Hey everyone. I'm a co-founder / CTO of LogDNA. We were in Y Combinator's W15 batch working on a eCommerce marketing platform (PushMarket), only to realize we built a powerful logging system many of our friends wanted.
We had our “slack moment” and decided to pivot. We were frustrated with the current logging landscape and built LogDNA around 3 philosophies:
1. More Storage - give away ample storage so you can log everything
2. Longer Search - faster and longer search retention
3. UI/UX - a much cleaner experience to interact with your log tails
Your marketing seems to emphasize storage heavily. Is that the biggest pain point in logging today? If so, my guess would be that retention period could be a bigger differentiator than sheer gigabytes.
What's the killer use case or differentiator (vs. loggly+kibana+elasticsearch for example)? With Slack, it is integrations. If you could do something similar, like a bugsnag + new relic that aggregates all of our logs and notifies us when things happen (either individual incidents or aggregates like "nginx error log above 1 event/10s), you can have all my money.
Another idea would be to standardize transactions across the stack, so I could trace a request from nginx through rails/phoenix, to postgresql, etc. Again, take my money.
A better UI only helps me if I know when to look at it or what I'm looking for.
It's not the log storage that we care about, it's what we can do with those logs.
I've been through three logging vendors in the last two years (Loggly, LogEntries, now Sumo Logic) and I'm looking to move once again. The secret sauce is not the storage volume; our volume is relatively small: 4.3 GB/day. The secret sauce is the intelligent structuring of unstructured log data, analytics+alerting on the now-structured data, and live tail'ing of logs.
Sumo Logic does an okay job at the parsing/querying/alerting/analytics piece but live tailing is a brand-new feature for them and it has limitations. Sumo Logic's pricing is also frustrating--they don't apply volume discounting until you're pushing something like 500 GB of logs each month. Again, we need affordable analytics; storage is a small piece of the puzzle.
Honestly, our next move may be to an internal "HEK" stack: Heka, Elasticsearch, and Kibana. I've looked at the cost of doing this and it's actually more expensive when you consider what we'd spend to host a big ES cluster internally, but cost is not our #1 consideration, usability is.
This is exactly the sweet spot we're focusing on at Scalyr: quick, easy, and powerful parsing, analyzing, and alerting on unstructured logs, including realtime alerts and live tail. We have customers who are infinitely happier after migrating from Sumo Logic.
Congratulations to the LogDNA team on the launch. There are a lot of use cases in this field and it could use some more shaking up.
I'm currently using Sumo Logic. I'm pretty happy with the features, but their pricing is pretty frustrating and limits what I can get out of it without multiplying the cost.
We have a pretty strong feature set for ingesting, parsing, and querying / analyzing log (and metric) data. Our key differentiators from Sumo are performance (real-time ingestion, 60-second alerting, extremely fast query execution), pricing, and simplicity / ease of use. We focus on engineering use cases as opposed to business intelligence, so we don't (yet) have all of the group-and-join functions that Sumo provides for creating BI reports.
Speed turns out to be surprisingly important. We've had a lot of customers report that after migrating, usage across the team goes way up, simply because it's much more satisfying to use a tool that gives quick results. See https://www.scalyr.com/case-studies/returnpath for a brief case study.
I'd be happy to discuss in more detail, but I don't want to hijack the thread - please drop me a line at steve@scalyr.com.
Have you looked at Splunk Cloud? Having used both it and the ELK stack, I can say that Splunk lets you easily do way more with your data than ELK does.
The main reason we emphasized storage is because we built it with scaling that in mind, that's all. We've also built it with live tail in mind too. It's an okay differentiator since we believe we can handle the volume with our infrastructure. We also followed up with UI/UX which at the end of the day should make us a platform you can goto, get what you need and go back to work.
Give us a try, even if you don't think you'll use the GBs. We have alerting, field parsing and live tail. Analytics is the only piece we don't have today, but we're working towards it.
I understand. For me, though, scaling is just a small piece of the puzzle and not really a differentiator. To give you an idea of our size, we run about ~500 instances in a private cloud hosted on about 45 dedicated servers at Rackspace. We use OpenStack for stateful services and data storage and we use Kubernetes/Docker/CoreOS for 12FA/microservices. We have many dozens of apps and even with all of that, we're still only pushing about 4-5 GB of logs each day.
