Need advice about which tool to choose?Ask the StackShare community!
Logstash vs Prometheus: What are the differences?
Introduction
Logstash and Prometheus are both popular tools used for monitoring and analyzing data in different environments. While they may have some similarities, there are several key differences between the two.
Data Collection and Processing: Logstash is a part of the ELK stack and is specifically designed for collecting, parsing, and transforming data from various sources, including logs, databases, and APIs. It provides a wide range of input, filter, and output plugins to handle different data formats and destinations. On the other hand, Prometheus is a standalone monitoring and alerting toolkit that focuses on time-series data collection and storage. It comes with its own query language (PromQL) and is best suited for monitoring application and infrastructure metrics.
Data Storage: Logstash does not have built-in storage capabilities and is primarily used as a data transport pipeline. It typically sends processed data to Elasticsearch for indexing and storage. In contrast, Prometheus has its own built-in time-series database that stores collected metrics. By default, Prometheus uses an on-disk, single-node storage format. However, it also supports remote storage integration with other databases like Thanos for scalable, long-term storage.
Metrics Discovery: Logstash relies on explicit configuration to determine which data sources to collect from. It requires users to define input plugins for specific data sources and formats. Prometheus, on the other hand, follows a pull-based model where it scrapes data from instrumented applications and infrastructures based on configured endpoint targets. It uses service discovery mechanisms such as DNS, Kubernetes, or file-based static configs to automatically discover available targets.
Alerting and Monitoring: Logstash has limited built-in monitoring and alerting capabilities. It is primarily focused on data transformation and transportation. However, it can integrate with other monitoring and alerting tools like Kibana and Elasticsearch to provide a comprehensive monitoring solution. Prometheus, on the other hand, has extensive alerting and monitoring features. It allows users to define alerting rules based on Prometheus metrics and send alerts to various notification channels like email, Slack, or PagerDuty.
Scalability and Performance: Logstash can scale horizontally by distributing the workload across multiple instances, but it still relies on the capacity of the underlying Elasticsearch cluster for high throughput. On the other hand, Prometheus is designed to be highly scalable and can handle large amounts of time-series data. It supports federation, allowing multiple Prometheus servers to scrape and aggregate metrics from different sources. This enables distributed monitoring and improved performance.
Community and Ecosystem: Logstash is part of the larger ELK stack, which includes Elasticsearch and Kibana. It has a vibrant community and extensive ecosystem of plugins, add-ons, and integrations. Prometheus, on the other hand, has gained popularity in the cloud-native space and is widely adopted by organizations using Kubernetes for container orchestration. It has a growing community and supports integration with popular frameworks like Grafana for visualization.
In summary, Logstash is primarily focused on data collection and transportation with limited monitoring capabilities, while Prometheus is a dedicated monitoring and alerting tool with a built-in time-series database. Logstash relies on manual configuration for data sources, while Prometheus uses a pull-based model with automatic target discovery. Prometheus has stronger alerting and monitoring features and is highly scalable, especially in cloud-native environments.
Looking for a tool which can be used for mainly dashboard purposes, but here are the main requirements:
- Must be able to get custom data from AS400,
- Able to display automation test results,
- System monitoring / Nginx API,
- Able to get data from 3rd parties DB.
Grafana is almost solving all the problems, except AS400 and no database to get automation test results.
You can look out for Prometheus Instrumentation (https://prometheus.io/docs/practices/instrumentation/) Client Library available in various languages https://prometheus.io/docs/instrumenting/clientlibs/ to create the custom metric you need for AS4000 and then Grafana can query the newly instrumented metric to show on the dashboard.
Hi, We have a situation, where we are using Prometheus to get system metrics from PCF (Pivotal Cloud Foundry) platform. We send that as time-series data to Cortex via a Prometheus server and built a dashboard using Grafana. There is another pipeline where we need to read metrics from a Linux server using Metricbeat, CPU, memory, and Disk. That will be sent to Elasticsearch and Grafana will pull and show the data in a dashboard.
Is it OK to use Metricbeat for Linux server or can we use Prometheus?
What is the difference in system metrics sent by Metricbeat and Prometheus node exporters?
Regards, Sunil.
If you're already using Prometheus for your system metrics, then it seems like standing up Elasticsearch just for Linux host monitoring is excessive. The node_exporter is probably sufficient if you'e looking for standard system metrics.
Another thing to consider is that Metricbeat / ELK use a push model for metrics delivery, whereas Prometheus pulls metrics from each node it is monitoring. Depending on how you manage your network security, opting for one solution over two may make things simpler.
Hi Sunil! Unfortunately, I don´t have much experience with Metricbeat so I can´t advise on the diffs with Prometheus...for Linux server, I encourage you to use Prometheus node exporter and for PCF, I would recommend using the instana tile (https://www.instana.com/supported-technologies/pivotal-cloud-foundry/). Let me know if you have further questions! Regards Jose
We're looking for a Monitoring and Logging tool. It has to support AWS (mostly 100% serverless, Lambdas, SNS, SQS, API GW, CloudFront, Autora, etc.), as well as Azure and GCP (for now mostly used as pure IaaS, with a lot of cognitive services, and mostly managed DB). Hopefully, something not as expensive as Datadog or New relic, as our SRE team could support the tool inhouse. At the moment, we primarily use CloudWatch for AWS and Pandora for most on-prem.
I worked with Datadog at least one year and my position is that commercial tools like Datadog are the best option to consolidate and analyze your metrics. Obviously, if you can't pay the tool, the best free options are the mix of Prometheus with their Alert Manager and Grafana to visualize (that are complementary not substitutable). But I think that no use a good tool it's finally more expensive that use a not really good implementation of free tools and you will pay also to maintain its.
this is quite affordable and provides what you seem to be looking for. you can see a whole thing about the APM space here https://www.apmexperts.com/observability/ranking-the-observability-offerings/
Pros of Logstash
- Free69
- Easy but powerful filtering18
- Scalable12
- Kibana provides machine learning based analytics to log2
- Great to meet GDPR goals1
- Well Documented1
Pros of Prometheus
- Powerful easy to use monitoring47
- Flexible query language38
- Dimensional data model32
- Alerts27
- Active and responsive community23
- Extensive integrations22
- Easy to setup19
- Beautiful Model and Query language12
- Easy to extend7
- Nice6
- Written in Go3
- Good for experimentation2
- Easy for monitoring1
Sign up to add or upvote prosMake informed product decisions
Cons of Logstash
- Memory-intensive4
- Documentation difficult to use1
Cons of Prometheus
- Just for metrics12
- Bad UI6
- Needs monitoring to access metrics endpoints6
- Not easy to configure and use4
- Supports only active agents3
- Written in Go2
- TLS is quite difficult to understand2
- Requires multiple applications and tools2
- Single point of failure1