We are exploring integrated observability/monitoring tool. What is your view on using opensource tools like - prometheus, elasticsearch, Jaeger, ... are there concerns from scalability, patching, vulnerability management, malicious code, licensing and support? Keen to learn if anyone is using opensource observability tool stack.
Sort by:
All your concerns are valid. Had worked with prometheus + grafana previously. I'd say dependent on your team maturity & skillset it might be a cost benefit analysis situation.
It's very economical to use / build open source in your own environment (whether it's AWS, Azure, GCP). The cost that comes with it is the full maintenance of it. If you're in an organization where there is already a certain level of maturity in vulnerability management, security management, infrastructure management, then this really isn't a stretch to add to the current operating plan. However, if the above isn't true or the staff skillset isn't there, you'd get more value faster by going SaaS on observability.
I am not aware of any clients within the CRA using any of these tools and so I would not be in a position to provide feedback. Otherwise I would definitely share.
While these tools offer flexibility and cost savings, they can also introduce complexity and risk if not properly managed. To maximize their potential, To unlock their full potential, consider a hybrid approach that combines the benefits of open-source tools with commercial support and services, enabling you to effectively scale, secure, and optimize your observability stack while minimizing risk and maximizing ROI.