Blog Feed Post

X-Pack Alternatives

People love Splunk. But not its price. So people are always on a lookout for a good Splunk alternative. Many of those people migrated from Splunk to ELK Stack or Hosted ELK Stack solutions like Logsene. The situation with Elastic X-Pack is similar. It’s a nice package of tools bundled with professional services, but quite pricey. So naturally, people again look for X-Pack alternatives.  Luckily, there are a number of alternatives for each X-Pack component.  Let’s unpack the X-Pack and see what X-Pack alternatives are available as either open source tools, commercial alternatives, or cloud services:


Functionality Elastic Alternatives
Security X-Pack Security

(formerly Shield)






SearchGuard provides a free, open source alternative to X-Pack Security. SearchGuard support and enterprise features are not free of charge – the license model is per cluster – but it is probably a cost saver relative to X-Pack. Learn more about SearchGuard here

Sematext Cloud or Enterprise for time series data use case – like metrics, logs: Sematext Cloud has role-based access control and SSL/TLS encryption. If you look for a secure alternative for time series data such as logs or metrics, Sematext Cloud might be a good alternative.

Alerting X-Pack Alerting

(formerly Watcher)



Elastalert (open source) is a simple and popular open source tool for alerting on anomalies, spikes, or other patterns of interest found in data stored in Elasticsearch. Elastalert works with all versions of Elasticsearch.

Logagent (open source) is a general log shipper. However, it can schedule Elasticsearch queries (input), filter the results using custom criteria and alert via pluggable outputs like Slack. Thus, using Logagent for alerting on Elasticsearch data is just a matter of configuration.

Sentinl extends Kibi or Kibana with Alerting and Reporting functionality to monitor, notify, and report on data series changes using standard queries, programmable validators, and a variety of configurable actions.

Sematext Cloud provides alerts on metrics and logs. It offers alerting based on threshold or statistical anomaly detection, as well as heartbeat alerts. It comes with default alerts for all integrated apps (e.g. for disk storage or JVM garbage collector, etc.) and features ChatOps integrations like PagerDuty, Slack, HipChat, BigPanda, WebHooks, Pushover, e-mail, etc.

Monitoring X-Pack Monitoring

(formerly Marvel)

Sematext Cloud Elasticsearch integrations, Prometheus, Datadog, New Relic, etc. 

Data collected by monitoring a production cluster should be stored in a separate location. With Elastic X-Pack monitoring this means running a second Elasticsearch cluster for monitoring data. Hmm, how do you monitor your monitoring Elasticsearch cluster?  
Using Sematext Cloud, Datadog or other cloud-based monitoring services, your monitoring data gets shipped off-site and is accessible even when your production is experiencing problems. Sematext Cloud can collect and correlate Elasticsearch logs with Elasticsearch metrics and provides alerting and anomaly detection.



Skedler provides easy scheduling of PDF, XLS and PNG reports for Kibana dashboards.  Paid plans are only a few hundred dollars per year.

Sentinl, Kibana and Kibi plugin for reporting. Think of it as a free and independent “Watcher” which also has scheduled “Reporting” capabilities (PNG/PDFs snapshots).

Sematext Cloud provides scheduled queries and reports the results via e-mail, with included PNG snapshots.

Graph X-Pack Graph  




X-Pack graph generates nodes and edges for graphs and extends Kibana with a graph display to explore relations.

Kibi is a kept-in-sync fork which extends Kibana with a relational data model and the ability to do joins over multiple indices. In addition it supports relational data from SQL databases. The enterprise edition includes graph visualization, alerting & reporting, security features, additional components and support

Kbn_network Kibana 5 plugin. Open source and free Kibana 5 plugin for network visualization with Apache 2 license.

