Re: elasticsearch
Doesn't scale as well as it should for most people. You've got to have a pretty thorough understanding of the underlying indexing and sharding architectures to get it up into the tens/hundreds of thousands of events per second range. Yes it's relatively easy to do but it's fundamentally a square peg in a round hole. Log analytics shouldn't need search, it's a time-series aggregation and filtering problem, which is why Graphite ships with a time-series database. Means you get to spend more time on product and less time on plumbing.
Personally I find it more interesting Splunk doesn't get a look-in. It's a serious player in both SIEM and application/infrastructure monitoring. Not that it's very good, but it's one of the biggest names in the market.
Biting the hand that feeds IT
