Tag: ELK costs

AWS Elasticsearch Pricing: Getting Cost Effective Logging as You Scale

Posted on by eugene evdokimov

AWS Elasticsearch is a common provider of managed ELK clusters., but does the AWS Elasticsearch pricing really scale? It offers a halfway solution for building it yourself and SaaS. For this, you would expect to see lower costs than a full-blown SaaS solution, however, the story is more complex than that.

We will be discussing the nature of scaling and storing an ELK stack of varying sizes, scaling techniques, and run a side by side comparison of AWS Elasticsearch and the full ELK Coralogix SaaS stack. It will become clear that there are lots of costs to be cut – in the short and long term, using IT cost optimizations.

Scaling your ELK Stack

ELK Clusters may be scaled either horizontally or vertically. There are fundamental differences between the two, and the price and complexity differentials are noteworthy.

Your two scaling options

Horizontal scaling is adding more machines to your pool of resources. In relation to an ELK stack, horizontally scaling could be reindexing your data and allocating more primary shards to your cluster, for example.

Vertical scaling is supplying additional computing power, whether it be more CPU, memory, or even a more powerful server altogether. In this instance, your cluster is not becoming more complex, just simply more powerful. It would seem that vertically scaling is the intuitive option, right? There are some cost implications, however…

Why are they so different in cost?

As we scale horizontally, we have a linear price increase as we add more resources. However, when it comes to vertically scaling, the cost doubles each time! We are not adding more physical resources. We are improving our current resources. This causes costs to increase at a sharp rate.

AWS Elasticsearch Pricing vs Coralogix ELK Stack

In order to compare deploying an AWS ELK stack versus using Coralogix SaaS ELK Stack, we will use some typical dummy data on an example company:

  • $430 per day going rate for Software Engineer based on San Francisco
  • High availability of data
  • Retention of data: 14 Days

We will be comparing different storage amounts (100GB, 200GB, and 300GB / month). We have opted for a c4.large and r4.2xlarge instances, based on the recommendations from the AWS pricing calculator.

Compute Costs

With the chosen configuration, and 730 hours in a month, we have: ($0.192 * 730) + ($0.532 * 730) = $528 or $6,342 a year

Storage Costs with AWS Elasticsearch Pricing

The storage costs are calculated as follows, and included in the total cost in the table below: $0.10 * GB/Day * 14 Days * 1.2 (20% extra space recommended). This figure increases as we increase the volume, from $67 annually to $201.

Setup and Maintenance Costs

It takes around 7 days to fully implement an ELK stack if you are well versed in the subject. At the going rate of $430/day, it costs $3,010 to pay an engineer to implement the AWS ELK stack. The full figures, with the storage volume costs, are seen below. Note that this is the cost for a whole year of storage, with our 14-day retention period included.

In relation to maintenance, a SaaS provider like Coralogix takes care of this for you, but with a provider like AWS, extra costs must be accounted for in relation to maintaining the ELK stack. If we say an engineer has to spend 2 days a month performing maintenance, that is another $860 dollars a month, or $10,320 a year.

The total cost below is $6,342 (Compute costs) + $3,010 (Upfront setup costs) + Storage costs (vary year on year) + $10,320 (annual maintenance costs)

Storage Size Yearly Cost
1200 GB (100 GB / month) $19,739
2400 GB (200 GB / month) $19,806
3600 GB (300 GB / month) $19,873

Overall, deploying your own ELK stack on AWS will cost you approximately $20,000 dollars a year with the above specifications. This once again includes labor hours and storage costs over an entire year. The question is, can it get better than that?

Coralogix Streama

There is still another way we can save money and make our logging solution even more modern and efficient. The Streama Optimizer is a tool that allows you to organize logging pipelines based on your application’s subsystems by allowing you to structure how your log information is processed. Important logs are processed, analyzed and indexed. Less important logs can go straight into storage but most important, you can keep getting ML-powered alerts and insights even on data you don’t index.

