Logstash Reviews

ELK is the best solution if you are a startup or a small company. it's blazingly fast and cost effective.

Creating notifications out of the box can be a challenge to begin with, the watchers can be simplified.

Threat hunting, SIEM solution for SOC team

Logstash provide so many plugins and also work as a Filter which is used to collect the data and than filter in the same way in which we want. Also Logstash is an open source tool so it also solve the costing problem.

Till now everything is good , I like it very much.

I used logstash to create pipelines which gave me filtered data coming from Beats. And than it also provide me an output section where I can mention my output to be transfered there for example Elastic Search .

Performance of logstash is very good also as it is open source tool which is cost effective for me.

The simplicity of defining the configuration for an ETL job and numerous plugins available.

Not so friendly way to scale the tool for huge amounts of input.

Definitely, try it out. It's the best tool for small to medium workloads.

Default grok patterns can be quite tricky. Suggestion: use CSV filter if feasible.

Extract Transform Load workloads especially for access logs.

Logstash provide a fully logs collection, the best configuration is use them with Kibana and Elastic Search as an Elk suite

Not so easy to set up, necessary a specialized partner

Consider to get helped by a expert partner

Log compliance and monitoring

New features and updates. Security in Cloud sharing

No major Cons to report at this moment .

Improve cloud security posture

Elastic security provides key analytics of various hosts in a distributed architecture. It helps diagnose any anomalies or threats, allowing you to act fast and minimize potential loss.

It could be pricier, so you might want to choose the appropriate hosts where the threat is more such as those in the edge layer of your network.

Elastic security provides quick insights and analytics on the hosts in your network and alerts you in case any action is required to keep your hosts secure.

Very reliable software to protect sensitive data. Easy to setup as well!

Nothing really. Occasion loop depending on the network. Sometimes requires a clearing of cache and cookies to workaround the loop

Protecting sensitive emails regarding software builds. Conversations internally

It logs the activities from all the servers and aggregates them into one source of truth for visualization and researching.

The logs take a while to understand for non-technical person at the beginning

To keep logs and be able to track back to see what activities were performed by what users

The thing I like the most about logstash is the ability to adjust it to whatever you are doing. If it is your own custom project, or a standard input source it will bend to your needs.

Setting up logstash took a while when I had no idea how to get it working. What I am trying to say is the learning curve was a little higher than I thought. That and GROK is horrible.

Learn to use Grok. Find a Grok parser online and then look for a LOT of guides on how to write grok. There are plenty of them out there.

When you have found your guide, test out your code. Set up a CI / CD environment, even if it is a simple one to test out your changes to your logstash configuration files.

Make sure you setup all your inputs and outputs as separate files, it makes for a LOT easier debugs.

Use a version control system like git, it makes finding problems with your configuration changes a LOT easier

Basically what I am saying is follow the principals of DevOps, logstash is trouble

Analyzing windows and Linux log files for common use, and miss use of computers. Being able to see in one central location how all of the systems and clients are behaving is wonderful.

Very good performance when processing and collecting logs big in size.

Open source with a big community and a lot of plugins available.

High memory consumption.

Somewhat hard to setup.

We needed a way to easily find recurring build system problems that are in our hundreds of logs.

With the implementation of elk(elastisearch, logstash, kibana) we can now easily search all of our logs at once.