Fluentd vs Logstash, An unbiased comparison

Fluentd and Logstash are open-source data collectors primarily used for the transportation of log data to a centralized server. Log collectors run on servers to pull server metrics, parse logs, and transport them to systems like Elasticsearch or PostgreSQL.

Logstash is most known for being part of the ELK Stack while Fluentd has become increasingly used by communities of users of software such as Docker, GCP, and Elasticsearch.

Before we go for the details here is some background information about Fluentd and Logstash.

Fluentd is built by Treasure Data and is part of the CNCF so if you’re using any CNCF hosted project (e.g. Kubernetes, OpenTracing, or Prometheus), you should probably go with Fluentd.

Logstash is a part of the ELK stack, if you plan on using Elastic, you should tend to prefer LogStash (although Fluentd also has excellent support for Elastic).

Fluentd Vs Logstash: A product comparison

Below is the comparison of both the platforms in detail.

Fluentd log managementLogstash log
SUPPORTED PLATFORMS AND LANGUAGEWritten in Ruby and C, Supported on Windows and LinuxWritten in JRuby, runs on JVM. Supported on Windows and Linux
TransportHas an internal and configurable buffering system, is more resilient and persistent, less complex to configure and manageHas a restrictive buffering system and depends on an external queue. Has greater complexity and higher chances of failure. 
Event Routing
Routes events using the tag approach; more declarative. Routes events based on if-else conditions; more procedural
Memory Usage
Consumes lesser resources; provides Fluent-bit as a lightweight alternative. It consumes around 40MB of memory  Is resource-hungry in comparison; provides Elastic Beats as a lightweight alternative. Consumes around 120MB of memory
Monitoring & Tuning
Built-in monitoring agent, plug-ins to integrate with your monitoring stack.Metrics filter can be visualized in 3rd party such as Graphite.
Plugin EcosystemDecentralizedCentralized

Both are licensed under the Apache 2.0 license and newer versions of both tools support reloading the configuration without having to restart.

Elastic recommends that you run Elastic Beats, resource-efficient, purpose-built log shippers instead of running fully-featured Logstash. Each Beat focuses on one data source only and does that well. On Fluentd’s end, there is Fluent Bit, an embeddable low-footprint version of Fluentd written in C, as well as Fluentd Forwarder, a stripped-down version of Fluentd written in Go.

Both have a lot of similarities rather than differences. You can choose the one depending on the environment you will be using.

If you have more specifications and comparison to add to the list, comment down below and do share this article with others.

We will be happy to hear your thoughts

      Leave a reply

      Techs Tricks
      Reset Password