Hi! Am Freitag, 22. August 2014 16:48:33 UTC+2 schrieb Foobar Geez: > > - I started reading about logstash and GL2 and it seems both have > overlapping functionality. Based on your experience, is there any reason > why I should be choosing one over the other? Given this is a GL2 forum, I > am hoping to hear why GL2 is superior than logstash than the other way :) > I understand that logstash can forward data to GL2 but the lesser > components I have, the easier to maintain them in a production setup > (eventually). >
Yes, Graylog2 and the ELK stack (Elasticsearch, logstash, Kibana) have overlapping functionality but still cover different use cases. Some (but definitely not all) features which Graylog2 provides over the ELK stack are: - Authentication and Authorization for the graylog2-server REST API and the graylog2-web-interface (also supports LDAP/ActiveDirectory) - Realtime alerting based on freely configurable conditions (via Streams) - RESTful API (graylog2-server) to configure and control the system on-line without restart/reload Logstash definitely provides support for vastly more input and output plugins, but usually you can get really far with the inputs supported by Graylog2 (Syslog via UDP/TCP, GELF via UDP/TCP/HTTP, and raw text-based input via UDP/TCP). Just as logstash, Graylog2 also supports HA setups through graylog2-radio (and a Kafka or AMQP broker). So in the end it depends on your requirements whether the ELK stack, Graylog2, or a combination of both is best suited for you. - What is the typical release cycle or how soon GL2 typically supports new > Elasticsearch versions? I see from GL2 release notes that it supports > v0.90 of Elasticsearch and the latest version seems to be v1.3.2 (seems > like a big delta). > The problem with previous Elasticsearch versions was, that they regularly broke compatiblity of the binary transport protocol which Graylog2 is using (as opposed to their HTTP API which is not suited for our purposes). For this reason you currently cannot use any other versions than Elasticsearch 0.90.10 with Graylog2 (as of 0.21.0-beta4). We currently plan to introduce support for Elasticsearch 1.3.x in Graylog2 0.22.x (see https://github.com/Graylog2/graylog2-server/issues/669) for which we currently do not have a fixed release date. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
