Elastic Search Reviews

It is basically for the banking and non-banking sectors. We use it for the APM perspective and application performance monitoring, but not in a holistic way; it is just layer seven, layer five, and six that are there.

In analytics, people use it for search patterns. I've also used Elasticsearch for indexing, where we can have content and do these things. But from an analytics perspective, I have never used Elasticsearch. I have used it in one project

It's a good tool because if you compare it with MongoDB, MongoDB is better. It has a very good data warehouse and search pattern. Elasticsearch cannot be made into a data warehouse. You can use it for smaller-scale analytics, but if you are looking at anything over 30-40 TB, it's not a data lake or big data solution. 

It's a normal database, and any Oracle database or enterprise DB like MSSQL or PostgreSQL can do these things. I've never used it for unstructured data. I have used MongoDB, but not for this.  

All features are almost the same as other observability tools. The best part I like is that it becomes a MOM aka monitoring of monitors. It can capture data from all other sources. It's not a unique feature of Elasticsearch itself because other tools like Dynatrace do do the same thing. But from an ROI perspective and a user-friendly perspective, it is a good tool.

Even at level four to level seven of the OSI model, it does monitoring very well. There are a lot of AI-embedded tools or prediction tools, and numerous default reports are available, which get populated easily. 

So, the quality features are there. There are about 60  to 70 odd reports available. When you deploy the tool and the logs come in, they can capture those logs and automate field mapping and other things. That's the feature—by default, a few reports are available.

The data indexing capability of Elasticsearch is very good. It does the indexing correctly. It's not over-indexing, so it's perfect. It's very good. But how it works depends on the customization of the application and the search pattern you want. The log can be easily viewed, and based on that, you can easily tag things.

Scalability and ROI are the areas they have to improve. Their license terms are based on the number of cores. If you increase the number of cores, it becomes very difficult to manage at a large scale. For example, if I have a $3 million project, I won't sell it because if we're dealing with a 10 TB or 50 TB system, there are a lot of systems and applications to monitor, and I have to make an MOM (Mean of Max) for everything. This is because of the cost impact. 

Also, when you have horizontal scaling, it's like a multi-story building with only one elevator. You have to run around, and it's not efficient. Even the smallest task becomes difficult. That's the problem with horizontal scaling. They need to improve this because if they increase the cores and adjust the licensing accordingly, it would make more sense.

I have been using it for more than four to five years. 

I would rate the stability a nine out of ten. It is a good product. It is a stable product. 

Elasticsearch has horizontal scalability. The users can scale up to any level. The only problem is related to disaster recovery. After some time, it becomes very difficult to do the DC/DR mapping because observability is a critical tool for event alerts. It becomes difficult to manage real-time events if the primary data center goes down and the disaster recovery site needs to take over. This is an issue for large projects like those at tier-one organizations like Ford or big banks. For mid-level and lower-level tier-two or tier-three organizations, it is good.

Another thing to consider is that Elasticsearch has high resource utilization on both the vertical and horizontal levels. But it's a good product for tier-two organizations.

All my clients are enterprise businesses. 

I've never heard anything wrong from the delivery side, but it's an international company with a very good product. So, the support system should be good.

I tried to sell Kibana twice, but in terms of deployment, we've used it in two or three places. However, I don't have hands-on experience with Kibana. 

To be very honest, we faced some setbacks with Kibana, particularly with network-level monitoring. This issue occurred a few weeks ago when I tried to sell one of our products. We have used Kibana for APM purposes, as well as the Elasticsearch ELK stack.

From an application perspective, it’s one of the tools we use. I can share a lot of insights, but I haven't seen all their reports or dashboards. So, my experience is from a presales perspective rather than a deployment perspective.

If I compare it with other auxiliary tools like Dynatrace, SolarWinds, or Relay, Elasticsearch is very competitive and user-friendly. 

