Currently, my organization is using Splunk to store logs from various places (DBs, Apache, systems we write, etc.). We don't really use most of its abilities (pull logs automatically, etc.), but we do require the search it provides – showing the event and some of its surroundings.
Recently the free version of Splunk started giving us hard time, so we would like to replace it with some other tool, even with less features, as long as it could index and search over large amount of logs.
Could you please offer such alternatives?
EDIT: while the suggestions given are great, none offer the searching and indexing capability I need. Can you offer something else?
Best Answer
Syslog-ng is a one of the traditional ways to centralize your logs. This older Linux.com article explains how to set this up. The article doesn't include indexing exactly, but shows you how to set up Log check to filter the logs using regex and get notified of non-trivial events.