Let’s assume that 50% of your logs are regularly queried, 25% are for compliance and 25% are for monitoring. What kind of cost savings could Coralogix Streama bring?

Storage Size  AWS Elasticsearch (yearly) Coralogix w/ Streama (yearly)
1200 GB (100 GB / month) $19,739 $1,440
2400 GB (200 GB / month) $19,806 $2,892
3600 GB (300 GB / month) $19,873 $4,344

AWS Elasticsearch Pricing is a tricky sum to calculate. Coralogix makes it simple and handles your logs for you, so you can focus on what matters.

Has Your ELK Stack Become Too Unwieldy to Manage?

Posted on by eugene evdokimov

The ELK stack has become a staple of log analytics in recent years, but so too have the stories of complex maintenance and poor scalability. We’re going to discuss some of the problems with a self-hosted ELK stack and the advantages of a SaaS offering like Coralogix.

The Challenge of the ELK Stack

Whilst ELK performs the objective of collecting logs and visualizing data really well, it does present a complex portfolio of challenges from a watering and feeding perspective. The platform requires a very well thought out, powerful infrastructure backend when you start to scale and ingest lots of data. To demonstrate just what we mean let’s look at the required infrastructure for ingesting 500MB a day from a total of 15 servers.

The minimum number of nodes required for a production environment is 3. You will want to ensure they have SSD storage, a minimum of 16GB of ram (the sweet spot is actually 64gb according to elastic’s website), and a powerful CPU with multiple cores (a minimum of 4 for each node, 8 is the sweet spot according to elastic’s website).

To gauge prices easily, let’s look at what this infrastructure would cost in AWS. In this example, we spec’d the servers with 500GB SSDs to allow for 60 days’ worth of log retention and allow for future growth. The total is $360 a month, and that’s not taking into account any maintenance or backups! An important part to note here is that as you start to ingest more logs you will likely require more nodes and a load balancer. This example is a small environment, but it will provide a good benchmark for the minimum required infrastructure to run an ELK stack.

A Cost Analysis

Deploying a production-ready stack will take an experienced engineer about 5 working days, very optimistically. Then you need to think about maintenance. We would average this out at 8 to 10 days a month (another very generous estimate). With a calculation of about $550 a day for an ELK engineer, you are looking at $2750 to set up the stack and about $2200 a month to maintain it. In total your first year is going to cost the following:

Item

 Upfront Cost Monthly Cost

Yearly Total

AWS Hosting Costs

NA

$360

$4320

Engineering Costs

$2750

$2200

$29150

Monthly Total

$2560

Yearly Total

$33470

Effectively a small logging and analytics platform is going to cost more than a junior developer for a year! The way ELK is designed you need to be operating at a large scale for it to make sense. This is of course the economy of scale. But with that comes even more complexity and cost.

Running out of Space

Outside of deploying the solution organizations face other challenges. One of the issues organizations run into is backend infrastructure problems. A common issue we see is environments ingesting too much data and running out of space. It’s not so much the technical challenge of purging older logs, or indeed adding additional storage. The real issue is the critical data that is lost whilst the backend is unavailable. Sometimes it can even cause a knock-on effect. For businesses that have enabled a buffer or cache on servers sending logs and have not configured it correctly, you can end up with the lack of connectivity resulting in logs being stored locally. The result is on virtual machines or containers with small drives they can run out of space too! The impact of taking down production systems in an organization can have a serious impact and often result in a loss of profit.

Patching your ELK Stack

Another area that can provide significant pain to an organization is keeping the backend up to date. Firstly, the technical challenges that need to be overcome whilst upgrading are complex and the process can be very time-consuming. Failure to keep your system updated could make upgrading the future a serious piece of work!

We often see businesses running seriously out of date versions with the risks of upgrading preventing the business from applying critical patches & updates. We are not going to go into the risks of running out of date software, but this can have massive consequences for businesses when it inevitably goes wrong.

