Getting Data In

Splunk vs Monitoring Tools

shahamit
Explorer

I have been researching on log management and monitoring tools for our java ee web application. Looking at the features of splunk I am trying to understand the advantages of it over monitoring tools like riemann.

Can you help me in understanding how does using splunk benefit over monitoring tools?

Thank you.

Tags (1)
0 Karma
1 Solution

krugger
Communicator

I have never tried riemann, but I took a look at the documentation in their site.

Riemann seems to be targeted to an audience which is developing an application and can integrate the framework into their log production. This will produce very integrated metrics for your application. The advantage is that you will be able to get more information because you have to code a application specific plugin that can be integrated with you deployed application. The application is aware of the monitoring.

Splunk is a more general solution and will parse the logs produced by the application. It will consume text files or database entries and you can use a number of predefined functions to analyze the logs. The advantages is that you can quickly integrate new application and systems into your monitoring, but it will only yield you metrics that are in the logs. The application is oblivious of the monitoring.

If you only want to monitor the java web application and the servers it is running on and you have a development team, probably riemann is the way to go. If you want to parse the application logs and server logs and then start monitoring network devices and firewall probably splunk is the way to go.

View solution in original post

krugger
Communicator

I have never tried riemann, but I took a look at the documentation in their site.

Riemann seems to be targeted to an audience which is developing an application and can integrate the framework into their log production. This will produce very integrated metrics for your application. The advantage is that you will be able to get more information because you have to code a application specific plugin that can be integrated with you deployed application. The application is aware of the monitoring.

Splunk is a more general solution and will parse the logs produced by the application. It will consume text files or database entries and you can use a number of predefined functions to analyze the logs. The advantages is that you can quickly integrate new application and systems into your monitoring, but it will only yield you metrics that are in the logs. The application is oblivious of the monitoring.

If you only want to monitor the java web application and the servers it is running on and you have a development team, probably riemann is the way to go. If you want to parse the application logs and server logs and then start monitoring network devices and firewall probably splunk is the way to go.

shahamit
Explorer

I get your point. So do you mean monitoring tools like riemann are good if the application is in development phase and log management tools like splunk, graylog2, logstash are good otherwise? I did not find that convincing a bit considering log management solutions as a whole. Can you please elaborate on this a bit? Thanks for sharing your knowledge.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...