Elastic Search Reviews

We use the solution for log gathering, analyzing, and dashboard creation (with Kibana).

For example, several clients require the ability to store and search logs freely without the constrictions that would be in place if a traditional database was used. 

Elasticsearch is perfect for these use cases since it is a non-SQL database with advanced querying capabilities based on the Lucene search engine. 

There is excellent support and a large community that answers possible questions online in detail and very quickly. I was amazed at the help I got several times.

It gave us a tool to perform queries on unstructured data that had no fixed schema/form. This alone was a great asset, especially when dealing with clients that have large datasets from various sources that each follow their own format. 

It gives us the possibility to store and query this data and also do this efficiently and securely and without delays. 

Moreover, its learning curve was not steep. Therefore, no training was required - or at least no significant amount of time was consumed for training activities.

The ability to store unstructured data and perform fast searches that could be customized in detail is quite helpful. This is also a direct request from more and more customers. The Lucene search engine provides the needed speed. In larger projects with multiple nodes, disaster recovery and prevention is an asset (and it is needless to explain why). 

AI and machine learning capabilities have also emerged as a direct result of requests from customers. The addition of these features is useful and also can provide advanced security capabilities (such as tracking unusual behavior detection in logs).

Dashboards could be more flexible, and it would be nice to provide more drill-down capabilities. 

Although the discover function offers exploratory capabilities and one can search for various patterns in logs, the ability to do this from the dashboard function would be very useful. It would make the procedure more simple for the end user, and require less training. It would also be pretty much self-explanatory (drill down and explore specific parts of the diagram/dashboard). 

Also, more predictive analytics would be a nice-to-have feature.

I have been using the product for about two years.

The stability can be impressive.

The scalability is very good.

Technical support is excellent!

Positive

I have used Prometheus and Grafana. They do not offer the capabilities of ELK and their focus is different.

The setup is straightforward - although Logstash needed extra care in Windows VM installations.

We handled the setup in-house.

We have seen an ROI of 50% at least.

I'd advise people to involve a team with people from different departments in order to predict the correct scale.

Loki seems to be an alternative with fewer capabilities.

Logstash seems to have a very small capability to report errors, and that makes it difficult to troubleshoot. It would be nice to get some indication so as to save time.

It's a cloud-based service. At that time, we were using AWS, so we could get the same Elasticsearch capabilities from AWS. It was mostly a PaaS service that we could access. We had the Elasticsearch specific server and database hosted on an AWS instance, and then we fed the data to it and tried to fine-tune the algorithm to give the necessary search intelligence that we needed.

We're not using the latest version. We're using a version that was released one year ago.

The whole organization has about half a million users, but at any point of time, a hundred users might be using it.

The AI-based attribute tagging is a valuable feature. It passes through text data and identifies the tag-words and keywords and connects them to various attributes in the whole system. The system was supposed to run through a lot of existing data in terms of which tag-words would reflect which keywords. There was a model built on top of that. We were building a machine-learning model, which passed through all of the data and did the necessary attribute tagging. We couldn't find attribute tagging in other services.

We initially tried to do it in-house, but we couldn't get the accuracy that we wanted. Elasticsearch was quite efficient in terms of getting accuracy with the limited amount of data that we had. We had 10,000 to 20,000 records. Based on that, we had a good amount of accuracy, which we were happy with. There's a lot we can do with customization.

The documentation regarding customization could be better. Other than that, Elasticsearch has very good documentation. We can get a lot of information from forums.

I have worked with this solution for six months. 

The solution is stable.

As far as what we could accomplish, it was scalable, but we didn't have a lot of data that needed to be processed. We had 10,000 records and it was scalable.

We have reached out to tech support when we have had queries, and they respond in time. We didn't have an escalation process, but we had a lot of queries.

We chose Elasticsearch because we could build a model in a short amount of time. It allows us to build a whole setup in one month and get 93% accuracy. Even if you look at the complex AI-based features that we built within a shorter span, we could build that model with high accuracy, which wasn't possible with other search enterprise vendors that we used.

