Fluentd + Mongo vs. Logstash

Our team is now using zabbix for monitoring and warning. Also, we use fluent to collect the log into central mongoDB and it works for a week. We recently discussed another solution - Logstash. I want to ask, what's the difference between them? In my opinion, I would like to use zabbix as a data collection and alerting platform and freely play the role of "data collection" throughout the infrastructure. While I was looking at the Logstash site and found out that Logstash is not only a log collection system, but whole solutions for collecting, presenting and searching.

Can anyone provide advice or experience?

+3


source to share


2 answers


Logstash is pretty versatile (disclaimer: only played with it for a few weeks).

We've been looking at Graylog2 for a while (listening to syslog and providing a nice search UI), but its message handling functionality is based on Drools engine at best.



I found that it was much easier to have a logstash to read syslog files from our central server, mass events, and output to Graylog2. Provided us with much more flexibility and allowed us to add application level events along with OS syslog data.

It has zabbix output, so you might find it worth looking at.

+2


source


Logstash is great for Zabbix.

I have unlocked the repo on github to run the logstash statsd output and send it to Zabbix for trend / alert. As mentioned by others, logstash also has a Zabbix output plugin which is great for notifying / dispatching appropriate events.

Personally, I prefer the built-in Logstash-> Elasticsearch server over Logstash-> Graylog2 (-> Elasticsearch) .



It's easier to manage, especially if you have a lot of log data. Currently Graylog2 also uses Elasticsearch, but only uses one index for all data. If you periodically flush old data, it means the equivalent of a lot of "drop from table where date> YYYY.MM.DD" SQL queries to clear old data, where Logstash defaults to daily indexes (equivalent to "drop table YYYY.MM .DD "), so cleaning is more enjoyable.

This also results in cleaner searches that require less heap space as you can search on a known date because the index is specified for the day data it contains.

+1


source







All Articles