Skip to content

Monitoring tools

Anushka Bandara edited this page Apr 2, 2019 · 12 revisions

Monitoring tools

Reff : https://logz.io/blog/grafana-vs-kibana/

ELK is a general-purpose no-sql stack that can be used for monitoring. We've successfully deployed one on production and used it for some aspects of our monitoring system. You can ship metrics into it (if you wish) and use it to monitor them, but its not specifically designed to do that. Nor does it come with an alerting system - you'll need to setup another component for that (like Sensu).

Prometheus, on the other hand, is designed to be used for monitoring. And along with its metric-gathering clients (or other 3rd party clients like Telegraf and its service discovery options (like consul) and its alert-manager is just the right tool for this job.

Ultimately, both solutions can work, but in my opinion Elasticsearch will require more work and more upkeep (we found that ES clusters are a pain to maintain - but that depends on the amount of data you'll have).

ELK vs Prometheus

One problem with trying to use ELK/elasticsearch to monitor metrics that it wasn't designed as a TSDB (time series database)? Which is precisely what Prometheus, influxDB, Graphite, etc are built for. The end result being far better use of storage and scalability to handle millions of time series on less hardware. Unless that has changed?

ELK can be a good choice for small scale metric collection when you already have ELK in place. Another reason I don't think ELK can replace Prometheus currently is service discovery. Prometheus ties into service discovery systems (dns, consul, Specially kubernetes, Marathon, etc). This is important in a microservice/container based environment where everything is distributed and dynamic. This is one of the reasons Prometheus was designed at SoundCloud as even other TSDB solutions don't provide this.

Kibana

Kibana is the ‘K’ in the ELK Stack, the world’s most popular open source log analysis platform, and provides users with a tool for exploring, visualizing, and building dashboards on top of the log data stored in Elasticsearch clusters.

Kibana’s core feature is data querying and analysis. Using various methods, users can search the data indexed in Elasticsearch for specific events or strings within their data for root cause analysis and diagnostics. Based on these queries, users can use Kibana’s visualization features which allow users to visualize data in a variety of different ways, using charts, tables, geographical maps and other types of visualizations.

Grafana

Grafana is an open source visualization tool that can be used on top of a variety of different data stores but is most commonly used together with Graphite, InfluxDB, and also Elasticsearch and Logz.io.

Essentially, it’s a feature-rich replacement for Graphite-web, which helps users to easily create and edit dashboards. It contains a unique Graphite target parser that enables easy metric and function editing. Users can create comprehensive charts with smart axis formats (such as lines and points) as a result of Grafana’s fast, client-side rendering — even over long ranges of time — that uses Flot as a default option.

Logs vs. metrics

The key difference between the two visualization tools stems from their purpose. Grafana is designed for analyzing and visualizing metrics such as system CPU, memory, disk and I/O utilization. Grafana does not allow full-text data querying. Kibana, on the other hand, runs on top of Elasticsearch and is used primarily for analyzing log messages.

If you are building a monitoring system, both can do the job pretty well, though there are still some differences that will be outlined below. If it’s logs you’re after, for any of the use cases that logs support — troubleshooting, forensics, development, security, Kibana is your only option.

Access control and authentication

By default, and unless you are using either the X-Pack (a commercial bundle of ELK add-ons, including for access control and authentication) or open source solutions such as SearchGuard, your Kibana dashboards are open and accessible to the public. In comparison, Grafana ships with built-in user control and authentication mechanisms that allow you to restrict and control access to your dashboards, including using an external SQL or LDAP server. In addition, Grafana’s API can be used for tasks such as saving a specific dashboard, creating users, and updating data sources. You can also create specific API keys and assign them to specific roles.

Querying

Querying and searching logs is one of Kibana’s more powerful features. Using either Lucene syntax, the Elasticsearch Query DSL or the experimental Kuery, the data stored in Elasticsearch indices can be searched with results displayed in the main log display area in chronological order. Lucene is quite a powerful querying language but is not intuitive and involves a certain learning curve.

With Grafana, users use what is called a Query Editor for querying. Each data source has a different Query Editor tailored for the specific data source, meaning that the syntax used varies according to the data source. Graphite querying will be different than Prometheus querying, for example.

Dashboards and visualizations

Both Kibana and Grafana boast powerful visualization capabilities. Kibana offers a rich variety of visualization types, allowing you to create pie charts, line charts, data tables, single metric visualizations, geo maps, time series and markdown visualizations, and combine all these into dashboards. Dashboards in Kibana are extremely dynamic and versatile — data can be filtered on the fly, and dashboards can easily be edited and opened in full-page format. Kibana ships with default dashboards for various data sets for easier setup time.

Grafana dashboards are what made Grafana such a popular visualization tool. They are infamous for being completely versatile. Visualizations in Grafana are called panels, and users can create a dashboard containing panels for different data sources. Grafana supports graph, singlestat, table, heatmap and freetext panel types. Grafana users can make use of a large ecosystem of ready-made dashboards for different data types and sources.

Functionality wise — both Grafana and Kibana offer many customization options that allow users to slice and dice data in any way they want. Users can play around with panel colors, labels, X and Y axis, the size of panels, and plenty more. All in all though, Grafana has a wider array of customization options and also makes changing the different setting easier with panel editors and collapsible rows.

Alerts

A key difference between Kibana and Grafana is alerts. Since version 4.x, Grafana ships with a built-in alerting engine that allows users to attach conditional rules to dashboard panels that result in triggered alerts to a notification endpoint of your choice (e.g. email, Slack, PagerDuty, custom webhooks). Kibana does not come with an out-of-the-box alerting capability. To add alerting to Kibana users can either opt for a hosted ELK Stack such as Logz.io, implement ElastAlert or use X-Pack.

ELK deployment in Kubernetes

Ref : https://hackernoon.com/deployment-of-full-scale-elk-stack-to-kubernetes-6f38f6c57c55


After considering all above details, for copper email solution should be deployed with ELK stack which has most of our requirements specially log analysis.