is done via ElasticSearch. The more ES
> servers the more distributed the searching power is and the more storage your ES
> cluster has the more redundant and greater retention period you have. I've
> actually written scripts that auto-snapshot off indexes daily and the close &
> delete them after a specified retention period. Logstash stack pretty much runs
> on auto-pilot at this point.
More information about the Ale
mailing list