[olug] Splunk Alternative

Kevin sharpestmarble at gmail.com
Fri Mar 27 12:12:56 CDT 2015

There's several alternatives listed here:
On Mar 27, 2015 9:49 AM, "Christopher Cashell" <topher-olug at zyp.org> wrote:

> On Tue, Mar 24, 2015 at 11:06 PM, Aric Aasgaard <aric at omahax.com> wrote:
> > What is the best alternative to Splunk?  I like Splunk, but its licensing
> > model is worse than the terrible deals offered by Kevin O'Leary on the
> > Shark
> > Tank.  Do any of you have good experience with fluentd?
> >
> What use cases are you trying to fill?  There are a few main functions that
> I've typically seen Splunk used for:
>    - Log Search
>    - Log/Event Alerting and Notification
>    - Log Reporting and Summarization
>    - Log Archiving
>    - Non-Log Reporting (Splunk as a general report engine)
> There are few alternatives that match every function as well as Splunk, but
> if you only need certain parts, there may be better options.  For example,
> I think personally long term log archiving is better handled outside of
> Splunk.
> Most people don't tend to use all of the listed functions.  If you don't
> need all of them, it may be easier to find alternatives.
> Another option for reducing the cost of Splunk is to do some heavy
> prefiltering (I like Syslog-NG for this, but rsyslog and others can work,
> too) to reduce as much of the log volume as possible before it hits
> Splunk.  Unless your devices are tuned incredibly well (which almost no one
> does), there is probably a significant volume of logs that don't have a
> strong or urgent operational or security impact.  Archiving everything to
> compressed files and only sending logs from your most important devices,
> after filtering high-volume low-importance logs.
> --
> Christopher
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list