ELK 使用 Grafana 而不是 Kibana 用于集中式日志

Question

When comes to centralized log tools, I see lot of comparison of ELK vs EFK vs Loki vs other.

But I have hard time to actually see information about "ELG", ELK (or EFK) but with Grafana instead of Kibana.

I know Grafana can use Elasticsearch as datasource, so it should be technically working. But how good is it? Any drawback compare to using Kibana? Maybe there are more existing dashboard for Kibana than Grafana when it comes to log?

I am asking this as I would like to have one UI system for both my metrics dashboard and my logs dashboard.

Answer 1

Kibana is part of the stack, so it is deeply integrated with elasticsearch, you have a lot of pre-built dashboards and apps inside Kibana like SIEM and Observability. If you use filebeat, metricbeat or any other beat to collect data it will have a lot of dashboards for a lot of systems, services and devices, so it is pretty easy to visualize your data without having to do a lot of work, basically you just need to follow the documentation.

But if you have some data that doesn't fit with one of pre-built dashboards, or want more flexibility and creat your own dashboards, Kibana needs more work than Grafana, and Kibana also only works with elasticsearch, so if you have other datasources you would need to put the data in elasticsearch. Also, if you want to have map visualizations, Kibana Map app is pretty good.

The Grafana plugin for Elasticsearch has some small bugs, but in overall it works fine, things probably will change for better since Elastic and Grafana made a partnership to improve the plugin.

So, if all your data is in elasticsearch, use Kibana, if you have different datasources, use grafana.