Enterprise DevOps, Log Management and Analytics

Sematext Blog

Subscribe to Sematext Blog: eMailAlertsEmail Alerts
Get Sematext Blog via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Time Series Journal

Blog Feed Post

X-Pack Alternatives

People love Splunk. But not its price. So people are always on a lookout for a good Splunk alternative. Many of those people migrated from Splunk to ELK Stack or Hosted ELK Stack solutions like Logsene. The situation with Elastic X-Pack is similar. It’s a nice package of tools bundled with professional services, but quite pricey. So naturally, people again look for X-Pack alternatives.  Luckily, there are a number of alternatives for each X-Pack component.  Let’s unpack the X-Pack and see what X-Pack alternatives are available as either open source tools, commercial alternatives, or cloud services:


Functionality Elastic Alternatives
Security X-Pack Security

(formerly Shield)






SearchGuard provides a free, open source alternative to X-Pack Security. SearchGuard support and enterprise features are not free of charge – the license model is per cluster – but it is probably a cost saver relative to X-Pack. Learn more about SearchGuard here

Sematext Cloud or Enterprise for time series data use case – like metrics, logs: Sematext Cloud has role-based access control and SSL/TLS encryption. If you look for a secure alternative for time series data such as logs or metrics, Sematext Cloud might be a good alternative.

Alerting X-Pack Alerting

(formerly Watcher)



Elastalert (open source) is a simple and popular open source tool for alerting on anomalies, spikes, or other patterns of interest found in data stored in Elasticsearch. Elastalert works with all versions of Elasticsearch.

Logagent (open source) is a general log shipper. However, it can schedule Elasticsearch queries (input), filter the results using custom criteria and alert via pluggable outputs like Slack. Thus, using Logagent for alerting on Elasticsearch data is just a matter of configuration.

Sentinl extends Kibi or Kibana with Alerting and Reporting functionality to monitor, notify, and report on data series changes using standard queries, programmable validators, and a variety of configurable actions.

Sematext Cloud provides alerts on metrics and logs. It offers alerting based on threshold or statistical anomaly detection, as well as heartbeat alerts. It comes with default alerts for all integrated apps (e.g. for disk storage or JVM garbage collector, etc.) and features ChatOps integrations like PagerDuty, Slack, HipChat, BigPanda, WebHooks, Pushover, e-mail, etc.

Monitoring X-Pack Monitoring

(formerly Marvel)

Sematext Cloud Elasticsearch integrations, Prometheus, Datadog, New Relic, etc. 

Data collected by monitoring a production cluster should be stored in a separate location. With Elastic X-Pack monitoring this means running a second Elasticsearch cluster for monitoring data. Hmm, how do you monitor your monitoring Elasticsearch cluster?  
Using Sematext Cloud, Datadog or other cloud-based monitoring services, your monitoring data gets shipped off-site and is accessible even when your production is experiencing problems. Sematext Cloud can collect and correlate Elasticsearch logs with Elasticsearch metrics and provides alerting and anomaly detection.



Skedler provides easy scheduling of PDF, XLS and PNG reports for Kibana dashboards.  Paid plans are only a few hundred dollars per year.

Sentinl, Kibana and Kibi plugin for reporting. Think of it as a free and independent “Watcher” which also has scheduled “Reporting” capabilities (PNG/PDFs snapshots).

Sematext Cloud provides scheduled queries and reports the results via e-mail, with included PNG snapshots.

Graph X-Pack Graph  




X-Pack graph generates nodes and edges for graphs and extends Kibana with a graph display to explore relations.

Kibi is a kept-in-sync fork which extends Kibana with a relational data model and the ability to do joins over multiple indices. In addition it supports relational data from SQL databases. The enterprise edition includes graph visualization, alerting & reporting, security features, additional components and support

Kbn_network Kibana 5 plugin. Open source and free Kibana 5 plugin for network visualization with Apache 2 license.

DIY: Cytoscape.js, Visjs.org (open source)

Individual graph visualizations are not too hard to implement. It is mainly a matter of JavaScript frontend programming and converting results of Elasticsearch queries to a graph structure (nodes and edges). There are several good open-source Graph visualization libraries to render graph data structures in the browser.
GraphAware Graph-Aided Search is an enterprise-grade bi-directional integration between Neo4j and Elasticsearch.  It enabled one to improve the quality of search results by boosting or filtering search results based on data retrieved from Neo4j database.  After performing a search in Elasticsearch, just before returning the results to the user, this plugin requests additional information from Neo4j via its REST API in order to boost or filter the results. It also includes a module which can be configured to transparently and asynchronously replicate data from Neo4j to Elasticsearch.

Machine Learning X-Pack Machine Learning  


Knowi is a business intelligence tool, natively supporting many SQL and NoSQL data sources including Elasticsearch.  Knowi recently added machine learning capabilities, combining BI and AI in a single platform, to support predictive and prescriptive analytics.

Sematext Cloud provides anomaly detection for performance metrics and logs, based on a series of machine learning algorithms.  It automatically computes the baseline values for metrics or results of saved searches and triggers alert notifications when new data goes out of bounds of the baseline range.

Elasticsearch Support Support for 5.x and 2.x Sematext delivers enterprise-class, world-wide production support for Elasticsearch and ELK Stack (Elasticsearch, Logstash, Kibana), from Elasticsearch 1.x and up!

And there you have it! It turns out there are lots of options to pick from and, with time, we are bound to see more and even better alternatives.

Want to learn more about Elasticsearch and the rest of the Elastic Stack? Subscribe to our blog or follow @sematext. If you need any help with Elasticsearch, Logstash, and friends – don’t forget that Sematext provides Elasticsearch Consulting, Elasticsearch Production Support, and offer Elasticsearch Training!


Read the original blog entry...

More Stories By Sematext Blog

Sematext is a globally distributed organization that builds innovative Cloud and On Premises solutions for performance monitoring, alerting and anomaly detection (SPM), log management and analytics (Logsene), and search analytics (SSA). We also provide Search and Big Data consulting services and offer 24/7 production support for Solr and Elasticsearch.