Loggly alternatives and competitors

We're using SevOne to monitor our network infrastructure. We provide monitoring services and performance capacity management for network gear, including routers, switches, wireless controllers, firewalls, and load balancers, to name a few. We have various manufacturers and different device models that we leverage the solution to monitor in our organization.

Our deployment of SevOne is mostly virtualized. We have gone completely virtual in our environment. We have SevOne deployed in different regions of the world: the U.S., Hong Kong for Asia, as well as in London for Europe. 

We've been able to expand our service with this tool, without the need for additional tools. In addition to being able to monitor network devices, the tool is capable of monitoring server-type devices as well. That means we didn't have to get a separate tool to monitor servers. We're able to ingest system log information and create alert policies on it. Overall, end-to-end, it is very flexible, enabling us to leverage the lessons learned and apply them to all the different component gear, whether it's server gear or database gear. One of the benefits is that we've been able to leverage one tool to do a lot of things.

SevOne also enables us to integrate our network performance management data across our ITSM and business decision-making tools. One component of SevOne is called Data Bus and that allows us to stream and share performance data from SevOne with external applications. We have some use case scenarios where we are sharing the performance metrics being captured in SevOne with other applications in the business. Integrating the network data with other solutions wasn't difficult. The way it works is that we're streaming the database, and small JSON payloads, into a Kafka Messaging Cluster, where external applications can just subscribe to that topic, download the data, and use those metrics as needed.

When it comes to detecting network performance issues faster, the tool is very capable. Being able to set up alerts and policies based on baselines, and deviation from baselines, is pretty good, without our having to set hard thresholds on a performance item. We have discovered things that way. Since leveraging SevOne, we see most of the outages or pre-outages in an alert from SevOne, and we can dispatch to troubleshoot the issue. We depend on it a lot at this point.

For me, the most valuable feature of SevOne is the capability to monitor any device that has SNMP availability. We can pick up any KPIs that we need, regardless of the model, type, or manufacturer. As long as the device is able to respond to SNMP, we have a way to put our SevOne hooks into the device to capture some KPI data.

One of the solution's biggest strengths is its capacity management performance, with out-of-the-box reports through NMS, as well as its ability to collect NetFlow-related data from devices. The collection of network performance and flow data is important because we have many critical business applications. Whenever there is slow processing or slow response from these applications, the first thing that the user community will look at is the network. They'll wonder, "What's going on with the network? Why are we getting a slow response?" Having those capacity-management KPIs around the components that make up that application helps greatly to narrow down where the root cause is when there is an incident.

It's also very critical that SevOne's collection abilities cover multiple vendors' equipment. Depending on the business unit's needs, it may have a combination of many manufacturers. It's very critical for us to be able to have that flexibility and not to have to worry about a specific manufacturer.

There is also support for software-defined and streaming telemetry-based networks, and we are starting to do a little bit more on that side. That's the direction in which everyone is going: telemetry and data science around the collection of the data, and proactively identifying an issue based on data models. Telemetry, and the ability to capture data in that format, is going to be a big push.

In addition, SevOne's out-of-the-box reports and workflows for automatically helping us understand what is normal and what is abnormal in our network are very comprehensive. One of the things that we like about the reports and the data we see is that, over time, we are able to create a baseline and look at it versus the actual data points. We are very quickly able to see any deviations from that baseline. It's very useful for us.

Those reports definitely speed up the solution's time-to-value. We have business timelines to deliver on. The ability to quickly onboard devices from different manufacturers and collect KPI data, and being able to leverage some of the out-of-the-box reports fairly quickly to look at the performance data, is very important to us.

We are also able to create our own reports. As a matter of fact, we allow many of our telecom engineers to come into the tool and build and customize the reports they need for their specific use cases. It's not only easy to make those reports available, but our user community can be the creators of their own reports. It's easy to use for them. The learning curve is not big. Anybody can start picking and choosing how they want to visualize the data.

For example, right now, we're working from home. There's been a lot of importance around our load balances, for how people connect remotely through our network. Being able to monitor the behavior, the active users, and any drop in users has been key. We have a custom report that we built around each of the load balancers that people come through from their homes, regardless of the users' locations. We can see the trends of active users, and how many users are dropped down. We leverage that report to communicate to our executive team how well we're providing remote workers access to the network.

And as you run some of these reports, like the health summary of the devices, you are also able to drill down to the specific KPIs of certain components. You can have a bird's-eye view, and then drill down all the way to the specific item in that report.

Finally, the solution's dashboard is very important, especially as we do capacity management analysis and as we project the growth of the organization. It helps us understand how certain devices are being utilized. That data is very important for us.

