What Are the Advantages of LTS Compared with Self-built ELK Stack?
This section describes the main functions and advantages of Huawei Cloud LTS by comparing it with self-built ELK Stack.
Background
The open-source ELK Stack, comprising Elasticsearch, Logstash, and Kibana, is extensively used for log search, with a variety of content and use cases available within its community.
LTS is a fully managed log analysis platform that covers application O&M, security compliance, and service operations. You can use it to collect, store, query, process, analyze, and report logs with ease.
Functions
LTS outperforms ELK in terms of feature completeness and log search and analysis performance.
|
Feature |
Subfeature |
LTS |
ELK |
Description |
|---|---|---|---|---|
|
Log collection |
Cloud service log collection |
☆☆☆☆☆ |
N/A |
ELK: does not collect cloud service logs. LTS: collects all logs of the cloud service tenant plane. |
|
VM and container log collection |
☆☆☆☆☆ |
☆☆☆☆ |
ELK: uses open-source collectors such as Logstash or Filebeat. LTS: uses ICAgent to collect logs and provides easy-to-use wizard pages. |
|
|
Collection via multi-language SDKs |
☆☆☆ |
N/A |
ELK: not supported. LTS: provides a Java SDK to directly report logs to LTS. |
|
|
Host group management (dynamic scaling of hosts) |
☆☆☆☆☆ |
N/A |
ELK: not supported. LTS: supports host and host group management. You can add custom identifiers to host groups and scale host groups in or out. |
|
|
Log structuring parsing |
☆☆☆☆ |
☆☆☆☆☆ |
ELK: enables custom structuring parsing based on the collectors. LTS: enables structuring parsing with regular expressions, JSON, delimiters, or custom templates. |
|
|
Log search |
Keyword search, fuzz match, and quick analysis |
☆☆☆☆☆ |
☆☆☆☆☆ |
ELK and LTS: provide similar keyword search functions. |
|
Real-time log viewing |
☆☆☆☆☆ |
N/A |
ELK: does not provide the page for viewing real-time logs. LTS: provides the page for viewing real-time logs. |
|
|
Search of tens of billions of logs in seconds |
☆☆☆☆☆ |
☆☆ |
ELK: Limited by the server resources, it takes a long time to search for massive logs. LTS: With the extensive scalable computing resources of Huawei Cloud, search results can be returned in 3 seconds. |
|
|
Iterative search of hundreds of billions of logs |
☆☆☆☆☆ |
N/A |
ELK: Response timeout occurs when hundreds of billions of logs are searched. LTS: Iterative search enables search of hundreds of billions of logs. |
|
|
Log management scale |
100 PB level |
100 TB level |
ELK: It is often time-consuming to keep an eye on server scaling. LTS: automatically manages 100 PB of logs. You do not need to worry about the underlying resource consumption and will be charged on a pay-per-use basis. |
|
|
Log alarms |
Keyword alarms |
☆☆☆☆☆ |
☆ |
ELK: No log alarm function is available. LTS: Quasi-real-time log keyword and SQL alarms are available. |
|
Alarm notification channels (such as email, SMS, and HTTPS) |
☆☆☆☆☆ |
☆ |
ELK: does not send alarms to users through DingTalk, WeCom, or SMS messages. LTS: interconnects with Huawei Cloud Simple Message Notification (SMN) to notify users through channels such as email, SMS, WeCom, DingTalk, Lark, and HTTP. |
|
|
Log transfer |
Transfer to OBS |
☆☆☆☆☆ |
N/A |
ELK: cannot transfer logs to OBS directly. LTS: allows you to transfer logs to OBS with simple page configurations. |
Summary
LTS beats ELK in functions, performance, and costs. You are advised to use fully managed LTS instead of self-built ELK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
