Prometheus vs. ELK

Prometheus vs. ELK

Table of Contents

  1. Introduction
  2. Prometheus Monitoring System
    1. Prometheus advantages
    2. Prometheus disadvantages 
  3. ELK (Elasticsearch Stack: Elasticsearch, Logstash, Kibana)
    1. Logstash features
    2. Elasticsearch features
    3. Kibana Features 
    4. Beats
    5. ELK advantages
    6. ELK disadvantages 
  4. Prometheus VS ELK
    1. Prometheus VS ELK: the similarities
    2. Prometheus VS ELK: the differences
  5. Use ELK in the following cases
  6. Use Prometheus in the following cases
  7. Conclusion

Introduction

In today’s world, with many microservices fuelling hundreds of components, the failure of just one piece can cause a crash for the whole system. 

For example, a lack of memory in one component can cause a database failure. This database failure could be the reason for authentication problems for particular users, causing those users to not be able to login. And of course, finding the core problem manually can be complex and time-consuming. 

The solution is to constantly monitor key characteristics like RAM usage, number of requests, number of exceptions, and storage space. You need to set up an alerting system based on the crucial characteristics of your system. For example, alerts should be triggered when storage space usage reaches 60% so that network administrators can fix problems before the whole system crashes.

For these purposes, there are monitoring systems and tools like Prometheus and ELK (Elasticsearch, Logstash, Kibana) stack. In this article, we review these two popular monitoring systems for features, advantages, disadvantages, their differences/similarities, what to choose, and why. 

Another thing to consider when running your monitoring system is whether you’ll choose in-house or hosted. In-house can be extremely time-consuming, especially when the monitoring system decides to fall over right in the middle of your busy day. 

For this reason, we have MetricFire. MetricFire is a Hosted Prometheus service that takes care of long term-storage, updates, monitoring strategy and more. Check out MetricFire’s free trial, or book a demo to find out more. 

   

Prometheus Monitoring System

  

undefined

     

Prometheus is an open-source monitoring and alerting system that pulls metrics from application services, servers, and other target sources. You can read more detailed information about Prometheus in MetricFire’s article Prometheus Monitoring 101.

   

Prometheus advantages

  1. Provides service discovery that is greatly integrated with Kubernetes, finding all services, and pulling metrics from Prometheus endpoints. 
  2. Prometheus always works, even if other parts of the infrastructure are broken. No need to install agents - your Prometheus installation can already pull metrics.
  3. No extensive set up needed. 
  4. Allows fast outage discovery. Outages can be very quickly discovered when the system fails to get requests from known monitoring sources.
  5. Provides a functional query language, PromQL, that allows us to select and aggregate time-series data in real-time. It can apply subqueries, functions, and operators. It can filter and group by labels, and use regular expressions for improved matching and filtering.
  6. Ensures simple reconfiguration. Configuration can be changed via the command line. For example, immutable system parameters, such as storage locations or the amount of data to keep on disk and in memory, and configuration files, such as jobs, instances, or which rule file to load. Changing configuration automatically applies for all monitoring services.
  7. The load Prometheus places on monitored services and the network is low since metrics are stored in memory as they are generated, converted to a readable format, and Prometheus receives them by request (every 15 seconds by default), regardless of how many events are being generated.
  8. The Prometheus architecture design system provides operational simplicity. Limited to a single node, Prometheus avoids clustering. Clustering brings operational complexity. 

   

Prometheus disadvantages 

  1. Monitoring limits (required to increase server storage capacity or to limit the number of metrics). This is not a problem if you choose Hosted Prometheus by MetricFire because the company provides a data storage service.
  2. Does not offer reliable long term data storage, anomaly detection, horizontal scaling, and user management. Basically, these requirements are vital mostly for large scale enterprise environments. These disadvantages are resolved by MetricFire as they provide storage hosting, user management and more. 
  3. Requires a bit of a work-around when it comes to push-based solutions for collecting metrics for short-lived jobs. Also some work-arounds can be made via Pushgateway since these metrics are only available for a short period of time.
  4. Prometheus is not a dashboard solution. The Prometheus Expression Browser provides simple visualizations, but using Grafana for dashboarding is required when using Prometheus for monitoring. 

