In order to reduce the bespoke parts in logsearch-for-cloudfoundry and get more out-of-the-box features, it may be worth switching from plain old Elasticsearch to the adding the plugins from "Open Distro for Elasticsearch" which includes many features formerly only available in proprietary Elastic/X-pack extensions.
AWS, Netflix, and Expedia have released an open source "distro" for Elasticsearch which adds many features:
https://aws.amazon.com/blogs/opensource/keeping-open-source-open-open-distro-for-elasticsearch/
In the first release, we will include many new advanced but completely open source features including encryption-in-transit, user authentication, detailed auditing, granular roles-based access control, event monitoring and alerting, deep performance analysis, and SQL support.
[...]
The security features available in this initial release include encryption-in-transit, native Active Directory, LDAP, and OpenID authentication, roles-based and granular access control, and audit logging. Other key features include integrated event monitoring and alerting that opens up the full flexibility of the Elasticsearch query language to notify you of changes in your data, SQL support including REST and JDBC support, and an advanced performance analyzer.
Notable for logsearch-for-cloudfoundry use-cases:
- SAML/SSO
With Open Distro for Elasticsearch, you can leverage your existing authentication infrastructure such as LDAP/Active Directory, SAML, Kerberos, JSON web tokens, TLS certificates, and Proxy authentication/SSO for user authentication.
- multi-tenant support:
Open Distro for Elasticsearch also supports multi-tenant environments, allowing multiple teams to share the same cluster while only being able to access their team's data and dashboards.
- monitoring and alerting
With Open Distro for Elastisearch, you can easily create monitors using the Kibana UI with a simple visual editor or with an Elasticsearch query. This gives you the flexibility to query the data most interesting to you and receive alerts on it.
Open Distro for Elasticsearch provides multiple alerting options with built-in integrations for webhook and Slack. Webhook support integrates with your existing monitoring infrastructure or any third-party system.
- an alert manager
A complete history of all alert executions are indexed in Elasticsearch for easy tracking and visualization in Kibana. What are my active alerts? How frequently has this monitor been in alert? Are my alerts executing? What actions were taken? All of this information is easily accessible from the user interface.
In order to reduce the bespoke parts in logsearch-for-cloudfoundry and get more out-of-the-box features, it may be worth
switching from plain old Elasticsearch to theadding the plugins from "Open Distro for Elasticsearch" which includes many features formerly only available in proprietary Elastic/X-pack extensions.AWS, Netflix, and Expedia have released an open source "distro" for Elasticsearch which adds many features:
https://aws.amazon.com/blogs/opensource/keeping-open-source-open-open-distro-for-elasticsearch/
Notable for logsearch-for-cloudfoundry use-cases: