For a long while I was using grafana to visualize the logs in my environment. It's a capable, well established, platform... but it was also complex, overly bloated for what I need and want, and required a LOT of massaging to get things close (but not all the way there) to what I wanted.
SO, I decided to just build the lightweight service that I actually want.
Enter Sharp Vessel
Sharp Vessel is a project to build exactly the kind of log analyzer / visualizer that I want - giving me the standard visitor and traffic statistics, but going a step further in also giving me info on the automated threats that are hitting my site. It detects their probes, classifies them (i.e. credential harvesting, RCE-CVE, Wordpress takeover...), and gathers info into a per-threat view. From there I can see details about what network the traffic is coming from, send a compiled abuse report, and/or implement a block on the IP, CIDR, or ASN.
It also has an alert function, so it notifies me when a new threat is detected or a known threat has escalated their attacks further.
It's pretty basic otherwise, but it works quite well for what I want it to do... and it's very lightweight and easy to install / set up... which was the other major design decision. I wanted it to be easy.