In recent years, ELK has emerged as a popular tech stack for log monitoring. Even though there are other popular log monitoring solutions, ELK is still preferred when it comes to Open Source. Even I will always prefer ELK when it comes to indexing and visualizing data in a feasible way. But in recent times when I come across some discussion forums and articles I felt sometimes ELK is used in a wrong way. In this quick post I thought let me describe my understanding of where ELK is a fit and when it has to be used.

Peoples and organizations are looking for different insights based on business requirements. Business people will be looking for insights like sales report, revenue generated, customer engagement. Technical people might be looking for insights like data traffic, latency, technical errors faced by customers. Depends on requirement, people will prefer these insights in live or historic manner.

Okay can we use ELK to derive these insights? My answer is partially yes. ELK is under the category APM. Its not like if we have ELK it can be used for dashboards and reports, ELK will be preferred to derive insights for admin purpose. That is, if we need a monitoring dashboard to know what is happening now then ELK is a fit.

The main purpose is for debugging, like actions has to be taken whenever error or deviation occurs. But to get historic reports or analytics, I feel ELK is not a choice. In those cases other big data tools will be preferred. But at the same time I won’t say you can use some other big data tools instead of ELK. It depends on the insights what we require. Because the insights (for APM) what we can achieve is not easy and straight forward like ELK.

If you have more details or thoughts you can share it through comments.