When comparing ODE vs Rocana, the Slant community recommends Rocana for most people. In the question“What are the best log management, aggregation & monitoring tools?” Rocana is ranked 15th while ODE is ranked 35th. The most important reason people chose Rocana is:
Beyond simple rules-based alerting, Rocana Ops creates statistical models for each of the metrics you want to track and evaluates as data streams in to provide nearly instantaneous feedback on how your systems are performing. Unique WARN (Weighted Analytic Risk Notifications) Scores indicate components that are trending to the good or bad. Users can create custom metrics, which get evaluated just the same as "out-of-the-box" metrics.
Ranked in these QuestionsQuestion Ranking
Pros
Pro Scales easily
ODE instances are independent of each other, so they don't have to worry about a peer being added/removed. This allows the cluster to grow without any performance hit on the log aggregation. There is no redundancy built-in, but you can always use the forwarder to duplicate data. There is no sharding configuration or any other penalty that comes up with scaling a cluster. The clustering configuration is also very easy where you just list out peers for one of the node in order for it to run a search query on the whole cluster and merge the results. Scales better than any other open source log management tool out there.
Pro Add new parsers as you like
You can add any parser you want to ODE.
Pro Highly customizable
Pro Easy to use
Pro Great "out-of-the-box" analytics
Beyond simple rules-based alerting, Rocana Ops creates statistical models for each of the metrics you want to track and evaluates as data streams in to provide nearly instantaneous feedback on how your systems are performing. Unique WARN (Weighted Analytic Risk Notifications) Scores indicate components that are trending to the good or bad. Users can create custom metrics, which get evaluated just the same as "out-of-the-box" metrics.
Pro Highly scalable
Collect and analyze multiple TBs of data per day, built on Hadoop components Rocana Ops is a highly-distributed system offering massive scalability using commodity hardware. Rocana has customers collecting 10+ TBs of log data per day.
Rocana One free option provides up to 1TB of daily data volume for free.
Cons
Con Still in beta
Opallios ODE seems to be still in beta, as such there may be issues or missing features which are not yet implemented.
Con Expensive
Appears to be an expensive solution.
Con Doesn't run on a laptop
Well, maybe you can squeeze Rocana Ops on a laptop, but it is designed as a highly-distributed, fault-tolerant system and requires a Hadoop distro as the underlying platform.