The number one most important problem we're trying to solve is the actual parsing of logs during ingestion. We need logs from commonly-used apps & frameworks to be automatically identified and parsed and we need an easy way to set up a custom parser for internal logs that doesn't require crazy hand-written regex. How does LogDNA handle parsing? What apps/frameworks are supported?
We automatically detect common formats using regex during ingestion. Many are based on logstash patterns and we have several of our own (including one that just tries to strip out timestamp + log level). If you use a common format, we can usually add it. If you have a custom format that your app defines, we don't have a way for you to add it yet but it'll likely be a regex as you said. (We can always help you create it if you don't want to).
We run our ELK stack (elastic search+logstash+kibana+3 days of logs) on a single EC2 ephemeral instance inside an auto-scaling group. If we lose our logs, oh well! Given that we lose this instance every two-ish years, it seems like a reasonable tradeoff.
Well, we use Elasticsearch extensively for our applications and have developed our internal best practices for running it. A single instance is not recommended for ES. If you're totally fine with losing logs, I guess it's okay, but logs are a critical part of production infra for us and so we would either run a larger cluster with data-only and master-only nodes for optimum reliability.
To be clear, I'm not asking that you have all of this out of the gate. It's that I want to see the vision and get excited about where you're heading. Your early users are investing in your future and taking a bet on what you could become.
Right now, I'm not sure what I should be dreaming about.
You're absolutely right...it's important to clarify the vision. Our vision is to do analytics in the future. Today it's aggregate/search/tail/alerting. I think the beauty of this is that our future is still somewhat unknown and we'll listen to our customers on where we ought to be headed.
For _you_ the unknown future may be exciting, but as a customer it isn't. I'm trusting you with a critical part of my infrastructure and betting that you're the future of logging. If I'm going to make that bet, I have to believe that you have a clear vision and that I'm on board with that.
Obviously internally (as a fellow founder), things are always crazy and you adapt and grow. But your customers need more than the faith that you'll figure it out as you go.
Striim's target audience includes people looking for logging too.
I was referring to the aggregation of the logs, including taking columns / data types from different log streams and combining them (in real time) to create new objects. You can then set alerts and build dashboards on the new objects.
Additionally he mentioned standardizing the request across the stack. Since Striim can import the logs from all these types of services and combine them to create a new object that represents the request across the stack he could accomplish his second request as well.
Combine that with the ability to ingest huge amounts of data and query in real time, it sounded like what he was looking for.
If I were you, I would put a little emphasis on the security of your service. Logs can definitely contain sensitive data and companies rely on you to store that data in a "proper" way.
At least, as a possible customer, that is one of my biggest concern.
But maybe I'm just too focused on security given that our clients ask us about it pretty much every day. So as a possible vendor (for us or other SaaS businesses) and being part of our chain of trust, I'd expect some words on how you handle security and how much it is important for you. That is lacking on the website if I'm correct.
Anyway, congrats on the service! I think that there is room for LogDNA in the logging-warehousing market
Yes, thanks for the feedback. We'll be adding this and a FAQ section soon. We do encrypt everything in transit, end-to-end, just like most in our industry. We do not encrypt at rest at the moment but will be looking into it.
Not encrypting at rest seems like a huge oversight, given that your service most likely uses AWS S3 and it is dead simple to turn on encryption. I'm not sure anyone will trust you to store their log data without at least encrypting data at rest.
> I'm not sure anyone will trust you to store their log data without at least encrypting data at rest.
I know something of logs.
Speaking for requirements inside other's logging use cases is pointless given privacy needs vary from use case to use case. While your statement may be factual for some use cases, claiming it's "a huge oversight" is blanket blaming statement across all use cases and thus becomes worthless.
Besides, if you want search for things in the logs, things have to be kept hot and moving unencrypted. That means no at rest encrypted storage for near realtime search use cases.
I wish I had a stick I could hit people with to get them to stop creating double bind arguments. If you really want privacy for your logs, deal with them yourself on your own equipment. If you absolutely have no time to deal with your logs yourself, then get comfortable with privacy issues.
Thanks for the response. You can also encrypt EBS volumes using Amazon's KMS, so I'd research that. It will be an important feature for your potential enterprise customers.
Not encrypting your customer data at rest in a cloud service just seems really amateur in this day and age. What type of customer are you anticipating that will care about tons of storage but won't care about security?
100GB/month doesn't matter when you only store the logs for 2 days... Why does your free plan have such a short retention time?
Is the 2 day retention time because you sync logs to the user's s3 bucket? If so then it would help conversion to say that next to the 2 days retention copy.
