Splunk/ELK. I have used Splunk since its inception (I was one of the first paying customers) and enjoy its many features and integrations (e.g. AWS Cloudtrail, Nagios, and anomaly detection). In the past few years, I've come to know and like ELK, ElasticSerch, Kibana, and Logstash. The open source approach has some nice properties as well. It's on you to get the logs ingested but generally that is remote syslog (rsyslog,syslog-ng, or equiv) and logstash with redis. The docs on this integration are not super strong but with a little hacking you can get it working. The feature set is less in this stack and the UI is not nearly as nice. The savings are huge though especially as log volume goes up. Splunk also has a free service targeted at developers called Spluk Storm. Good for proof of concept and easy to setup without any hardware requirements as it runs on AWS.
Some people find EFK (Elasticsearch Fluentd Kibana) to be another compelling alternative to Splunk (Disclaimer: I am one of the maintainers of Fluentd)
1. Easier to extend that syslog-ng if you have a modest knowledge of Ruby
2. Easy to configure file- and memory- based buffering and failover.
3. Advanced filtering out of the box.
4. Rich plugin ecosystem with 300+ plugins.
At least that's what I've heard from the users who switched from syslog-ng to Fluentd. I am happy to learn more about what makes syslog-ng great since I've never used it seriously myself =)
I have used both splunk and elk. Splunk at a bank and now elk at a startup. My experience is splunk is not worth the money. You can pretty much do everything u wish to with elk or further processing the data and loading it back to elastic search.. Which is what we do at my current place..