     

   

ELK (Elasticsearch Stack: Elasticsearch, Logstash, Kibana)

ELK stack is a combination of 3 open-source tools that form a log management platform that specializes in searching, analyzing, and visualizing logs generated from different systems.

      

Logstash features

Logstash receives logs and events from one or more sources, then processes and transforms them into one or more stashes. We can have multiple pipelines running within the same Logstash instance. This means that Logstash is horizontally scalable.

Logstash can also:

  1. Provide a data pipeline tool with Pipeline Management user interface (UI) that allows users to control deployments with a single UI.
  2. Centralize data processing.
  3. Collect, parse, and analyse a large variety of structured and unstructured data and events.
  4. Provide plugins to connect to various types of input sources and platforms.
  5. Decipher geo coordinates from IP addresses.
  6. Anonymize PII data, absolutely preventing access to sensitive fields.

   

Elasticsearch features

Elasticsearch is the core of ELK stack. It is a NoSQL database providing distributed data storage. It provides detailed analyses by offering different query types such as structured, unstructured, geo, and metric data.

Elasticsearch can also:

  1. Provide search engine/ search server possibilities.
  2. Provide full-text search.
  3. Use standard RESTful API and JSON, as it’s based on Apache Lucene.
  4. Provide schema free, REST, and JSON distributed data storage.
  5. Provide horizontal scalability, reliability, and capability to real-time search.
  6. Use indexes to search, increasing search speeds.
  7. Provide security, monitoring, alerting, anomaly detection, anomaly prediction, graph exploration, and reporting features.

   

Kibana Features 

         

undefined

      

Kibana is the visualization tool that pairs with Elasticsearch and Logstash. Kibana is the best visualization tool to use for Elasticsearch logs, but data can also be exported from Elasticsearch to Grafana for more advanced metrics visualization. Kibana is fully set up with everything you need to handle Elasticsearch visualization.

Kibana can also:

  1. Provide real-time analysis, summarizing, charting, and debugging capabilities.
  2. Provide an instinctive and user-friendly interface.
  3. Allow snapshots sharing: share the link or export to PDF or CSV file and send it as an attachment.
  4. Allow setting geo data on any map using Elastic Maps Service to visualize geospatial data.
  5. Save dashboards and you can manage multiple dashboards.

      

Beats

ELK uses Beats, a collection of so-called data shippers, lightweight agents that you can install on servers with a single purpose - send data to Logstash or Elasticsearch. For example, there are Auditbeat for Linux audit logs, Filebeat for log files, Packetbeat for network traffic, and so on.

For specific tasks, there are nearly 100 community-contributed Beats or you can create your own Beat using a Beat library written entirely on Go.

      

ELK advantages

  1. Provides great insight into your distributed system with one ELK instance without the need to connect to hundreds of log data sources.
  2. Developed on Java, so Elasticsearch is compatible with almost every platform.
  3. Elasticsearch is real-time. It means that an added document is available to explore after just seconds.
  4. Elasticsearch develops and supports clients in many languages such as Java, Python, .NET, SQL, and PHP. Plus the community has contributed many more.
  5. Provides a bunch of SDKs for different programming and scripting languages.
  6. Ability to scale vertically and horizontally.

       

ELK disadvantages 

  1. Not so easy installation - what configuration do you need, and what hardware is required by your ELK system is not always clear.
  2. Not a quick installation. Sometimes a company needs fast solutions for their problems but installing, setting up and tuning ELK systems can take a lot of time.
  3. A lot of time may be spent to provide reliability. Due to the Logstash and Elasticsearch being memory intensive, you need to do a lot of work to prevent Elastic nodes from going down. Companies require an expert team to guarantee reliability and resiliency.

        

Prometheus VS ELK

Both monitoring systems, Prometheus and ELK stack, have similar purposes. Their goals are detecting problems, debugging, and solving issues. But these systems use different approaches to this task. 

   

The biggest difference is that ELK specializes in logs, and Prometheus specializes in metrics. Most major productions require using both ELK and Prometheus, each for its own specialty. 