We had a specific audience in mind when we chose 2 days. We were targeting users who just needed to debug their apps, or a low traffic production app. For this, 2 days is plenty. The space is there mainly so they won't have to think about that 5GB/month may equal to 160mb/day or if a bug floods their logs and pushes them over their quota or dealing with overages.
If you care about retention, chances are you're also building a serious product and you want to rely on LogDNA to be around. For that, we hope you'll be on a paid plan.
We want to build the best product we can and by charging appropriately, we can afford better people.
Logging definitely sucks. It all sucks. Graylog. Elasticsearch and Kibana. Don't even get me started on Logstash which is some of the worst software I've ever used.
When you have a Docker/Kubernetes solution I will be (at another YC company) very interested in putting it through it's paces. Also I'd agree with others here that having a command line tail interface as well as a gui for browsing and savable queries would be bitchin.
Looks really great at first glance. Is there anything you guys do that differentiates yourself from other log management platforms (eg Kibana, Splunk, etc)
We've been using the product for a few months now after have looked at most of the alternatives. The biggest differentiators for me have been:
1. Really straightforward, scriptable installation
2. Intuitive view of the log data
3. Very quick and easy to select a time frame
4. UI is oriented to cope with lots of server creation/destruction (very useful for auto-scaling environments and not well handled in some of the other products)
We are very happy with the product - great job guys!
Technically, building a scalable infrastructure to ingest an order of magnitude of GBs more than other platforms was a bit challenging (and still is) but I think we're on our way to achieving that.
Are there any client libraries for LogDNA or does it just stream /var/log/* and other logs to LogDNA? Also, you provide APTs and RPMs, but no sources. Is there any way I can build LogDNA and run it on Arch Linux?
Client libraries are coming soon! We decided on an agent mainly for ease of installation and so we can self-update the agent, so you don't have to manage it (especially for auto-scaling environments).
We will be open sourcing our agent soon, we literally launched this week...some things we couldn't get to for launch.
And yes, it currently streams /var/log/* by default and any other paths your specify to the agent.
Ahh yes documentation...we're also working on that as we speak. Sorry about that...we had to pick and choose what we could have for launch. But the instructions on logdna.com should be enough to get you started.
The CLI looks interesting. Can I use it to pipe logs to you?
That would be really useful for, say, running scripts and maintenance jobs on a bunch of boxes. That would allow me to collect data and inspect it later (or tail it live).
Oh, and I see you provide an OS X package for the tool. I'd vastly prefer a Homebrew package over that.
I'd love to have all logs stored from day 1 (ie unlimited retention).
Makes looking for bugs a million times easier, when you don't need to open up archived logs from S3.
Might be an interesting technical challenge to the keep search fast with 100gbs of logs.
They delete the logs after 2 days (free plan) and 60 days (most expensive plan available). The 100GB is only monthly transfer.
Would be nice to have a cloud log service with unlimited retention that's searchable, but for now self-hosting is the best choice using logstash [1] for logging and statsd [2] for metrics.
Also, if you are dealing with a production issue with HIPPA logs, you must keep them on the machine. You can't send anything in an email, send a stack trace over a messaging client, or put them into JIRA.
The more storage thing seems disingenuous . Splunk's biggest plan is 3x yours. It seems that your real offer is just price per storage atm. More for the same money. infact only splunk light competes with you on price but on not storage GBs.
I don't think we'll be targeting enterprise users like Splunk...especially since their featureset will take a long time to build out. We might be one day but not today.
Yes, you are correct, more value for your money is our current offer. We want to build a great product and to do that, you have to hire great people, so we came up with a pricing that'll hopefully achieve that.
But it's not set in stone and we'll adjust just like any other company.
It's just astounding how web sites still insist on replacing the normal, perfectly fine scroll behavior with weird, buggy, slow, crazy, half-assed, dizzying, and totally unnecessary custom scroll implementations.
* Can or will you add name value pairs? Logging for us is no longer just a single line of text. We have attached metadata. Kibana handles this nicely.
* How good is your security? This is actually our biggest reason why would not use a service like this. Not that we put passwords or user sensitive data in logs we still have to keep them extremely secure due to compliance.
I'm sure you have decent security but I would recommend emphasizing that and/or proving it.
Yes, just send us JSON in a line and we'll parse it. You can actually search on that today, we just haven't made a way for you to see the parsed fields yet (coming soon!)
