I've been roaming these forums for a little while now, trying to find out what ELK can do and how.
Now I'd like the opinion of other users if it can replace my current monitoring setup.
We are already running ELK Stack to receive log files from our production servers. So basically Logstash is grabbing the logs from out production servers (which by the way have multiple projects and each are hosted as a separate URL).
This separate url would be similar to this "https://(customer company name).(our company).com"
After Logstash filters the logs, it sends it to Elasticsearch and Kibana can be used to query the log files. Nothing more nothing less.
Now we have a homemade product which also filters log files and checks the servers and the projects on these servers for multiple things. With every new project or server we make a couple of checks for it by adding values by hand. They check for availability (Value would be 5000ms. Every 5000ms perform this check.) or how much memory does it have (5% or less)?
If the availability returns false or the memory returns a value that is less than 5%, we'll get an email.
I figure that this is quite possible with ELK and Watcher and maybe Marvel for convenience. Now here is the kicker, we also categorize these logs. Examples of the categories are: "Info, Warning, Severe". Is there a way of replicating that feature within ELK? So our logs will return one of those categories if they exceed a certain condition set by us.
So basically, am I correct in believing that ELK and Watcher can replace what I have mentioned and is there a way of replicating the log category part?
Thank you for your assistance!