Note sure if this is the best solution. But works so far for me: ELK + Redis + Curator. Everything in a docker contrainer. Single Machine Setup. Curator deletes old logs. Redis is responsible for caching. Logs are put directly to redis.
I think one of the most important metrics:
Performance
4 Core Machine with 32Gb Ram
about 3000 logs per second. 70% CPU usage and 80% SSD Usage-
Quite happy with the setup, since the SSD can be upgraded to a faster one. Also a more powerfull machine could handle about 10000 logs per second.
Would love to hear other number from Splunk or similar solutions.
Costs: Nearly zero. Some time to setup and bring redis + curator into play.
Performance 4 Core Machine with 32Gb Ram about 3000 logs per second. 70% CPU usage and 80% SSD Usage- Quite happy with the setup, since the SSD can be upgraded to a faster one. Also a more powerfull machine could handle about 10000 logs per second. Would love to hear other number from Splunk or similar solutions.
Costs: Nearly zero. Some time to setup and bring redis + curator into play.