I'm doing a Graylog POC for my boss (Graylog+Mongo+ES). It's up and running just fine, but I fear it may not be the best combo for us.
Am hoping for comments/suggestions.
Multi-tenancy (secure role-based access to data) is the thing he cares the most about.
We want to segregate log data by project group.
** For example, Dev/Product team XYZ should have access to the log data from all their Dev, QA, and Prod servers, but team XYZ should have no access to the log data generated by team JKL's servers, and vice versa. Some managers and admins should have access to the log data from all servers across all projects.
What's the best combo of products? ELK? (Elasticsearch+Logstash+Kibana) - we want the graphs, charts, visualizations, dashboards, search and alerting capabilities We have to go all-open source; my budget is $0 (not including my time)