Configuring your ELK Stack Correctly

If we put the costs aside and start to dig into the analytics, we find that the story is much the same. Outside of the horror stories of organizations not correctly securing or deploying their ELK stack comes the building business value side. The core driving force behind deploying such a system is to create powerful data & visualizations that can be used to improve infrastructure and applications. In order to do this, you need to customize your ELK stack to suit the needs of your organization and this is where the common issues arise with the complexity of managing the platform. For each component, you wish to monitor you need to configure the elastic infrastructure to support the source. You can lose countless hours trying to diagnose why a system is not correctly providing data to elastic. This is an area that is addressed in Coralogix with its array of out of the box plugins and integrations.

The most important part though when it comes to running your own ELK stack is security. Your logs are likely to contain sensitive information about you, your customers, your business, or all of the above! Authentication and authorization are a must for any business running ELK. In our opinion, the ELK stack doesn’t really provide an easy way to implement the required security practices discussed.

A common implementation is deploying the ELK basic security features; however, we have found them to be fairly limited. If you are hosting your own ELK stack, you may still be exposed to vulnerabilities related to your environment that you will be responsible for handling. This can be extremely costly and is often overlooked. The damage of having an ELK stack compromised is often devastating to an organization. As a result, we rank this has the most unwieldy part of managing an ELK stack internally.

Other Common Problems

Here are the common pitfalls organizations find after running Elastic for 1 to 3 years:

  • The amount of maintenance required was significantly higher than originally expected.
  • Upgrades are really time-consuming and often cause knock-on issues.
  • Logstash regularly eats all the available memory on our servers and often requires the service to be restarted.
  • Organizations spend an excessive amount of time performance tuning the platform.
  • Organizations regularly run out of storage at the beginning and as a result, lose critical data.
  • Security features are extremely complex to implement and require custom solutions.
  • Organizations networks experience a large volume of data transferred between ELK nodes resulting in knock-on performance impacts to other services on the network.
  • When organizations need to scale the complexity of the infrastructure more than doubled.
  • The infrastructure becomes a full-time job!

A Cost Comparison with your Coralogix ELK Stack

Using our example above of $2560 a month for an internally hosted ELK stack with 60 days retention and around just 100gb of logs a month you could consume Coralogix for just $320! That’s a saving of $2240 a month which is $26,880 a year!

Item

Upfront Cost

Yearly Cost

AWS & Internally Managed

$2750

($2560 x 12 = $30,720)

Coralogix

NA

($320 x 12 = $3840)

Yearly Saving with Coralogix 

$2750

$26,880

Three Year Saving with Coralogix 

$2750

$80,640

Not only is the solution more cost-effective but you also reduce the risk to the business and finally your engineers can have a good night’s sleep! As we have discussed, running the system internally and experiencing issues can cause damage to a business when things go wrong. Consuming Coralogix as a service means that the backend infrastructure is monitored and maintained by ELK experts allowing you to concentrate on what you do best! Coralogix offers a number of value-added features that simplify deployment and provide additional capabilities for example machine learning.

Ultimately if your ELK stack has become too unwieldy to manage, or you are looking to reduce your operational costs and increase your capabilities then Coralogix is here to help and remove the pitfalls of running your own platform!

How much does the free ELK stack cost you?

Posted on by eugene evdokimov

The free ELK stack (Elasticsearch, Logstash, Kibana) is not as free as it is cracked up to be.

This post will focus on the costs of maintaining your own ELK stack and the alternatives. 

Allow me to explain: Have you ever heard of The Weber-Fechner law?

Strangely enough, the Weber-Fechner theory is responsible for one of the most common mistakes companies make when choosing their log analytics solution.

Generally speaking, this law describes how people perceive change as a percentage of its baseline. By applying this theory to economic decision making, cognitive psychologists Amos Tversky and Daniel Kahneman discovered that people evaluate prices relative to a reference point, thereby making them more sensitive to a new expense rather than adding the same amount to an existing expense (see chart below).

