Deployed Splunk on Portainer and setup all my docker containers to stream logs to Splunk.
Seems to be free as long as Splunk doesn’t ingest over 500MB a day.
Opinions?
this post was submitted on 22 Nov 2023
1 points (100.0% liked)
Homelab
380 readers
9 users here now
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I've used both Splunk and Datadog in my current job, but I wasn't particularly impressed with either. In both cases, the costs escalated quickly. Now, we're limited to a 15-day retention period, which, in my opinion, significantly diminishes the system's usefulness.
In another company, where I had greater decision-making authority, I took a different approach. I directed all journald logs to a central repository using systemd-journal-remote and provided SSH access to developers who needed to view the logs. This setup was straightforward and efficiently handled a vast volume of logs at no cost. Journald's binary and structured format allowed for advanced searches. Additionally, I configured our primary Python application to log directly to journald, utilizing its structured logging features.