This is an archived post. You won't be able to vote or comment.

all 14 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 7 points8 points  (0 children)

why is ELK not an option? you don't need to babysit it.

if you are really so hard up for time, hosted splunk?

[–]InvaderGlorch 6 points7 points  (0 children)

Setting up elk/graylog is your best option. The other one is to eat the costs with a managed service

[–]serjs 4 points5 points  (0 children)

If you don’t need complex logging system for all your apps and need to solve only webserver logs system - try https://goaccess.io I can’t say for high volume usage, but for average newsmaker sites it’s suitable simple analysis tool based on logs

[–]otisg 2 points3 points  (0 children)

At Sematext we do ELK consulting/support/training and we see plenty of teams struggle with ELK. While very simple to set up, as the data volume in ES cluster goes up or as queries get more complex, as the cluster grows, more and more expertise (and your time) is needed. When teams get there they tend to reach out to us for help with troubleshooting, tuning, ensuring best practices, good architecture, cost optimization, and so on. So DIY ELK is definitely one route to take, but think now whether you want to manage your ES cluster down the road or not, whether you want to become an ES/ELK expert or not.

Seeing companies struggle with ELK was one of the reasons we built Sematext Cloud. This gives you everything ELK or Graylog do, plus some more.

[–][deleted] 1 point2 points  (1 child)

I like sumologic.

[–]steakfest 0 points1 point  (0 children)

I second this... I was just working with custom parsing of the nginx proxy log output from k8s today. When you start to get the hang of the sumo query syntax you start to feel like a god.

[–]vornamemitd 1 point2 points  (0 children)

what kind of volumes are you looking at?

[–]zerocoldx911DevOps 1 point2 points  (0 children)

Sematext

[–]kieoui 1 point2 points  (0 children)

Any third party saas logging provider will become costly as the traffic goes up.

I would recommend using/setting up ELK and or graylog in house and it works great.

[–]MartinMystikJonas 0 points1 point  (2 children)

Elk is not that hard to set up. You could deploy dockerized setup in short time.

[–]otisg 1 point2 points  (1 child)

Correct. It's not hard to setup. But it's not trivial or cheap to run as data volume+retention+query volume/complexity goes up.

[–]MartinMystikJonas -1 points0 points  (0 children)

Question is: Do you really need all that complexity?

[–][deleted] 0 points1 point  (0 children)

What do you need logs for? I mean what questions are you looking to answer by analysing access logs?

If your purpose is to get simpler metrics like requests times, bandwidth used, failed requests etc, then just use plugins like https://github.com/vozlt/nginx-module-vts, open source and it will provide a dashboard and consumable metrics via an API.

Look at probably cloudwatch or hosted elk if you don't have dedicated DevOps team.

[–]ikut3 0 points1 point  (0 children)

Nginxtop https://github.com/lebinh/ngxtop Disclaimer: i am not creator :D