People love Splunk. But not its price. So people are always on a lookout for a good Splunk alternative. Many of those people migrated from Splunk to ELK Stack or Hosted ELK Stack solutions like Logsene. The situation with Elastic X-Pack is similar. It’s a nice package of tools bundled with professional services, but mighty expensive. So naturally, people again look for X-Pack alternatives. Luckily, there are a number of alternatives for each X-Pack component. Let’s unpack the X-Pack and see what X-Pack alternatives are available as either open source tools, commercial alternatives, or cloud services:
| Functionality | Elastic | Alternatives | |
| Security | X-Pack Security
(formerly Shield) |
|
SearchGuard provides a free, open source alternative to X-Pack Security. SearchGuard support and enterprise features are not free of charge – the license model is per cluster – but it is probably a cost saver relative to X-Pack. Learn more about SearchGuard here
Sematext Cloud or Enterprise for time series data use case – like metrics, logs: Sematext Cloud has role-based access control and SSL/TLS encryption. If you look for a secure alternative for time series data such as logs or metrics, Sematext Cloud might be a good alternative. |
| Alerting | X-Pack Alerting
(formerly Watcher) |
|
Elastalert (open source) is a simple and popular open source tool for alerting on anomalies, spikes, or other patterns of interest found in data stored in Elasticsearch. Elastalert works with all versions of Elasticsearch.
Logagent (open source) is a general log shipper. However, it can schedule Elasticsearch queries (input), filter the results using custom criteria and alert via pluggable outputs like Slack. Thus, using Logagent for alerting on Elasticsearch data is just a matter of configuration. Sentinl extends Kibi or Kibana with Alerting and Reporting functionality to monitor, notify, and report on data series changes using standard queries, programmable validators, and a variety of configurable actions. Sematext Cloud provides alerts on metrics and logs. It offers alerting based on threshold or statistical anomaly detection, as well as heartbeat alerts. It comes with default alerts for all integrated apps (e.g. for disk storage or JVM garbage collector, etc.) and features ChatOps integrations like PagerDuty, Slack, HipChat, BigPanda, WebHooks, Pushover, e-mail, etc. |
| Monitoring | X-Pack Monitoring
(formerly Marvel) |
Sematext Cloud Elasticsearch integrations, Prometheus, Datadog, New Relic, etc.
Data collected by monitoring a production cluster should be stored in a separate location. With Elastic X-Pack monitoring this means running a second Elasticsearch cluster for monitoring data. Hmm, how do you monitor your monitoring Elasticsearch cluster? |
|
| Reporting |
|
Skedler provides easy scheduling of PDF, XLS and PNG reports for Kibana dashboards. Paid plans are only a few hundred dollars per year.
Sentinl, Kibana and Kibi plugin for reporting. Think of it as a free and independent “Watcher” which also has scheduled “Reporting” capabilities (PNG/PDFs snapshots). Sematext Cloud provides scheduled queries and reports the results via e-mail, with included PNG snapshots. |
|
| Graph | X-Pack Graph |
|
X-Pack graph generates nodes and edges for graphs and extends Kibana with a graph display to explore relations.
Kibi is a kept-in-sync fork which extends Kibana with a relational data model and the ability to do joins over multiple indices. In addition it supports relational data from SQL databases. The enterprise edition includes graph visualization, alerting & reporting, security features, additional components and support Kbn_network Kibana 5 plugin. Open source and free Kibana 5 plugin for network visualization with Apache 2 license. DIY: Cytoscape.js, Visjs.org (open source) Individual graph visualizations are not too hard to implement. It is mainly a matter of JavaScript frontend programming and converting results of Elasticsearch queries to a graph structure (nodes and edges). There are several good open-source Graph visualization libraries to render graph data structures in the browser. |
| Machine Learning | X-Pack Machine Learning |
|
Knowi is a business intelligence tool, natively supporting many SQL and NoSQL data sources including Elasticsearch. Knowi recently added machine learning capabilities, combining BI and AI in a single platform, to support predictive and prescriptive analytics.
Sematext Cloud provides anomaly detection for performance metrics and logs, based on a series of machine learning algorithms. It automatically computes the baseline values for metrics or results of saved searches and triggers alert notifications when new data goes out of bounds of the baseline range. |
| Elasticsearch Support | Support for 5.x and 2.x | Sematext delivers enterprise-class, world-wide production support for Elasticsearch and ELK Stack (Elasticsearch, Logstash, Kibana), from Elasticsearch 1.x and up! |
And there you have it! It turns out there are lots of options to pick from and, with time, we are bound to see more and even better alternatives.
Want to learn more about Elasticsearch and the rest of the Elastic Stack? Subscribe to our blog or follow @sematext. If you need any help with Elasticsearch, Logstash, and friends – don’t forget that Sematext provides Elasticsearch Consulting, Elasticsearch Production Support, and offer Elasticsearch Training!