Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

BigQuery vs Elasticsearch for analysing and storing application logs

Tags:

elasticsearch

google-bigquery

kibana

I'm investigating the merits of using BigQuery for gaining insights into application logfiles. The logs are produced by Java and C# applications, most of them on cloud-based VMs. I'm interested to hear whether others have done this and of the relative merits of BigQuery vs ElasticSearch/Logstash/Kibana.

The advantage of BigQuery seems to be that it can deal with huge amounts of data whereas the ELK solutions seems maybe better suited to the non-structured nature of logfiles, especially when they come from different systems.

I'd also like to display information on a dashboard. Kibana seems to be very good for that. How easy is it to create dashboards using the Google solution (using google sheets, etc)?

Thoughts, use-cases?

like image 791
user3628387 Avatar asked Jul 17 '16 10:07

user3628387

People also ask

What is BigQuery best for?

BigQuery is a fully managed enterprise data warehouse that helps you manage and analyze your data with built-in features like machine learning, geospatial analysis, and business intelligence.

Why is BigQuery so fast?

Data is stored in a columnar storage fashion which makes possible to achieve a very high compression ratio and scan throughput. Tree Architecture is used for dispatching queries and aggregating results across thousands of machines in a few seconds.

Should I use BigQuery?

Use it when you have queries that run more than five seconds in a relational database. The idea of BigQuery is running complex analytical queries, which means there is no point in running queries that are doing simple aggregation or filtering.

1 Answers

2017 update: Elastic officially supported on GCP

  • https://www.elastic.co/blog/announcing-the-ga-of-elastic-cloud-hosted-elasticsearch-on-google-cloud-platform-gcp

Elasticsearch and BigQuery work great together. BigQuery will take as much data as you have and query it in any way you want in seconds. Meanwhile a well tuned Elasticsearch installation will give you answers in less than a second, but only for certain queries over a limited amount of data.

See this post by Ory at Rounds, where they detail how they use both:

https://medium.com/@oryband/collecting-user-data-and-usage-ffa84c4dba34

The two top titles that summarize their reasons to do both:

  • Live Data with Elasticsearch
  • Big Data with Google BigQuery
like image 154
Felipe Hoffa Avatar answered Oct 06 '22 00:10

Felipe Hoffa
Sign in to Comment

Related questions

Indexing Mysql Database with elasticsearch
ElasticSearch:filtering documents based on field length?
What does Elasticsearch's auto_generate_phrase_queries do?
Elastic Search limit results
Elasticsearch fails silently if document has mapping mismatch for a field
How to map JSON objects with dynamic fields to Go structs
ElasticSearch: access document nested value in groovy script
Unable to connect to Elasticsearch with PHP inside Docker
Using wildcards in phrases with Elasticsearch Query String Query
ElasticSearch : More indices vs More types
Cluster has already maximum shards open
ElasticSearch count returned result
ElasticSearch + Go: Index failures (No feature for name)
Elasticsearch client for iOS
How can I aggregate filtered nested documents in ElasticSearch?
Spring Data Elasticsearch's ElasticsearchTemplate vs ElasticsearchRepository
Logstash not creating index on Elasticsearch
Using a script to conditionally update a document in Elasticsearch
Elasticsearch - NoNodeAvailableException
set default analyzer of index

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!