Chapter 3. Tools for Log Analytics
Tasks along the log analytics pipeline ingest disparate log data, transform it to a more usable state, draw insights from it, and output those insights either as machine-to-machine communications or in human-consumable forms such as visualizations and reports. A large number of toolsets are available to perform these functions, both proprietary and open source. The largest market shares among these for log analytics are held by Splunk, the Elastic Stack, and Sumo Logic, some characteristics of which are summarized in Table 3-1.
| Splunk | Elastic Stack | Sumo Logic | |
|---|---|---|---|
| Open source/proprietary | Proprietary | Open source | Proprietary |
| SaaS option | Yes | Yes | Yes |
| On-premises option | Yes | Yes | No |
All of these toolsets utilize compute and storage resources to perform search, analysis, and visualization that are suited to the needs of log analytics, as illustrated in Figure 3-1. These solutions place a premium on the ability to ingest data directly from virtually any source, provide high-throughput flexible analytics on it, and scale as data volumes grow, in terms of both capacity and performance to drive increased query complexity and volume.
Figure 3-1. Placement of log analytics tools within the broader solution stack
Even though each individual implementation will have its own unique requirements ...
Get Understanding Log Analytics at Scale, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
