[jbaiter]

We're doing this with a few dozen GiBs of logs a day (rsylog -> central rsylog -> elasticsearch). It works reliably, but the config is an absolute nightmare, documentation is a mixed bag and troubleshooting often involves deep dives into the C code. We're planning to migrate to Alloy+Loki.

[baby_souffle]

Similar experience here as well. Syslog configs and plugins is a mess. Vector is not perfect but it’s got a decent amount of tooling and has native support for tests which is really useful