Elastic X-Pack is an excellent set of tools that can offer a great deal of value, and these types of tools are invaluable to many companies. Unfortunately, however, only those with the biggest budgets can afford them. Many companies are in desperate need of log management software and thankfully, there are less expensive yet equally effective alternatives to Elastic X-Pack.
X-Pack Pricing
There is a good deal of speculation about the pricing model for X-Pack. Of course, for larger enterprise customers, volume discounts can apply, but for enterprises with larger clusters, the cost can quickly add up. We have consulted with many small to large enterprise customers using Elasticsearch. I get a lot of questions concerning Elastic but what I rarely hear is “what are the alternatives to X-Pack”? Most large organization choose X-Pack licenses by default without really understanding what is the best fit for their use-case and future needs. Decision makers often wonder if there are alternative solutions to monitoring larger Elasticsearch clusters in production scenarios. I decided to share my list of Elasticsearch X-Pack alternatives that can accomplish a wide variety of tasks, from monitoring, security and event alerting use-cases.
X-Pack Security – Alternative “SearchGuard”
Before you officially put your Elasticsearch cluster into production, it is highly recommended you address security and access to your search cluster. This also applies even if your cluster is considered “internal” and not accessible to the public. With X-Pack, role-based security and access controls can be applied at the data level. An alternative to X-Pack’s security is SearchGuard. This free, open source program offers many of the same features as X-Pack security. While the basic version is free, the enterprise version with support has a standard license, yet it is still much cheaper than X-Pack security which is solid as a bundle offer. SearchGuard’s license model is per cluster, which can save cost by avoiding a per node strategy. Cluster-based pricing allows your Elasticsearch footprint to grow without increasing costs.
X-Pack Graph – Alternative “Kibi Community”
X-Pack Graph is also an excellent tool for doing forensics on data sets. It can also be used to find less obvious relationships in your existing data sets in a visual way. This tool generates edges and nodes for graphs and adds a graph display to Kibana in order to explore less obvious data relationships. A good alternative to Graph is Siren’s Kibi. This tool and usually kept-in-sync with the latest versions of Kibana and uses a model for relational data. Kibi also has the ability to be extended over multiple, different indices, not only that; it also supports the relational data that comes from SQL databases. Kibi currently offers an enterprise edition that includes everything from security features and reporting and alerting to graph visualization and support, as well as additional components.
Other alternative plugins are “Kbn_Network Kibana 5.”, but this is mainly used for viewing network relationships. This is a free and open source plugin that works with network visualization and an Apache 2 license.
X-Pack Machine Learning
There are a few different alternatives to machine learning offered by X-Pack, but we’ll just discuss one here. The first is Knowi, which is a tool for business intelligence that supports many kinds of different NoSQL and SQL data sources, such as Elasticsearch. Knowi has machine learning abilities as well, because it uses a combination of AI and BI within a single platform in order to support both prescriptive and predictive analytics.
X-Pack Altering – Alternative “ElastAlerts”
X-Pack alerting, formerly called “Watcher,” is the fourth functionality that X-Pack offers. This tool is used to send out notifications when something goes wrong or if some event has occurred in your data. This can be extremely useful in large active Elastic clusters. The alternative to this tool is “ElastAlert.” This tool works on every version of Elasticsearch and is open-source. ElastAlert is used to send out alerts on spikes, anomalies, and patterns of data stored within Elasticsearch. The good thing about ElastAlert is there is very little installation and you do not have to add anything into the Elasticsearch configurations in order to get it to work. This saves a lot of time and maintenance. Another alternative to X-Pack Altering is Sentinl. This program extends Kibana or Kibi by the use of reporting and alerting functions to notify, monitor, and report on changes in data series through a variety of different configurable actions, as well as programmable validators and standard queries.
X-Pack Monitoring – Alternative “KOPF or Cerebro” cost FREE
One of the main uses of X-Pack is active cluster monitoring. In X-Pack, monitoring was formerly known as “Marvel.” In cluster management, monitoring is a relatively basic service, and there are many alternatives. New Relic, Prometheus, Sematext Cloud Elasticsearch Integration and Datadog are some of the best. In the diagram below we are featuring a free open source tool call Cerebro formally (KOPF). Cerebro comes from a very popular tool for Elastic version 5.0. this tool offers many lightweight management monitoring features which enable the user to quickly gauge the health of an active cluster. There are many features which come standard with this open source tool, like the ability to monitor the health of an individual node, filtering of notes by type, and point and click shard rerouting all from a visual interface.
If you were to compare the monitoring the Kibana interface with the Cerebro interface you will start to see several similarities and how nodes are monitored. X-pack gives you a few more nice features but for basic cluster monitoring, this tool can fit the bill. Also with Cerebro no additional indexes are created to monitor the cluster
X-Pack monitoring plugin compared to Cerebro monitoring
Through the use of Sematext Cloud, Elasticsearch logs can be collected and correlated with Elasticsearch metrics. This tool will also provide alerts and anomaly detection functionality. When you use Datadog, Sematext Cloud, or any other type of monitoring service that is cloud-based, you will be able to access data even when experiencing production problems because your monitoring data will be shipped off-site.
In Conclusion
X-Pack is a great service, but careful consideration is needed when planning for cluster growth over time. Fortunately, there are alternatives to many of the features provided by X-Pack. Most of these are open source and free, and the upgrades they feature still could represent a significant cost saving over the typical X-Pack service price. If you know where to look, it is possible to get all the best features of log management service at a fraction of the cost.
WOULD YOU LIKE TO LEARN MORE?
If you’re interested in more, be sure to send us an email at [email protected]! And get in touch with Weblink if you have tough Elasticsearch problems you need help with!
Expert ElasticSearch Consulting and Implementation Services
Weblink Technologies, a leader in Elasticsearch products, provides a solution based solely on Elastic-search. As an Elastic partner and reseller, we have worked with many of customers by providing expert consulting and implementation for Elasticsearch, Logstash, Kibana (ELK), and Beats. Whether you are using Elasticsearch for a web-facing application, your corporate intranet, or a search-powered big data analytics platform, our Elasticsearch experts bring end-to-end services that support your search and analytics infrastructure, enabling you to maximize ROI.
- Elasticsearch consulting and strategy planning:
- Search application assessment
- Elasticsearch, Logstash, Kibana, and Beats (Elastic Stack) implementation:
- Search relevancy review and improvement:
- Full support and managed services: (OnSite and Remote)
Contact us at [email protected] to learn more about how we can help you leverage Elastic products for high-performing, easy-to-maintain, and scalable search and analytics solutions.