Splunk just announced its IPO today, and it’s getting a lot of attention. But don’t forget about its alternatives. Splunk isn’t just for logs, and there’s not a clear general purpose alternative to Splunk. However, there are many purpose built log file alternatives worth considering.
Open Source Alternatives
Graylog2 is an open source log management system. It’s built with Ruby on Rails and MongoDB and uses its own JSON-based log format called GELF (Graylog Extended Log Format). You can find out more in this blog post by a contributor to the project (which erroneously asserts that Splunk is a cloud-based solution).
OpenTSDB is an open source database sponsored by StumbleUpon. It’s designed for aggregating and visualizing machine data. It’s built on top of Apache Hbase and boasts the ability to “collect many thousands of metrics from thousands of hosts and applications, at a high rate (every few seconds).”
Roll Your Own with Elastic Search + Flume
Cloudera CTO Jeff Hammerbacher suggests using Apache Flume, an open source log aggregation tool, and Elastic Search, an open source search system based on Apache Lucene, to create an open source log file search system.
Other Open Source Alternatives
One of the newest challengers to Splunk is Boundary, a company we’ve profiled before.
Boundary is software-as-a-service that analyzes network data to provide application monitoring for big data architectures. According to CEO Gary Read, Boundary excels at providing real-time intelligence regarding your infrastructure, while Splunk provides archiving and searching of older logs to give you more of a historical picture of your machine data.
Loggly is hosted log aggregation and search company started by former Splunk employees. Splunk is built on Lucene and MongoDB, and transmits all log data over an HTTPS connection.
Check out our previous coverage of Loggly.
Another SaaS logging service is Sumo Logic, which hopes to cross-analyze its customers anonymized data to find common patterns that can be used to provide alerts that will help users troubleshoot systems – possibly before things go wrong. Here’s an interview that Dell’s Barton George did with Sumo Logic CTO Christian Beedgen at DevOps Days Austin:
ArcSight Logger and other SIEM Tools
Security information and event managers (SIEMs) like ArcSight Logger are frequently discussed as an alternative to Splunk for IT teams that need to focus on security logs. OSSIM is an open source SIEM option. These tools may be overly complex and security-centric for some uses, but shouldn’t be overlooked.
Photo by Timothy Crawshaw