Setup was a little complex, but we had in-house expertise.

The solution needs regular fine-tuning in terms of the data model. As we get more and more data into the system, the predictability and accuracy of the output keeps changing. On the application and DB side, it was fine. Not a lot of maintenance was required.

Deployment was done in-house.

The solution is affordable. Previously, we wasted a lot of time by building our own system, which we could have avoided by moving to Elasticsearch earlier.

I would rate Elasticsearch as eight out of ten. 

Elasticsearch provides a lot of possibilities. You need to understand your requirements and how Elasticsearch can fulfill them. Somebody might be looking at a simple keyword service or attribute tagging. If you don't understand exactly what you're looking for, you'll get lost in their options and waste a lot of time.

The solution satisfies our business needs.

The most valuable feature of Elastic Enterprise Search is user behavior analysis.

Elastic Enterprise Search could improve the report templates.

I have been using Elastic Enterprise Search for a while.

Elastic Enterprise Search is stable.

The scalability of Elastic Enterprise Search is good.

I have not contacted the support from the vendor.

Elastic Enterprise Search is of a moderate range of difficulty, it is not difficult and not easy.

We are paying $1,500 a month to use the solution. If you want to have endpoint protection you need to pay more.

I rate the price of Elastic Enterprise Search a three out of five.

My advice to others is for them to make sure this solution satisfies their business needs because there are many solutions and providers, with a lot of options. There are solutions that have a lot of features that the business might not need and it is not good for the business to waste money on features not used. It was recommended by many peers not to seek many options in a solution that you are not going to use, and to concentrate on what is needed.

I rate Elastic Enterprise Search a seven out of ten.

All my use cases have been based more on observability for IT operations. We deal with it in terms of metrics, logs, transactions, traces, and so on. 

In terms of enterprise, most of the use cases are based on search capacity within the company to find documents and relevant information. That is the main use case.

The most relevant feature for me is the platform capacity. I consider the capacity high-performance with a distributed model that can support it, and recently we are growing. 

Search is really powerful. All the search engines and the rules that complement them allow the users to create different kinds of administration for the platform. YOu can create synonyms or rules to better understand or to better detect partial search criteria. It's like an AI that boosts searchability.  

The platform has a powerful tool to correlate and create rules that understand what people will be searching for. 

All the community support that we have available from different users in the open source community is great. Everyone shares and publishes all of these different use cases. That makes the platform and the platform understanding really powerful for anyone who wants to implement a different case.

It is easy to set up.

The solution scales well. 

They have great integrations on offer. 

Maybe Elastic Search could improve the analytics part of the search so it can be more powerful to the user. It could help provide more understanding of what people are searching for. 

We'd like more user-friendly integrations. It should be easier for non-technical people to understand how to handle them. 

I've used the solution for the last four years or so. 

It's stable. We have on-premise and on-cloud deployments. It's stable on both. I prefer the cloud as I avoid the time it takes to manage the platform. However, both cases are stable.

It is a product that can scale well. It's not a problem. 

We have maybe 200 people on the product right now. 

I have experience working with technical support. They are good at responding to incidents. I have not had too many incidents, however, sometimes for probably technical questions in terms of platform performance, search, cluster distribution, and so on, I might reach out. 

My point of view is that the technical support is awesome. They are very responsive and they have a really high understanding. The team has a lot of people with a lot of technical skills and technical knowledge.

The initial setup is very straightforward. It's not difficult as well. 

As I use the cloud, all of the costs for me are based on customer needs. There is a fascinating calculator published in Elastic. That there is not a specific starting cost. It can move from $10,000 US Dollars per year to any price based on how powerful you need the searches to be and the capacity in terms of storage and process. That said, you can start with a small budget, implement the use cases, and start growing slowly.

I'd rate the solution nine out of ten. 

I'm a customer and end-user. 

We are using Elastic Enterprise Search for monitoring and alerting. It will look for any kind of possible error that is on the infrastructure side and give notifications.

