<div dir="ltr">Logstash can be CPU hungry depending what type of logs and how much processing you do on them. It scales out horizontally though and is relatively stateless.<div><br></div><div>Elasticsearch is usually CPU (commonly for reads, especially bad with suboptimal queries) and IO hungry, but all varies on your log retention period and volume of logs being ingested.</div><div><br></div><div>Kibana is also relatively stateless, acts as a client+server app, and a lot of the actual resources are on the Elasticsearch or user browser side.</div><div><br></div><div><br></div><div>Overall though, the 3 work very well together.</div><div><br></div><div>Regards, Nathan.</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 29, 2015 at 2:28 PM, Nick Stallman <span dir="ltr"><<a href="mailto:nick@agentpoint.com" target="_blank">nick@agentpoint.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I tried it on a VPS for awhile and it ran pretty well.<br>
<br>
The main problem was it only took a couple of weeks to run out of disk space grabbing logs from a handful of busy servers.<span class="im HOEnZb"><br>
<br>
On 29/09/15 14:26, James Morgan wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I've seen the pretty pictures of Kibana running before (including, I think, in Micron21's [then] new NOC images) and liked the idea of it when I read up. Thing is, it seems there's quite a bit to the stack and seems to require Java underneath it all which gives me the impression that it could be resource-hungry. Would that seem like a reasonable assumption?<br>
<br>
-----Original Message-----<br>
From: AusNOG [mailto:<a href="mailto:ausnog-bounces@lists.ausnog.net" target="_blank">ausnog-bounces@lists.ausnog.net</a>] On Behalf Of Chris Jones<br>
Sent: Tuesday, 29 September 2015 2:23 PM<br>
To: Nick Stallman<br>
Cc: James Morgan; <a href="mailto:ausnog@lists.ausnog.net" target="_blank">ausnog@lists.ausnog.net</a><br>
Subject: Re: [AusNOG] Syslog<br>
<br>
I'll second the recommendation for Kibana - the ElasticSearch/Logstash/Kibana combination works nicely<br>
<br>
Chris<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 29 Sep 2015, at 2:21 pm, Nick Stallman <<a href="mailto:nick@agentpoint.com" target="_blank">nick@agentpoint.com</a>> wrote:<br>
<br>
I've had a little play with Kibana which looks pretty awesome for aggregation and searching.<br>
<br>
On 29/09/15 14:19, James Morgan wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi all,<br>
<br>
Can anyone provide feedback on some syslog collector and/or analysis/visualisation software I should check out? Probably not looking for something massive and commercial as it's mainly for messing around with at this stage. Curious to know what's out there these days that people like.<br>
<br>
Cheers,<br>
James.<br>
</blockquote></blockquote>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote>
<br></span><span class="im HOEnZb">
-- <br>
Nick Stallman<br>
Technical Director<br>
Agentpoint Pty Ltd<br>
The Real Estate Web Developers<br>
Melbourne | Sydney | Miami<br>
<a href="mailto:nick@agentpoint.com" target="_blank">nick@agentpoint.com</a><br>
<a href="http://www.agentpoint.com.au" rel="noreferrer" target="_blank">www.agentpoint.com.au</a> | <a href="http://www.zooproperty.com" rel="noreferrer" target="_blank">www.zooproperty.com</a> | <a href="http://www.ginga.com.au" rel="noreferrer" target="_blank">www.ginga.com.au</a> | <a href="http://www.business2.com.au" rel="noreferrer" target="_blank">www.business2.com.au</a><br>
<br>
<a href="http://Business2.com.au" rel="noreferrer" target="_blank">Business2.com.au</a> is a real estate agent information website that helps you understand Portals, Technology and comes with FREE tools to help your Agency become an online success!<br></span><div class="HOEnZb"><div class="h5">
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</div></div></blockquote></div><br></div></div>