One great thing about SaaS log management services is that they can be setup in a matter of minutes. This was the primary reason I started looking at them for a Salesforce-based application that I am building. It is a huge relief to not have to worry about monitoring our own hardware/ec2/heroku instances, installing security and software updates, or spending time setting up something like Elasticsearch, Logstash and Kibana. There is definitely a time and a place for managing your own servers, but for us third party logging services can solve the problem in minutes and we don't have to reinvent the wheel.
Our log management service requirements:
Quick to setup and easy to use
Able to send log messages over HTTP (thank Salesforce for this one)
Able to handle 33 messages a second on average with spikes up to 2000 messages a second with ease
Can monitor/view logs in near real time
Supports loading messages in bulk
With these in mind, I looked at each of the following companies as a possible solution:
1. At a quick glance it appears Splunk Storm is not a commercial offering, but rather intended as a test drive before moving to Splunk which is overkill for our needs.
2. Amazon Simple DB looked promising at first, since they state that one of the primary use cases is “storing server logs centrally to reduce the space they consume on each running server”. However, the only way to view the logs is via REST and SOAP web services. This did not meet our requirement of easy and quick so it was out.
3. Amazon Cloudwatch didn't make the cut as it seems to be limited to monitoring EC2 instances. I did not want to build an application on EC2 to receive the requests, log them and let Cloudwatch pick up the logs as that did not meet requirement for a quick setup.
4. I quickly discovered that Loggr would not work for us as it is not intended for managing logs. More specifically their website states, “Loggr does not replace syslog or windows event viewer. Use Splunk for that. We do high-level events like errors, sales, usage, job activity, etc.”.
5. At a quick glance, Logentries looked liked it would meet our requirements. However, they are deprecating HTTP, confused me with their UI, were slow to load new logging points and didn’t have a way to send messages in bulk.
6. & 7. Last, I have Loggly and Papertrail which are both great products. I looked at these companies a bit closer and put together a side by side comparison.
Requests Per Second
(your mileage will vary)
verified via command:
$ loggen -iS -r 100000 -s 200 -I 60 logs-01.loggly.com port
verified via command:
$ loggen -iS -D -r 100000 -s 200 -I 60 api.logentries.com port
Support for sending messages over HTTP?
Not directly. However, can put a script on Heroku to forward messages.
7 - 90 days
1 day - 4 weeks
Alerting on specific message types
Total storage for all messages
1 GB - 150 GB
100 MB - 500 GB
Regex Searching Support
Price for 2GB of monthly storage and 30 day log retention.
Took over 2 days to get answers to basic question (when using free plan).
High quality support over live chat and via email. I received immediate answers.
The support I received from Papertrail was phenomenal and I want to thank Leon for going the extra mile! The support alone made me want to make Papertrail work. The fact that the price was less than a quarter of Loggly was also a very welcome perk. Unfortunately, my application still had the requirement to send messages over HTTP which made for a more complicated solution using Heroku. That said, most logging apps are not tied to HTTP so Papertrail may be the better choice for many situations.
At the end of the day I choose Loggly as the best option for our specific needs. It was very easy to setup and is great at what it does. The bottom line is Loggly met all of our requirements and then some.
Please let us know what your experiences are with the different logging services. Or do you prefer/require self hosted solutions?