Current situation:

- logs are stored locally on each server, preproduction, staging and production - no log replication whatsoever - no aggregation, no monitoring on errors - volumetry is 'quite high' but I have not been able to stat is precisely yet

Goals:

- monitor application logs, not performance - Self-hosted preferably, open source - Remote log replication - Real-time reporting, ability to "see" production errors quickly - Alerting (Slack, mail...)

I have been studying different solutions but it seems none is absolutely perfect and here are the main pitfalls as I understand them:

Logs > ELK - Logstash is the bottleneck, a cluster of 5 servers seems to be recommended

Logs > MQ > InfluxDB > Grafana - no clustering in free version of InfluxDB

Logs > New Relic (free version) - No data retention (3 days), no deployment tracking

Logs > Syslog > rsyslog > syslog-ng > logz.io

Sentry?

----

I would appreciate any feedback on the matter. Thank you!