Switch to Graylog from Mariadb?

Question

TL DR: should you use graylog instead mariadb as database for a moderate amount of data? Would this be a good idea?

Longversion: There is a python script which puts some nmap monitoring data (maybe 1000 to 10000 rows) into a maria database each day. It is using sql alchemy, a flask website is using the same datatypes to display the results and everything is working fine. The model is not too complicated, 3 Tables with a one to many relation.

ip range -> hosts -> ports (with results)

Now my boss wants to put everything into graylog with a python binding and to abadon sql alchemy and the mariadb completly.

My question is: would you recommend to keep the existing structure and just export each night everything from the mariadb into the graylog server (the data is collected just once a night).

Replace the database / mysql alchemy and use Graylog directly? I have never worked with Graylog and I am not sure if you can use it as a database replacement.

Answer 1

Graylog is a log agregator like Splunk its not a relational database itself. From what you describe you are using the MariaDB Database like a logging utility for this data.

Questions to ask yourself are, do you have other logs you should be aggregating and collecting or is it just this one niche set of data?

If you have multiple sources then Graylog is one answer but if its just this subset then its probably overkill.

For context I use Splunk to aggregate over 50GB of logs per day, they come from servers, networking gear, firewalls and more. I'd never think to pour that data into a SQL Database, its not the right tool for the job.