Thanks, Jochen -- that was helpful! Can you please clarify if the below scenario works as expected?
Data Input -> logstash (for extraction into fields) -> Elasticsearch <- GL2-server <- GL2-web-interface In other words, can I send data from logstash to Elasticsearch but still leverage the authentication/authorization feature along with streams by setting up GL2-server and GL2-web-interface? Thanks again! On Tuesday, August 26, 2014 2:29:24 PM UTC-4, Jochen Schalanda wrote: > Hi! > > Am Freitag, 22. August 2014 16:48:33 UTC+2 schrieb Foobar Geez: >> >> - I started reading about logstash and GL2 and it seems both have >> overlapping functionality. Based on your experience, is there any reason >> why I should be choosing one over the other? Given this is a GL2 forum, I >> am hoping to hear why GL2 is superior than logstash than the other way :) >> I understand that logstash can forward data to GL2 but the lesser >> components I have, the easier to maintain them in a production setup >> (eventually). >> > > Yes, Graylog2 and the ELK stack (Elasticsearch, logstash, Kibana) have > overlapping functionality but still cover different use cases. > > Some (but definitely not all) features which Graylog2 provides over the > ELK stack are: > > - Authentication and Authorization for the graylog2-server REST API > and the graylog2-web-interface (also supports LDAP/ActiveDirectory) > - Realtime alerting based on freely configurable conditions (via > Streams) > - RESTful API (graylog2-server) to configure and control the system > on-line without restart/reload > > Logstash definitely provides support for vastly more input and output > plugins, but usually you can get really far with the inputs supported by > Graylog2 (Syslog via UDP/TCP, GELF via UDP/TCP/HTTP, and raw text-based > input via UDP/TCP). > > Just as logstash, Graylog2 also supports HA setups through graylog2-radio > (and a Kafka or AMQP broker). > > So in the end it depends on your requirements whether the ELK stack, > Graylog2, or a combination of both is best suited for you. > > > - What is the typical release cycle or how soon GL2 typically supports new >> Elasticsearch versions? I see from GL2 release notes that it supports >> v0.90 of Elasticsearch and the latest version seems to be v1.3.2 (seems >> like a big delta). >> > > The problem with previous Elasticsearch versions was, that they regularly > broke compatiblity of the binary transport protocol which Graylog2 is using > (as opposed to their HTTP API which is not suited for our purposes). For > this reason you currently cannot use any other versions than Elasticsearch > 0.90.10 with Graylog2 (as of 0.21.0-beta4). > > We currently plan to introduce support for Elasticsearch 1.3.x in Graylog2 > 0.22.x (see https://github.com/Graylog2/graylog2-server/issues/669) for > which we currently do not have a fixed release date. > > > Cheers, > Jochen > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
