Compare ELK Logstash and Graylog, which do you recommend?

The question has two part.

You need to choose the back end to aggregate the log / information you want to centralize to allow advance query. On our side we decide to go with ElasticSearch has a backend and leverage the kibana for advance query to our users.

Also on our project, we did many integration in ElasticSerrch like application logging.

The client side / log shipping mechanism, you have many way to do it. Gralog / Syslog forwarder have minimal overhead to forward event / log. ELK support Graylog and many other method.

We decide to leverage the beat project (filebeat) to forward all file log to ELK.

As conclusion, both product are very powerful and the real value is to have a central point with all relevant information to take the right decision.

I have used Logstash and Graylog but not ELK.  To tell you the truth Splunk is the way to go.

I don’t have any experience with GrayLog, but I do with the Elastic Stack (Elasticsearch, Logstash, Kibana, Beats, etc.).

Elastic allows you to use lightweight log shippers called Beats (file beats, metric beats, packet beats). You would then use a Logstash node to provide log enrichment capabilities and then off to an ElasticSearch cluster to provide analytics with machine learning. Then use Kibana for visualization and role-based Dashboards.

Machine Learning is only available in the Platinum and Enterprise support subscription tiers.

The Elastic open source community is another key advantage and now the commercial plugins (x-Pack) will be open source (still need a support subscription to use all the capabilities)...