One area that requires a little bit of improvement is the topology of visualization and being able to map out connections, end-to-end. It's able to do that, but it's not as impressive as we would like it to be. We would like to understand the different interface types and the connection points better, through the visualization. Heatmaps also need further development.

In addition, you can take a device and look at all the metrics that are being collected or enabled. But having a quick map view of the KPIs versus the alerting policies that we've built around a device, and being able to map that quicker and have a one-to-one correlation, would be useful.

We've been using SevOne in this company since 2013. Personally, I've been involved with SevOne for the last three years.

It's pretty stable. We hardly have any issues with the product. When we encounter issues, they have a good support structure with their help desk. We get a pretty quick turnaround on any issues that we raise with the vendor.

It's very scalable, especially if you are going with a virtual environment. It's just a matter of deploying the collectors where you need them and quickly discovering devices.

We monitor around 7800 network devices, which includes routers, switches, wireless controllers, et cetera. In addition, we monitor about 21,000 access points.

As far as administration of the tool, we have three engineers who concentrate on the various network types to make recommendations on the KPIs and the monitoring. They also handle the onboarding of devices and configuring of alert policies.

I wasn't involved in the initial setup. Before I came onboard, SevOne was running on a lot of physical devices. But I was involved in doing the upgrades and restructuring it to be more virtualized, so that could expand the cluster and the services. Being able to go virtual, drove the ability to scale, based on the demands of the business, fairly quickly.

We have definitely seen ROI from using SevOne. We've expanded our scope of control and we've increased the number of devices in our environment. Because we have different business units, we have a multi-tenant environment where devices are for different business units. Being able to organize them separately and increase the server count or the device counts has definitely helped us to provide some additional services.

Many tools price things based on the number of KPIs that you're collecting around a device. In many cases, there could be hundreds of metrics that you need to collect. SevOne provides device-level pricing. That gives us the flexibility to turn on, and expand on, the metrics that we're collecting around those devices, without taking a financial hit.

We've looked at other products such as Zenoss and SolarWinds.

What we liked about SevOne is the ability to onboard any type of device that has SNMP capabilities. We could go to SevOne and say, "Hey, we have this new device," and provide the SNMP OIDs and they quickly certify that equipment for us to onboard. And the partnership we have with them is another aspect we like.

My advice is to have a good architecture review with SevOne to understand what your business needs are. Make sure that you are deploying the SevOne collectors as close to the network gear as possible, so you have the metrics with no latency over the network.

The ease of use of the dashboard has improved, now that they've introduced Data Insight, which is their new visualization reporting engine. That is a little bit more user-friendly. They've made good progress with Data Insight to make things even easier.

SevOne is an eight out of 10. They do a lot of things very well, but there are some areas that need some improvements and they're aware of them. They're working on them for future releases. Every tool has a niche environment, but there's no Holy Grail or perfect tool out there.

Overall, we feel SevOne is well-positioned. It's a very strong tool. What I like about them is the support structure. Being able to collaborate with them, when we need some additional services or recommendations on the tool, is helpful. It's a tool that positions us very well to provide immediate service and meet the needs of the business.

We use it for Log Management and also for another bit of management. It feeds data into Splunk and Splunk writes the rules and based on that, it will pick up incidents. 

It is good from a cost perspective, in terms of the cost of the data you're looking at. There is no cost barrier. 

For my current requirements, the tool theme seems to be meeting my requirements, from a cost and requirements perspective.

The only thing I would say is an issue is the cost. It matches other products. The costs can be justified for the value that we gain. The entire threat analysis stack should come in a bundle. If the cost was matchable with other products I think Splunk would pick up in the market. 

I did evaluate other products and installations. I can't compare it to Splunk. 

I have been using Splunk Cloud for a year. 

There are two people who are part of admin that use Splunk in my company. 

We have a policy where we have to keep the domain controllers on lock with sensitive servers for about 90 days. We look at the controls around once a week to check if they need to be attended to. 

We initially contacted their support during the implementation. It was not for a very complex issue. It was more for a consultation. 

Their support is good. 

I was new to Splunk and had a problem with understanding the forwarders and worker safety management.

My team was able to install it themselves. 

In terms of how long it took to deploy, between coding, testing, and other things, it took about four weeks to complete the project to complete the initial installation. Altogether it was four to five weeks. They should improve the customization. 

Splunk is a leader in its marker. 

Splunk offers more features than its competitors. Other solutions are not on the same level to be able to compare them. 

I would rate Splunk a nine out of ten. 

The queries and pulling out the exact reports is a little challenging. I get complaints about it. I would like to see more reports or default out of the box reports. That would be more useful, useful, and then people can avoid writing inquiries.