The most valuable feature of Elastic Enterprise Search is the opportunity to search behind and between different logs.

Elastic Enterprise Search can improve by adding some kind of search that can be used out of the box without too much struggle with configuration. With every kind of search engine, there is some kind of special function that you need to do. A simple out-of-the-box search would be useful.

In the next release, they could improve on the scheduling and alert features.

I have been using Elastic Enterprise Search for a couple of years.

Elastic Enterprise Search is stable.

Everything is managed by Amazon AWS, making Elastic Enterprise Search highly scalable.

We have approximately eight engineers using this solution in my company.

I have not contacted support.

The initial setup of Elastic Enterprise Search was straightforward.

We did the implementation of Elastic Enterprise Search in-house with one person and it was up and running within a couple of days. There is detailed documentation that helped us.

There is fine-tuning needed, but that's never-ending because every time you add a new server, features, or tools inside you have to tune it a little bit better for the alerts.

Elastic Enterprise Search is an open-source solution.

I rate Elastic Enterprise Search a ten out of ten.

I am an end user, and we use Elasticsearch for our logs. Specifically, we use it for security logs for our enterprise, including machines, networks, and endpoints, as part of our IT infrastructure.

We have been able to collect our live logs, which helps us run security operations more effectively. It has enabled us to identify false positives and detect real-time malicious activities in the network.

The security portion of Elasticsearch is particularly beneficial, allowing me to view and analyze security alerts. It serves as a query engine for the database, enabling us to analyze logs for potential threats.

An improvement would be to have an interface that allows easier navigation and tracing of logs. The current system requires manually inputting dates to verify alerts. A visual timeline that pinpoints possible anomalies would be beneficial.

I have been using Elasticsearch for approximately one year.

I would rate the stability of the solution as nine out of ten. It is very robust.

I would rate the scalability as either nine out of ten. It's a very robust solution.

I do not interface directly with technical support from Elastic. Another colleague manages that aspect.

Positive

We did not use any different solution before Elasticsearch.

I was not involved in the setup process. Our architects and technical officer managed it.

I am not directly involved with pricing or setup costs. While I know a portion is open-source, a paid version might be necessary.

It was not my duty to evaluate other options. The architects and chief technical officer handled those decisions.

For someone wanting to be a security analyst, Elasticsearch is a valuable tool. It helps organizations collect large amounts of logs from various platforms like Windows, Ubuntu, and Palo Alto Networks.

I'd rate the solution eight out of ten.

There are a lot of good things about this solution. First, it is an extremely fast search. We have quite an extensive number of logs, and we can search through billions of documents in just a few minutes, and get the results we're looking for.

The second is easy indexing. We can index almost anything that comes from a log. Anything produced in the system can be ingested in Elastic Search.

I want the solution to improve the graph feature because it is a little bit poor. Both the graph feature and the reporting feature are a little bit lacking. The alerting also needs to be improved.

As for new features, I would like to see more on the network monitoring side. I can see that a lot has been done in server management, security, and application. However, I would love to see the same attention given to network management. If we could go and harvest the network information and bring it into Elastic Search, it would be the perfect solution for achieving a NOC and SOC environment.

I have been using this solution for five years.

We haven't had any stability issues at all. You just have to make sure that you are ingesting the right amount of data and maintaining your cluster by clearing up all of the data regularly. We input some script that tells the solution to drop any data it sees that is older than three months. It's as simple as that, and we're very happy with it. 

If you size your nodes properly, and a node drops or there is a problem, the product will still function. Last night, one of the nodes in my cluster crashed. I went in to check it and restarted the node, and the data appeared and everything was fine. I cannot say the same for a lot of other solutions.

The solution has great scalability. We started with one node, then went to three nodes, as recommended by Elastic. We then found ourselves with seven nodes, and eventually 11 nodes. Then we said, "Wait a minute, this is not going well because we keep adding data and running out of storage." That's when we decided to start dropping data after three months. 

