How Do I Select LTS Compared with Self-Built ELK?
This document helps you better understand the main functions and advantages of Huawei Cloud LTS by comparing LTS with self-built ELK.
This function is available only in regions AF-Johannesburg, AP-Singapore, CN-Hong Kong, CN East-Shanghai1, LA-Mexico City1, LA-Mexico City2, LA-Santiago, and LA-Sao Paulo1.
Background
Many people use ELK Stack (Elasticsearch/Logstash/Kibana) to build an open-source ELK solution for log search. You can find plenty of content and use cases in the community to guide you.
LTS provides a fully managed log analysis platform that covers three scenarios: application O&M, graded protection compliance, and service operation. It enables customers to collect, store, query, process, analyze, and report logs with ease.
Function
LTS outperforms ELK in terms of function and feature completeness and log search and analysis performance. For details, see the following table.
|
Feature |
Subfeature |
LTS |
ELK |
Description |
|---|---|---|---|---|
|
Log Collection |
Cloud service log collection |
☆☆☆☆☆ |
None |
ELK: You cannot ingest logs from cloud services. LTS: Logs of the cloud service tenant plane are collected to LTS. |
|
VM and container log collection |
☆☆☆☆☆ |
☆☆☆☆ |
ELK: Open-source collectors such as Logstash or Filebeat are used to collect logs. LTS: ICAgent is used to collect logs. A wizard page is provided, which is easy to use. |
|
|
Multi-language SDK Log Collection |
☆☆☆ |
None |
ELK: No LTS: Provides a Java SDK to directly report logs to LTS. |
|
|
Host group management (dynamic scaling of hosts) |
☆☆☆☆☆ |
None |
ELK: No LTS: Allows you to manage hosts and host groups. You can customize host groups and scale them in or out dynamically. |
|
|
Log structuring parsing |
☆☆☆☆ |
☆☆☆☆☆ |
ELK: Implements structuring parsing of customized logs based on the collector. LTS: Enables structuring parsing logs. You can use regular expressions, JSON, separators, or customized templates to parse logs. |
|
|
Log Search |
Keyword search, fuzz match, and quick analysis |
☆☆☆☆☆ |
☆☆☆☆☆ |
ELK and LTS: Provide similar keyword search functions. |
|
Viewing real-time logs |
☆☆☆☆☆ |
None |
ELK does not provide the page for viewing real-time logs. LTS provides page for viewing real-time logs. |
|
|
Search of tens of billions of logs in seconds |
☆☆☆☆☆ |
☆☆ |
ELK: Limited by the number of machine resources, it takes a long time to search for massive logs. LTS: With a large number of elastic computing resources of the public cloud, search results can be returned within 3 seconds for tens of billions of logs. |
|
|
Iterative search of hundreds of billions of logs |
☆☆☆☆☆ |
None |
ELK: Unable to search hundreds of billions of logs directly. And the response times out. LTS: Provides iterative search. Users can directly search for hundreds of billions of logs. |
|
|
Log management scale |
100 PB level |
100 TB level |
ELK: It is often time consuming to keep an eye on machine expansion. LTS: Pay-per-use. LTS automatically manages 100 PB level logs regardless of underlying resource consumption. |
|
|
Log alarms |
Keyword alarms |
☆☆☆☆☆ |
☆ |
ELK: Log alarm is not available. LTS: Quasi-real-time log keyword and SQL alarms are available. |
|
Alarm notification channels (such as email, SMS, and HTTPS) |
☆☆☆☆☆ |
☆ |
ELK: Alarms cannot be sent to users through DingTalk, WeChat, or SMS messages. LTS: Interconnects with the Simple Message Notification (SMN) service of Huawei Cloud to notify customers through email, SMS, WeChat, DingTalk, Flying Book, and HTTP. |
|
|
Log transfer |
Transfer to OBS |
☆☆☆☆☆ |
None |
ELK: Logs cannot be directly transferred to OBS. LTS: Logs can be transferred to OBS through simple page configuration. |
Summary
LTS beats ELK in functions, performance, and costs. You are advised to use fully managed LTS instead of self-built ELK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