     

Prometheus VS ELK: the similarities

  1. Both Prometheus and ELK are open source software. Both projects have large active developer and user communities.
  2. Both monitoring systems are available as a cloud service or can be operated on premises. 
  3. Both systems use RESTful HTTP/JSON API access methods.
  4. Systems support the same range of programming languages: .Net, Java, Python, Ruby. 
  5. Both systems use sharding methods for storing different data on different nodes.
  6. Both systems support different alerting options with integrations for email, Slack or PageDuty.
  7. Prometheus and ELK stack use replication methods for redundant storage of data on multiple nodes.
  8. ELK, as well as Prometheus, can be integrated with a lot of different systems. There are big amounts of tools for integration with different databases, storage, APIs, other monitoring systems, and hardware related integrations.
  9. Data visualization tools of both systems have great features. 

      

Prometheus VS ELK: the differences

  1. The main difference between Prometheus and ELK stack is the scope of use of these two systems. Prometheus is used for metric collection, various systems monitoring and setting up alerts based on these metrics. ELK is used to take all types of data, perform different types of analytics based on these data, search, and visualize it.
  2. Prometheus uses TimeSeries DBMS as its primary database model. Actually ELK stack’s primary database model is a search engine that supports storing different unstructured data types with an inverted index that allows very fast full-text searches.
  3. Both systems use different types of queries. Prometheus uses its own PromQL which is actually very easy and powerful. ELK provides domain-specific query language based on JSON. Elasticsearch also provides a feature to use SQL-like queries.
  4. ELK uses a schema-free data scheme. While Prometheus stores data identified by metric name and key/value pairs.
  5. ELK collects a variety of logs from different sources, analyzes, and stores them. Prometheus collects metrics in a standard format via a pull method over HTTP. 
  6. In ELK stack, different types of data can be stored, such as numeric, string, boolean, binary, and so on. This lets you keep, analyze, and use data in a more efficient way regardless of the data. Prometheus stores numeric examples of named time series.
  7. ELK provides more long-term data retention compared to Prometheus. Prometheus stores data locally within the instance, for a maximum of 14 days. Data storage and computation on one node makes operations easier, but also makes it harder to scale and ensure high availability. As a result, Prometheus is not optimized to be a long-term metric store. MetricFire solves this issue with their hosted remote storage service for Prometheus. 
  8. Additional paid ELK pack, so-called X-Pack, provides more services: authentication and authorization to both Kibana and Elasticsearch, an alerting system with enhanced features. The machine learning part provides abnormality detection and forecasting. 
  9. Kibana allows analyzing relationships in your data (show related products for example), and visualizations for these relationships. Prometheus has no such extended features in its list, all analysis must be conducted through Grafana.
  10. Elasticsearch uses a structure called an inverted index allowing very fast full-text searches.
  11. Elasticsearch Stack security features are quite extensive. The system provides the right access to the right people. Some of the features are encrypted communication (traffic encryption with SSL/TLS certificates), role-based and attribute-based access control, field and document level security, ip filtering, audit logging, etc.
  12. Elasticsearch provides various features for data management: data backup as snapshot, source-only snapshot for efficient disk storage usage, summarizing and store historical data for feature analyzing (rollup indices).

      

Use ELK in the following cases

  1. You are doing event logging.
  2. You need to process big amounts of log data.
  3. You need long-term data storage.
  4. You need to have deep insights into a specific event. 
  5. You need a clustered solution.

      

Use Prometheus in the following cases

  1. You are primarily doing metrics.
  2. You need simplicity in setting up monitoring and graphing tools.
  3. You need run alerts across various sources.

      

Conclusion

While Prometheus and Elasticsearch stack are very similar tools for monitoring infrastructure and alerting, these systems generally are deployed for different tasks. 

The biggest difference is that ELK specializes in logs, and Prometheus specializes in metrics. Most major productions require using both ELK and Prometheus, each for their own specialty. 

MetricFire specializes in monitoring systems and you can use our product with minimal configuration to gain in-depth insight into your environments. If you would like to learn more about it please book a demo with us, or sign on to the free trial today.

Hungry for more knowledge?

Related posts