While not specific to the Elasticsearch and Kibana fork, I came across this in the Logstash repo today…
“geoip-filter will be removed from OSS and join the Basic license”
It begs the question whether we are going to see Elastic whittle down the functionality of their remaining OSS offerings with quiet, behind the scenes licensing changes.
@robcowart Thanks for the alert. It’s true that a company to survive need money and they need to pay back all the money of investors and stocks. (Just joking)
The issue of License Changing in MaxMind Database that is behind the plugin required them to change, mainly because them don’t want to release the “reload code” implemented in XPack.
The reloading of new Database is also an issue in Elasticsearch implementation of the plugin.
The geoip is good as fast start, but if you need more accurate IP resolutions you need to pay for better IP databases or Implement your own solution.
I’m using logstash, but many other alternatives are taking momentum such as FluentD and https://vector.dev/ that is written in Rust. These solutions have much better engine that Logstash written in JRuby with a core rewritten partially in Java.
FluentD is the more mature and feature rich (Here a comparation with Logstash https://logz.io/blog/fluentd-logstash/)
Agreed on the maxmind license change, we had to adapt too. They wanted a lot of money for us to use it.
Vector is great for sure, I am a fan. Now that they have been acquired lets see what happens next. Some of my other favorites right now that you didn’t mention are Fluentbit which is in C++ versus Ruby (Fluentd) but is a little less configurable. It’s much more compact and high performance. Also don’t forget Stanza which is now part of Otel due to the fact that it’s written in golang… observIQ/stanza: Fast and lightweight log transport and processing. (github.com)
@jkowall Thanks for the sharing. Stanza is also moving to OpenTelemetry. I’ll take an eye on it.