DIY: Cytoscape.js, Visjs.org (open source)

Individual graph visualizations are not too hard to implement. It is mainly a matter of JavaScript frontend programming and converting results of Elasticsearch queries to a graph structure (nodes and edges). There are several good open-source Graph visualization libraries to render graph data structures in the browser.
GraphAware Graph-Aided Search is an enterprise-grade bi-directional integration between Neo4j and Elasticsearch.  It enabled one to improve the quality of search results by boosting or filtering search results based on data retrieved from Neo4j database.  After performing a search in Elasticsearch, just before returning the results to the user, this plugin requests additional information from Neo4j via its REST API in order to boost or filter the results. It also includes a module which can be configured to transparently and asynchronously replicate data from Neo4j to Elasticsearch.

Machine Learning X-Pack Machine Learning  


Knowi is a business intelligence tool, natively supporting many SQL and NoSQL data sources including Elasticsearch.  Knowi recently added machine learning capabilities, combining BI and AI in a single platform, to support predictive and prescriptive analytics.

Sematext Cloud provides anomaly detection for performance metrics and logs, based on a series of machine learning algorithms.  It automatically computes the baseline values for metrics or results of saved searches and triggers alert notifications when new data goes out of bounds of the baseline range.

Elasticsearch Support Support for 5.x and 2.x Sematext delivers enterprise-class, world-wide production support for Elasticsearch and ELK Stack (Elasticsearch, Logstash, Kibana), from Elasticsearch 1.x and up!

And there you have it! It turns out there are lots of options to pick from and, with time, we are bound to see more and even better alternatives.

Want to learn more about Elasticsearch and the rest of the Elastic Stack? Subscribe to our blog or follow @sematext. If you need any help with Elasticsearch, Logstash, and friends – don’t forget that Sematext provides Elasticsearch Consulting, Elasticsearch Production Support, and offer Elasticsearch Training!


Read the original blog entry...

More Stories By Sematext Blog

Sematext is a globally distributed organization that builds innovative Cloud and On Premises solutions for performance monitoring, alerting and anomaly detection (SPM), log management and analytics (Logsene), and search analytics (SSA). We also provide Search and Big Data consulting services and offer 24/7 production support for Solr and Elasticsearch.

Latest Stories
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
Automation is enabling enterprises to design, deploy, and manage more complex, hybrid cloud environments. Yet the people who manage these environments must be trained in and understanding these environments better than ever before. A new era of analytics and cognitive computing is adding intelligence, but also more complexity, to these cloud environments. How smart is your cloud? How smart should it be? In this power panel at 20th Cloud Expo, moderated by Conference Chair Roger Strukhoff, paneli...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
SYS-CON Events announced today that TMC has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo and Big Data at Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Global buyers rely on TMC’s content-driven marketplaces to make purchase decisions and navigate markets. Learn how we can help you reach your marketing goals.
Managing mission-critical SAP systems and landscapes has never been easy. Add public cloud with its myriad of powerful cloud native services and this may not change any time soon. Public cloud offers exciting new possibilities for enterprise workloads. But to make use of these possibilities and capabilities, IT teams need to re-think everything they have done before. Otherwise, they will just end up using public cloud as a hosting platform for their workloads, aka known as “lift and shift.”
Cloud promises the agility required by today’s digital businesses. As organizations adopt cloud based infrastructures and services, their IT resources become increasingly dynamic and hybrid in nature. Managing these require modern IT operations and tools. In his session at 20th Cloud Expo, Raj Sundaram, Senior Principal Product Manager at CA Technologies, will discuss how to modernize your IT operations in order to proactively manage your hybrid cloud and IT environments. He will be sharing bes...
Cloud applications are seeing a deluge of requests to support the exploding advanced analytics market. “Open analytics” is the emerging strategy to deliver that data through an open data access layer, in the cloud, to be directly consumed by external analytics tools and popular programming languages. An increasing number of data engineers and data scientists use a variety of platforms and advanced analytics languages such as SAS, R, Python and Java, as well as frameworks such as Hadoop and Spark...
SYS-CON Events announced today that TechTarget has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets.
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organi...