

Bootstrap Based UI for Logstash (Open Source Splunk) - kordless
http://rashidkpc.github.com/Kibana/index.html

======
lusis
Please don't call logstash "an open source splunk". It's no such thing. Splunk
still has features that logstash doesn't have (yet). Logstash has quite a few
features that Splunk doesn't have.

Jordan had never seen (or to my knowledge has yet to see) splunk at all. I
don't know about Pete. Myself, I haven't used Splunk since trying a very early
release once in the very first days of it.

Point being, Logstash doesn't call itself an "open source splunk". In fact
I've considered adding an output to SplunkStorm to Logstash.

Do I think Logstash is better? Yep. Do I know people who swear by Splunk? Yep.
Competition is healthy.

~~~
kordless
The commonality is they both ingest logs and provide fulltext search for said
logs. That's enough to loosely comare the two for purposes of promotion here
on HN, or even getting good mentions on ServerFault:
[http://serverfault.com/questions/62687/alternatives-to-
splun...](http://serverfault.com/questions/62687/alternatives-to-splunk)

I'm certainly not the first to make this comparison.

~~~
adient
Although logstash does have a built in elasticsearch, I wouldn't really say
anyone uses logstash itself to provide search for the logs. Logstash itself
just provides a way to move events from one place to another, that's all.

~~~
sciurus
"I wouldn't really say anyone uses logstash itself to provide search for the
logs"

Huh? The front page of <http://logstash.net/> suggests that one of the primary
uses!

"logstash is a tool for managing events and logs. You can use it to collect
logs, parse them, and store them for later use (like, for searching). Speaking
of searching, logstash comes with a web interface for searching and drilling
into all of your logs.

All your logs from all over your infrastructure in one place - with searching
and graphing. Since we can easily parse text-based logs, you can query for
more precise things like, all 404 http errors, nagios critical alerts in hard
state, or mail server faults - all without accidentally finding logs with the
word ‘404’ or ‘critical’ in the wrong place."

~~~
adient
Elasticsearch, the recommended backend for making your logs searchable, is a
separate project from logstash. Logstash does come with a built in
elasticsearch, designed to get people up and running very quickly, but if you
are considering any serious use of elasticsearch you would set it up yourself
as a standalone service.

Logstash does come with a simple web interface, and kibana is a slightly
better but still simple interface being ported into logstash. Again this is
geared towards getting people up and running quickly, and at the end of the
day it's just a pretty curl wrapper for elasticsearch.

You can also use logstash without elasticsearch/kibana, which we do for a good
bit of our logs. I think logstash intentionally blurs the lines of what it is
or isn't so people don't get caught up in trying to figure out how to get it
running. Give it a try and see for yourself exactly what it is or isn't.

------
rurounijones
Currently experimenting with logstash and Kibana on internal systems and very
happy so far, no complaints with it.

Be warned though that logstash is not mature software, get on the mailing list
and read the github page.

Now if only the rails logging system wasn't so tightly integrated and string-
happy.

~~~
kordless
I'm pretty sure he's working on it fulltime as of a month ago or so.

~~~
rurounijones
Groovy, didn't know that. When I said "not mature" I just meant in terms of
number of deployments and age of the code-base.

No knock against author intended.

~~~
lusis
You might underestimate the size of deployments of logstash. Mailchimp runs
logstash in a pretty sizeable cluster for all traffic coming into HTTP front-
ends. I can think of quite a few sizeable logstash installs that I can't
mention.

------
northisup
Why on earth does being made with bootstrap matter for this? The headline
should read "Logstash UI that doesn't suck"

What something is built with doesn't matter, that it works matters.

~~~
rapind
I don't see a problem with it TBH. I pretty much knew exactly what to expect
because of this wording, which is a good thing.

~~~
kordless
That's what I was shooting for! :)

------
kordless
A working demo is here: <http://urly.stackgeek.com/C2v>. Author of Logstash is
here: <http://semicomplete.com>.

------
cnlwsu
Looks similar to <http://graylog2.org/>

~~~
lusis
Logstash and Graylog are complimentary. Most people, myself included, we're
originally using Graylog2 in conjunction with Logstash.

Graylog2, though, had problems with it's original implementation based on
capped containers in MongoDB. It has since moved to ElasticSearch.

There are both gelf inputs and outputs for Logstash so you can send your logs
to Logstash as if they were going to Graylog2 and do additional munging and
still send them out to Graylog2 from there.

~~~
cmer
Would you mind going into more details as to how they are similar and what the
differences are between the two? Should I run both, or pick one? You seem to
suggest to run both in tandem but I'm not sure I see why since at first sight
they seemed pretty much the same to me.

I was planning to setup Logstash next week so your input would really help.
Thanks!

~~~
lusis
Graylog2 only handles syslog and its own protocol (GELF) for accepting log
events. Graylog2 uses ElasticSearch for data storage. Logstash can use
ElasticSearch or just send the data elsewhere.

The Graylog2 web interface is pretty awesome and it has some neat stuff built
in. Logstash ships with a fairly spartan web interface though we're going to
replace it with a ruby port of Kibana in the future.

Logstash can accept data from GELF senders (via the gelf input plugin I wrote)
or send to gelf receivers (like Graylog2).

Graylog2 is awesome, don't get me wrong. I just had to bail on it when it was
still on MongoDB because I couldn't justify the cost of instances needed to
get a MongoDB instance that could hold more than 4 hours of data.

------
superdude
You need to add some CSS to account for extra pixels the responsive navbar
uses. Also, the JavaScript for the navbar menu does does not seem to be
working.

------
PanMan
Could this be used on Elasticsearch in general? Any pointers what's needed for
that? The interface looks nice, and we have a large(ish) Elasticsearch cluster
I'd like to try this on.

------
tavishmctavish
Whats Splunk?

~~~
sciurus
<http://en.wikipedia.org/wiki/Splunk>

