Hacker News new | ask | show | jobs
by lusis 5046 days ago
Logstash and Graylog are complimentary. Most people, myself included, we're originally using Graylog2 in conjunction with Logstash.

Graylog2, though, had problems with it's original implementation based on capped containers in MongoDB. It has since moved to ElasticSearch.

There are both gelf inputs and outputs for Logstash so you can send your logs to Logstash as if they were going to Graylog2 and do additional munging and still send them out to Graylog2 from there.
1 comments
cmer 5046 days ago
Would you mind going into more details as to how they are similar and what the differences are between the two? Should I run both, or pick one? You seem to suggest to run both in tandem but I'm not sure I see why since at first sight they seemed pretty much the same to me.

I was planning to setup Logstash next week so your input would really help. Thanks!

link
lusis 5046 days ago
Graylog2 only handles syslog and its own protocol (GELF) for accepting log events. Graylog2 uses ElasticSearch for data storage. Logstash can use ElasticSearch or just send the data elsewhere.

The Graylog2 web interface is pretty awesome and it has some neat stuff built in. Logstash ships with a fairly spartan web interface though we're going to replace it with a ruby port of Kibana in the future.

Logstash can accept data from GELF senders (via the gelf input plugin I wrote) or send to gelf receivers (like Graylog2).

Graylog2 is awesome, don't get me wrong. I just had to bail on it when it was still on MongoDB because I couldn't justify the cost of instances needed to get a MongoDB instance that could hold more than 4 hours of data.

link