We're fully encrypted end-to-end in transit (but not at rest, currently).
Yeah we need documentation mainly and couldn't get that in time for launch.
I'd recommend making your pricing model simply per GB and then on a rate tier, don't play games with your customers. The quota system ends being a game, and simply ends up wasting management's time trying to ensure the company isn't either getting charged for overages or not using up the quote they have. I'd quite frankly not recommend companies like Sumologic solely based on the massive amounts of time they waste with these things.
Our team at Pantelligent has been happily using the LogDNA beta for the last few months. The product is well designed and easy to use for many members across engineering, devops, and marketing roles. Very impressed so far, and this is only the beginning of where this product can go! Setup takes about 2 minutes -- give it a try today.
Thanks for the kind words and it's awesome to have your team using our product. Your product feedback on how we can make this platform better has been golden!
Question: Why does a new startup/solution for this pop up every few months? Why is this space so difficult?
I've definitely thought about building this myself, but haven't gotten around to it. It's just sending some text to a server, isn't it? What's so hard about it?
Obviously I'm missing something. I'd love to know what :)
I wasn't aware there were several startups every few months in logging. For us, it was an interesting space. Lots of changes happening.
Yes you are somewhat right. It is sending text to a server. But then you send more text and more text and you need to search for all this text in a split second. If you've ever run your own ELK stack for example, you'll realize quickly that you're spending most of your time scaling elastic search to handle the data volume. There is a challenge to doing that.
It's idiotic. You're not bringing in any major differentiation. Your idea will be implemented by your competitors in less than a week and you will have no competitive advantage and way less clients.
PG's writings aren't the bible. Situations and verticals vary. You still need to use your reasoning after all and judge yourself. Case in point, PG himself agreed to this business idea which in your opinion contradict himself.
True, PG's writings are not the bible just as his agreement with this business idea doesn't mean it's a good idea.
I used my own judgement and concluded that this is a worthless idea, as competition is high and differentiation low. I referenced that article to give credit to the original author.
What AWS stack will let you build something like this? I don't think I would trust a 3rd party with all of my log data for...I can't really see what the benefit of moving to cloud would be, a log file sits on a local disk or if you had to move it to the cloud you could use S3 or SQS even no?
Nothing on AWS will give you the UX that LogDNA is delivering. And a good experience working with logs can be a huge productivity and visibility boost to your team.
But the infrastructure components are certainly there on AWS.
CloudWatch Logs will ingest tons of data at minimal cost. It has simple API for searching for events, but it's extremely slow to return results if you have lots of data in a LogGroup. It has a simple API to get the latest events but it has a 10s delay and its a bit tricky to get all the events from all the LogStreams in the right order.
Kinesis will ingest tons of data at minimal cost, and let you stream it back in real time.
Lambda can subscribe to all the CloudWatch Log or Kinesis Events for parsing, filtering, and forwarding.
AWS ElasticSearch can ingest all the logs and give you a richer query language and visualization tools.
I've been building all this into Convox, an open source AWS toolkit. Take a look at this CloudFormation template for an example of how to configure a CloudWatch Log Group and Lambda filter in your own AWS account:
Mainly so you can avoid tailing or grepping from 1 server at a time, or setting up an elaborate log shipping method of your own. We'll do that for you. :)
Another benefit is if you have many services then viewing the logs in timestamped order can make debugging across services far easier. This is really quite difficult without a single service aggregating and indexing all your logs
It gets especially useful when you start to get unique ids across "jobs". Imagine a single flow of work hits 10 services, but you can search for job_id=123 and get all the logs for the job . Now its easier to see what went wrong and where in the flow.
Other than the post by their founder above, I'm not really familiar with them. But overall, the 3 points I mentioned in my opening comment is generally similar. But to really find out if you'll like us, you should just try installing us. We have a working live demo on https://logdna.com
I think your "Features" page could use some work. I don't consider syntax highlighting themes to be much of a feature. What I want to hear about is how you can take logs from all of these <dozens> of applications and intelligently parse them and deliver analytics and alerting on them.
My favorite part of logentries is the fact that you can use structured logs to build dashboards showing service health. My least favorite part of logentries is the UX around that whole thing. Any chance more features are coming in the structured logging area?
Haven't tried this yet but the install instructions don't include adding a GPG key. Instead it has the option "--force-yes" which I believe skips that check.
That would work for the initial install but wouldn't it complain down the road when you try to update the package?