I've seen a lot of improvement over the last five years. Five years ago, there was a little bit of tech support but it was not great. Recently, I opened some cases and the team gave me answers that included exactly what to do to resolve the problems. This shows that the support team has knowledge. It's not just someone who is sitting in the office and try to figure out the problem. When you give them a problem, they know exactly what's wrong and they'll offer the precise solution that will solve the problem. We have seen a lot of improvements in the last six months. I would rate the technical support as a four out of five because they are very knowledgeable. 

Positive

I would rate the initial setup process as a five out of five because it's the easiest product I've ever dealt with. When it needs to be upgraded, you just tell it to upgrade and the solution does it for you. 

We started with the open-source version and the price increases as you add nodes because it's node-based. The price kept increasing, so we decided to buy a license to get all the features and manage the clusters more efficiently. The price of Elastic Enterprise is very, very competitive. I think it was around $700. It was very cheap for our budget. We have other solutions from other vendors that are way more expensive.

The beauty of Elastic Search is that it's based on an open-source solution, so even if you don't want to keep your license, you can just switch it off and go back to the open-source version. You'll lose some of the features, but your data will still be there, and you'll still be able to manipulate it.

You can scale the pricing up and down, which is great flexibility for us because we are a government organization. When it comes to invoicing and payment, the government is a little slow. For example, we found that our license expired on December 31st, but the vendor still hadn't been paid, so they would not issue us a new license. We switched our license off and went back to open source mode until we were able to get our license again and switch back to Enterprise.

One time, we had a remote customer who was complaining about response time, and we couldn't figure out where the problem was located. We created a small setup, just one node of Elastic Search, and we started using it to ingest the network traffic that was going from that customer to our main site. Once we started ingesting the network traffic, we saw exactly what the problem was. We were able to solve the problem, and it only took us an hour.

What sets this solution apart from its competitors is the innovation. For example, look at the number of releases they're doing. About every three to six months, you have a new release with new features, and it's great. The good thing is that even if you don't like the innovation, you still follow an upgrade line, which means you don't lose anything from the past. You just keep getting new stuff pumped into Elastic Search. As a result, it's becoming more like an overall operational solution, when before, it was just a place where you dumped your logs.

My advice to new users of this solution is to start with a specific use case that's a simple or complicated problem that you want to address. Start with that use case, address it straight away, and keep expanding. For example, we started with a network traffic use case, then expanded into Syslog management of a network device. Next, we expanded to an event management server, and then we went into application management. Now we are in security logs, and it keeps expanding.

I would rate this solution as a seven out of ten because there is still a lot missing regarding network management. Also, machine learning is still not clear to me. A lot of the things in machine learning can be addressed straight away with other features, like a watcher or alerting. At this point, I don't see the benefit of machine learning when it comes to IT infrastructure.

I am using Elastic Enterprise Search for the visualization of logs.

The most valuable feature of Elastic Enterprise Search is the Discovery option for the visualization of logs on a GPU instead of on the server.

Elastic Enterprise Search could improve its SSL integration easier. We should not need to go to the back-end servers to do configuration, we should be able to do it on the GUI. 

I have been using Elastic Enterprise Search for two years.

Elastic Enterprise Search has been a stable solution for me for the whole time I have been using it.

I am using Elastic Enterprise Search on-premise and it cannot scale. However, they do have a cloud option.

We have approximately 100 people using this solution in my organization. We use it on a daily basis.

I have not used other similar solutions to Elastic Enterprise Search.

The setup of Elastic Enterprise Search is not normally easy but I was running it on top of Docker which made it easy.

I rate the initial setup of Elastic Enterprise Search a three out of five.

I have configured the solution myself and it has provided me with what I want. I do maintenance of the solution once every other week.

The version of Elastic Enterprise Search I am using is open source which is free. The pricing model should improve for the enterprise version because it is very expensive.

We chose Elastic Enterprise Search over other solutions because the interface was easy to use.

I rate Elastic Enterprise Search a nine out of ten.