But wait, how the hell is this related to Log Analytics?!

Well, remember those “free” ELK instances you have on your cloud? Their existence may prove to be the best example of the Weber-Fechner theory. These instances end up costing more than they initially appear at face value, however, most people tend to consider them free or cheaper than they are, as the price is added to the total amount that is paid to AWS.

That is why just like the chart below, you perceive their price lower than it actually is.

Weber-Fechner and ELK

So what are the costs of deploying your own ELK stack?

Of course, the answer to this question varies and depends on several aspects like:

  • How much log data is generated by your system(s).
  • How long you want to retain that data.
  • How accessible your data has to be.

We went for the classic case of a mid-size company:

  • 50GB of log data per day.
  • Retention period of 14 days.
  • High data availability.

Price for building your own ELK stack on AWS:

1) 1 Master instance (c4.large, West US, no HA):

$0.124/hour * 720H/month = $89/month

ES master server pricing AWS

2) 2 data instances (r4.xlarge) according to ES recommendation + with necessary redundancy:

$0.296/hour * 2 * 720 = $426/month

ES data servers AWS

3) Disk, general purpose SSD (gp2)

$0.12/hour * 50GB/day * 14/days retention * 2 (data redundancy) * 1.2 (recommended extra disk for ES) = $201/month

ES Disk on AWS

Total HW expenses per month: $89 + $426 + $201 = $716

And now for the cost, most companies tend to ignore, despite it being what keeps the company running.

People Cost

It has been our experience that setting up the entire stack including the ES servers, mapping, Kibana and collectors will take the average engineer which is familiar with the ELK stack about 5 working days which costs $530/day according to the average daily salary of an engineer ($140K/year). Calculated monthly on a 2 years basis: $110/month.

  • Monthly maintenance, about 3 days per month is the very least for this scale and it does not include crises (which do occur) and change requests from within the company: $1,590/month.

Total estimated price for building your own ELK stack on AWS: $716 + $110 + $1,590 = $2,416/month

Price for using AWS managed ES:

1) 1 Master instance (c4.large, west US, no HA):

$0.183/hour * 720H/month = $131/month

manages ES on AWS master server

2) 2 ES machines (r4.xlarge.elasticsearch)

2 * $0.437/hour * 720H/month = $629/month

managed ES on AWS data server price

3) Hard Disk, EBS Standard volumes:

$0.162/hour * 50GB/day * 14/days retention * 2 (data redundancy) * 1.2 (recommended extra disk for ES) = $272/month

managed ES disk pricing AWS
Total HW expenses per month: $131 + $629 + $272 = $1,032

  • Setting up your ES stack when using AWS managed ES would take less than half the time it’ll take you to set-up everything on your own, so about 2 days which costs $530/day according to the average daily salary of an engineer ($140K/year).

Calculated monthly on a 2 years basis: $44/month.

  • Monthly maintenance, about 1 day per month is the very least for this scale and it does not include crises (which do occur) and change requests from within the company: $530/month.

Total estimated price for a simple managed ES on AWS with Kibana and Logstash: $1,032 + $574 = $1,606/month

When you compare these numbers to services which cost about $2,500/month for 50GB/day 14 days retention and offer a fully managed cluster, alerting capabilities, higher availability, better redundancy, auto-scaling, and not to mention machine learning capabilities and anomaly detection, it is hard to understand why would anyone choose to set-up his own cluster. 

Coralogix offers a machine learning-powered logs, metrics and security solution, supporting the ELK experience, syntax, and API’s, without the hassle of maintenance and licensing risks. You are welcome to give it a spin and experience the difference between log management.

RELATED ARTICLES

Elasticsearch Mapping Exceptions

Elasticsearch Storage Optimization

Elasticsearch Update Index Settings