I wonder who of you is using Kibana (https://github.com/rashidkpc/Kibana) and what are your experiences with it so far. How do the features compare to the built-in webinterface of logstash?
> I wonder who of you is using Kibana > (https://github.com/rashidkpc/Kibana) and what are your experiences with > it so far. How do the features compare to the built-in webinterface of > logstash?
On Tuesday, March 27, 2012 at 9:58 AM, Joe Miller wrote: > Any screenshots available of Kibana?
> On Tue, Mar 27, 2012 at 7:41 AM, Jens Braeuer <braeuer.j...@googlemail.com (mailto:braeuer.j...@googlemail.com)> wrote: > > Hi everyone,
> > I wonder who of you is using Kibana > > (https://github.com/rashidkpc/Kibana) and what are your experiences with > > it so far. How do the features compare to the built-in webinterface of > > logstash?
We're using it, and are pretty happy so far. We have 320M messages in
ElasticSearch, increasing at a rate of about 250/s and it's pretty
responsive (this probably comes down to scaling ES). UI is definitely
a lot easier than logstash-web, though there are a few quirks (the
time-range filter only operates on the set returned by the search,
which also has a time filter... easy to forget and wonder why you're
not showing any messages!)
Early days for us, though - we're certainly not splitting on fields as
much as we should be, so our searches tend to be quite broad and not
take advantage of browsing and filtering results by field.
Cheers,
Matt
On Mar 28, 1:41 am, Jens Braeuer <braeuer.j...@googlemail.com> wrote:
> I wonder who of you is using Kibana
> (https://github.com/rashidkpc/Kibana) and what are your experiences with
> it so far. How do the features compare to the built-in webinterface of
> logstash?
Matt, Any reason you went for Kibana? I'm currently looking at Logstash and it seems many folks prefer the graylog2 web UI with which logstash supposedly integrates easily.
> We're using it, and are pretty happy so far. We have 320M messages in > ElasticSearch, increasing at a rate of about 250/s and it's pretty > responsive (this probably comes down to scaling ES). UI is definitely > a lot easier than logstash-web, though there are a few quirks (the > time-range filter only operates on the set returned by the search, > which also has a time filter... easy to forget and wonder why you're > not showing any messages!)
> Early days for us, though - we're certainly not splitting on fields as > much as we should be, so our searches tend to be quite broad and not > take advantage of browsing and filtering results by field.
> Cheers,
> Matt
> On Mar 28, 1:41 am, Jens Braeuer <braeuer.j...@googlemail.com> wrote: >> Hi everyone,
>> I wonder who of you is using Kibana >> (https://github.com/rashidkpc/Kibana) and what are your experiences with >> it so far. How do the features compare to the built-in webinterface of >> logstash?
> Matt, > Any reason you went for Kibana? I'm currently looking at Logstash and it seems many folks prefer the graylog2 web UI with which logstash supposedly integrates easily.
> J. > On Mar 27, 2012, at 7:05 PM, Matt Moor wrote:
>> We're using it, and are pretty happy so far. We have 320M messages in >> ElasticSearch, increasing at a rate of about 250/s and it's pretty >> responsive (this probably comes down to scaling ES). UI is definitely >> a lot easier than logstash-web, though there are a few quirks (the >> time-range filter only operates on the set returned by the search, >> which also has a time filter... easy to forget and wonder why you're >> not showing any messages!)
>> Early days for us, though - we're certainly not splitting on fields as >> much as we should be, so our searches tend to be quite broad and not >> take advantage of browsing and filtering results by field.
>> Cheers,
>> Matt
>> On Mar 28, 1:41 am, Jens Braeuer <braeuer.j...@googlemail.com> wrote: >>> Hi everyone,
>>> I wonder who of you is using Kibana >>> (https://github.com/rashidkpc/Kibana) and what are your experiences with >>> it so far. How do the features compare to the built-in webinterface of >>> logstash?
We did a lot of scalability testing around the ES backend (we're
expecting to increase our log throughput by at least an order of
magnitude in the near future), and wanted to stay as close to that as
possible. Early research left us pretty skeptical as to how graylog2
(well, mongoDB) would cope with the volume we expect.
Cheers,
Matt
On Mar 28, 3:23 pm, JaimeGago <gagoja...@gmail.com> wrote:
> Matt,
> Any reason you went for Kibana? I'm currently looking at Logstash and it seems many folks prefer the graylog2 web UI with which logstash supposedly integrates easily.
> J.
> On Mar 27, 2012, at 7:05 PM, Matt Moor wrote:
> > We're using it, and are pretty happy so far. We have 320M messages in
> > ElasticSearch, increasing at a rate of about 250/s and it's pretty
> > responsive (this probably comes down to scaling ES). UI is definitely
> > a lot easier than logstash-web, though there are a few quirks (the
> > time-range filter only operates on the set returned by the search,
> > which also has a time filter... easy to forget and wonder why you're
> > not showing any messages!)
> > Early days for us, though - we're certainly not splitting on fields as
> > much as we should be, so our searches tend to be quite broad and not
> > take advantage of browsing and filtering results by field.
> > Cheers,
> > Matt
> > On Mar 28, 1:41 am, Jens Braeuer <braeuer.j...@googlemail.com> wrote:
> >> Hi everyone,
> >> I wonder who of you is using Kibana
> >> (https://github.com/rashidkpc/Kibana) and what are your experiences with
> >> it so far. How do the features compare to the built-in webinterface of
> >> logstash?
In fairness they're not using the mongo instance for storing the messages any more, but unfortunately all user settings, accounts, streams, and other essential bits of the Graylog UI are still in there.
It's not so much a throughput issue as a 'oh god am I going to have to recover all this every time the box reboots' one :)
On 29 March 2012 00:00, Matt Moor <m...@imprecise.org> wrote:
> We did a lot of scalability testing around the ES backend (we're > expecting to increase our log throughput by at least an order of > magnitude in the near future), and wanted to stay as close to that as > possible. Early research left us pretty skeptical as to how graylog2 > (well, mongoDB) would cope with the volume we expect.
> Cheers,
> Matt
> On Mar 28, 3:23 pm, JaimeGago <gagoja...@gmail.com> wrote: >> Matt, >> Any reason you went for Kibana? I'm currently looking at Logstash and it seems many folks prefer the graylog2 web UI with which logstash supposedly integrates easily.
>> J. >> On Mar 27, 2012, at 7:05 PM, Matt Moor wrote:
>> > We're using it, and are pretty happy so far. We have 320M messages in >> > ElasticSearch, increasing at a rate of about 250/s and it's pretty >> > responsive (this probably comes down to scaling ES). UI is definitely >> > a lot easier than logstash-web, though there are a few quirks (the >> > time-range filter only operates on the set returned by the search, >> > which also has a time filter... easy to forget and wonder why you're >> > not showing any messages!)
>> > Early days for us, though - we're certainly not splitting on fields as >> > much as we should be, so our searches tend to be quite broad and not >> > take advantage of browsing and filtering results by field.
>> > Cheers,
>> > Matt
>> > On Mar 28, 1:41 am, Jens Braeuer <braeuer.j...@googlemail.com> wrote: >> >> Hi everyone,
>> >> I wonder who of you is using Kibana >> >> (https://github.com/rashidkpc/Kibana) and what are your experiences with >> >> it so far. How do the features compare to the built-in webinterface of >> >> logstash?
