#1 most frequent
United States of America
49.6%451 installations of 910
What is SolarWinds Loggly?
Loggly is a cloud-based log management service provider. It does not require the use of proprietary software agents to collect log data. The service uses open source technologies, including ElasticSearch, Apache Lucene 4 and Apache Kafka.
Categories & Use Cases
Media
1 / 5
Screenshot of Streamlined Log Analysis
Who Buys & Uses SolarWinds Loggly
#2 most frequent
Canada
9.6%87 installations of 910
#3 most frequent
United Kingdom of Great Britain and Northern Ireland
6.2%56 installations of 910
Centralized data for post mortem to detect the next calamity before it happens
Use Cases and Deployment Scope
We use Loggly as a syslog digest. Normally it is an after-the-fact tool for outages and anomalies. Syslog is an invaluable tool when troubleshooting outages and errors. As we experience outages we go back and sift through Loggly to see what the messages looked like at the event time and create alerts based on them to catch the problems in advance the next time. As a secondary method of catching issues before they become problems, we monitor the gross volume of messages daily. When they spike on a given day we know that something is up and go and find the offending source. Many times we catch the problem before it causes a customer impact event.
Pros
- syslog digest
- alerts based on syslog contents
- sanity check on number of daily log events
- post mortem on outages
Cons
- the interface could be more intuitive
- repetitive syslog dialog could either be highlighted or ignored by user choice
- when a source spikes it's name could be included in the volume alert email
Return on Investment
- decrease diagnosis time
- increase security
- aids with preemptive alerts
- forensics at the finger tip
- exposes syslog to the entire team
Other Software Used
Windows Server, Ubuntu Linux, N-able N-central
Loggly is Omniscient!
Use Cases and Deployment Scope
We use it to log network activity. It's often a requirement when audited to provide proof of network monitoring/activity and Loggly helps us meet those needs.
Pros
- Logs Network activity to allow for auditing.
- Proactively monitors to point out potential issues.
- Integration with our GitHub application.
Return on Investment
- Having Loggly in place has enabled us to win business that we wouldn't win otherwise.
Alternatives Considered
Netwrix Auditor
Other Software Used
Netwrix Auditor, Honeybadger.io
Thank to Loggly, "LOGS" is no longer a dreaded four-letter word.
Use Cases and Deployment Scope
Loggly gives us valuable insights into otherwise disparate log file data contained in multiple Docker containers. It allows us to have a consolidated view of application logs, exceptions, and events in an integrated dashboard.
Pros
- Dashboard
- Smart taxonomy
- Data filtering
Cons
- Default retention periods should be a bit longer
- Data can sometimes be slow to propagate
Return on Investment
- Troubleshooting errors is easier by searching and filtering all of our log files in one place
Fire and forget logs
Pros
- Keeps working!
- Fast searches.
- Easy to configure searches - you don't have to be an expert in RegExp...
Cons
- Not all searches are intuitive.
- We have to use a log aggregating device to ship our logs to Loggly as our network devices can not connect on an encrypted protocol. I would prefer if we could use some sort of VPN-based connector to ship logs securely.
- Sometimes when drilled down, it can be difficult to fully reset a search term to back all the way out of a drill down.
Return on Investment
- Our ability to monitor and solve problems has improved since using Loggly.
- Our confidence level in the log solution we have in place has improved.
- We spend less (actually no) time maintaining our log solution.
- Although Loggly is more expensive than the solution it replaced, I believe it to be better value.
Alternatives Considered
Datadog, SolarWinds Papertrail and Amazon CloudWatch
Usability
Loggly is good
Pros
- Putting our logs in one place and making them searchable. We use AWS, and CloudWatch has always been a little frustrating in this regard (though it has gotten better recently).
- Deriving metrics from our logs. I think log-based metrics is such a good idea because your logs are the ultimate source for truth in regards to what the hell is going on inside your app. I have really loved the simplicity with which I can just count certain statements and call that a metric because just through the normal course of development certain log statements just naturally become a straightforward recording of an event having occurred.
- Alerts. I actually have a few complaints about email alerts, but just the way I was able to set them up so easily has been huge. Since we started using Loggly, there have been at least 3 bugs that Loggly exposed that were frankly very bad. And withoutt Loggly or without a user reporting them, we would have never known they were happening! This is stuff I tried to set up in CloudWatch in various ways, but because of my own ignorance or perhaps the complexity/limitations of CloudWatch (or the complexity of my stack?), I wasn't getting the information that I needed until I was able to just tell Loggly to send me an email whenever the word "error" showed up.
Cons
- I would love the ability to able to suppress a particular "event" instead of an entire alert. For example, sometimes an error is caught and handled but the word "error" is still printed to the logs. It would be nice if I could mark an event as "handled" without suppressing the entire alert for n minutes- if I do that then I would miss a real error that happened in that window. Also if I have my alerts set to run every minute checking the last five minutes, I will get 5 emails. It would be nice if there was some de-duplication. I have actually considered setting up webhooks into some API of my own instead of just emails to do this.
- I find the query language to be a little cumbersome. I suspect this is something you guys inherited from whatever index you use, but things like the __exists__ flag are strange. If I just type something into the field I am often surprised that I have to put quotation marks in (instead of it just searching for the term I supplied without any advanced features).
- Derived fields sometimes frustrate me, especially when I am using regex. I will sometimes create regexes that work in a test bed but do not work in Loggly. It is frustrating that I always have to match the beginning and the end of the string.
- The dashboards can be frustrating, especially when I am just trying to put a single number metric in a chart. I should be able to create a chart with multiple metrics: multiple charts with a single metric in each takes up a ton of space and limits the usability of the dashboard
Return on Investment
- Loggly has alerted us to several bugs, ranging from major to small to "would have been a major problem under load."
- It's great having our disparate logs collected and the alerts we have set up around them let us know recently that somebody used an incorrect document to generate a mass email. Users were trying to log in with the link provided but getting 401s and I have an alert configured to tell me about high numbers of 4xx errors.
- Metrics and alerts around metrics have given us peace of mind that automated fulfillment systems aren't going off the rails and costing us hundreds of dollars.
Alternatives Considered
Amazon CloudWatch