So we currently ship around 10GB a month, and it costs us $75 a month from Papertrail. Cost is really a non factor, wouldn't matter if is cost us $200. The ability to search and grep older documents is a bit slow on Papertrail though. Additionally, sending deeply nested JSON, and being able to search on props would be huge.
Does LogDNA have a shipper from syslog? Do you have a node.js client lib?
Finally can you talk about security? Is traffic encrypted over the wire? Do you encrypted disks at rest?
I'd like to use LogDNA, but we'd require syslog support, I think. We use Rsyslog to spool logs off to a central server, and we're not about to trust a third-party vendor to keep our data (ie., we want our own copy). Rsyslog can forward to any other syslog server and supports TLS.
Edit: Rsyslog can pipe data to a command-line program via the "omprog" plugin, which might be an easier option for you.
Looks promising! I was able to get it installed and delivering logs in 5 mins.
I really like the high volumes you offer; I really agree that volume should be cheaper. What Papertrail charges per GB seems really high IMO.
That said, I'm just a hobbyist doing under 1GB month of traffic. I will try to stick with the free plan for as long as possible. If you could offer some nice features for $5-10/month, I would upgrade for that.
Can you tell me how wide I have to open our Firewalls to get to your servers? (i.e., 1 or 2 IPs or an entire AWS range). We're in a locked-down compliance environment and opening all our servers to a wide range of external IP addresses is a problem.
Would love to hear you have an aggregator/forwarding tool that I could run all my logs through to forward to your environment.
Congrats on shipping! At Cronitor, we have a lot of users pushing events from PaperTrail for monitoring and alerts. I'd love to work with you on an easy integration at some point, though I do have an appreciation for how busy you are. We didn't add our first real integration -- PagerDuty in our case -- for a few months after launch.
This only solves a part of the problem. This is basically to collect and grep your stderr, useful for when you need to debug something, but that's about it. A far more interesting problem is to collect, ingest, and query structured (Proto, Thrift, etc) _application_ logs that people should also be writing.
To be honest, we weren't really sure what to pick. We just wanted to have something in place. It's not set in stone and we'll likely change things as we see different use cases.
For what it's worth: I've recently built an internal logging platform that handles ~300GB/day on spare hardware with Heka/RMQ/ES/OTSDB/Kibana/Grafana. Running something similar from a SaaS logging provider would be (at bare minimum) a five digit monthly bill.
We actually already do this, but we don't show the results in the log viewer, but we do parse JSON and a whole bunch of various logstash patterns + some of our custom ones. You can even search on them today by doing: fieldname:keyword but it's just hard since you don't know what the fieldnames are...you can guess but we're exposing those soon!
First of all, your website is painful to use. It requires a ton of scrolling to see anything and as previously mentioned scrolling is painful.
Secondly there is almost no detail so while your product sounds cool I can't see what it is like to use your product. Give me examples of creating queries or dashboards. There should definitely be a documentation section on your site!
Also, a really cool feature I can't see anywhere else is reliable journald log uploading. You can dump as JSON which does most of the work but it is a pain implementing a reliable uploader with a HTTP API.
We just built our website this week since we were heads down focused on product. Our documentation is coming soon. We just wanted to get a product into the hands of users and had to make tough decisions on what we needed.
We could be perfect and launch 2 months from now or just launch now with what we have. But you're right, we will be plugging the holes quickly.
Having gone through PCI compliance before, technically you cannot send us data that includes card numbers since we're not PCI compliant (yet). But if you don't log that type of data, there is no issue.
Yet another startup solving yet another already solved problem with little to no differentiation.
That's why we need to encourage more kids to do STEM and tackle hard problems, rather than encouraging "makers" and getting them all to be app builders.
I have yet to live the day I will regain my faith in startups.
It's a straight up ad-hominem attack against Justin Keller, instead of criticising [sic] his writing it attacks his character.
That's just as fallacious an invocation of ad hominem as your link was. Description of questionable behavior is not fallacious, in an article the purpose of which is to complain about questionable behavior. Likewise, it is entirely reasonable to expect withering unsupported criticism like yours to spring from some a personal position of some relevant experience.
We had our “slack moment” and decided to pivot. We were frustrated with the current logging landscape and built LogDNA around 3 philosophies:
1. More Storage - give away ample storage so you can log everything
2. Longer Search - faster and longer search retention
3. UI/UX - a much cleaner experience to interact with your log tails
I’m happy to answer any questions you may have!