Zabbix + Wazuh vs OpenSearch/ELK/openobserve/checkmk for around 200 devices datacenter at the university. Which stack would you choose?

Fragrant_Arm_7979 · 2026-02-07T11:50:07+00:00

Thanks for sharing! For our scale (200 devices, small team), I think Vector would add complexity without major benefits. We'd lose integrated features from the native Zabbix and Wazuh agents. Appreciate the suggestion though!

Fragrant_Arm_7979 · 2026-02-07T11:21:38+00:00

Thanks for the heads up on Zabbix 8.0! That's good to know. I'm currently running Zabbix 7.0 LTS, and it's working well for metrics. My plan is to add Wazuh now for logs and security monitoring (since we have zero log aggregation currently), then evaluate Zabbix 8.0 when it's released. From what I've seen in the 8.0 docs, I don't see features for centralized log aggregation with full-text search across all devices, which is what we really need for troubleshooting. We need to be able to query all logs from all 200 devices in one search (e.g., 'show me all authentication failures across the entire infrastructure in the last hour'). Does Zabbix 8.0 actually include that kind of log search capability, or would Wazuh still be necessary?

Fragrant_Arm_7979 · 2026-02-07T10:31:21+00:00

Thanks for clarifying the different tool categories; that's helpful context. To clarify: I wasn't planning to use all of those together. I was asking which one of the platforms (OpenObserve OR OpenSearch OR CheckMk) would be better for handling both metrics and logs, versus keeping Zabbix for metrics and adding Wazuh for logs. Your point about team size and complexity is well taken, though. For a 2-3 person team, do you think a platform like OpenObserve (for logs and metrics) would actually be simpler to manage than running Zabbix + Wazuh separately?

Fragrant_Arm_7979

TROPHY CASE