One thing about Elasticsearch is the way they sell licenses for their database, which can be a bit hidden. Many people think Elasticsearch is entirely open-source, but there are charges involved. It's an MPP-based NoSQL database with some limitations on certain datasets.

I would rate my experience with the initial setup a nine out of ten, with ten being easy. It is easy, not that difficult. 

It can be deployed both on the cloud and on-premises. I've seen on-premises deployments. This is especially true in other parts of the world where governments don't want to use the private cloud and have their own private cloud. I have mostly worked with on-premises deployments.

The mapping can take three months on average. However, the deployment time depends on the project. If you have a hundred servers, it will take two or three weeks. With three or four thousand servers, it will take longer. It's the same with any tool, like Dynatrace or SolarWinds. We have to map services and events, set thresholds, and configure event triggering and notifications. There's a lot to consider, so it depends on the project scope, the number of servers, the data captured, and whether it's agent or agentless. It's difficult to calculate an average about how many days it will take.

I would rate the pricing an eight out of ten, with one being cheap and ten being expensive. It is not very costly, but it is not cheap either. 

I would rate it to others. Elasticsearch can be used for many things. It has a good indexing parameter and can be used for search patterns and more. 

If it's for observability, I would give it a nine out of ten. The only issue I have is with APM (Application Performance Monitoring).

Elasticsearch as a product is different than Elasticsearch as a search engine. Elasticsearch is also different as an analytics tool. It depends on the analytical solution and how they want to fetch data from Elasticsearch as a database. As a search engine, it is one of the best. 90% of people use either Solar or Elasticsearch for web portals and other things. Nobody can challenge Elasticsearch in that area. So, out of ten, I would give it a ten.

But for analytics, I'd give it an eight. It depends on my database and in-memory tools. If I use QlikView or other tools, I'll just use Elasticsearch as a database. It's just like any other database they are using for in-memory analytics. 

For observability, Elasticsearch, Logstash, and other things, it is a good component. It's good for tier-two enterprises. But when you define "enterprise," you must be specific. If you mean more than 2000 servers, then 90% of people won't consider it. There are other observability tools on the market. So, be specific in your query.

At Shopee, I worked with numerous database schemas to find out which table columns belonged to which schema. We utilized Elastic Search to manage metadata for millions of tables, allowing us to search efficiently. Besides that, we used Logstash to put all the log files in Elastic Search for easy searchability.

Elastic Search significantly improved my work. Previously, when searching for text that appears in the middle of strings, the process was time-consuming. Elastic Search enables efficient searching, enhancing system performance and responsiveness. I can also collect logs through Kafka, send them to Elastic Search, and create indices, thus managing logs and customizing searches easily.

Elastic Search provides features such as stemming and range-based queries to search log files efficiently. It allows filtering data easily by searching for specific words based on created indexes. This made searches very efficient, and it also allows for log collection through Kafka and helps with managing logs and customizing searches according to needs, such as grouping by dates or user IDs.

Elastic Search could improve in areas such as search criteria and query processes, as search times were longer prior to implementing Elastic Search. Elastic Search has limitations for handling huge amounts of data and updates, especially if updates are frequent. It doesn't handle big data scale efficiently, especially regarding data size and scale, compared to Apache Solr. It doesn't support real-time search effectively, as it refreshes the indexes every few seconds.

It is stable as many companies already use Elastic Search. In cloud scenarios, it manages well by scaling up or down based on peak traffic. Otherwise, similar functionality needs to be replicated in a private cloud, including backups.

Elastic Search requires enhancements for handling huge amounts of data and updates. Segmenting or sharding data and complexities regarding the cluster can be issues. Updating in Elastic Search involves index computations and user dependencies. There might be issues regarding data size and scaling, but these can be tuned and improved.

I remember Apache Solr, which is generally used for much larger scale data compared to Elastic Search. Apache Solr is used by most companies, and while Elastic Search is very common, there are technologies similar to Elastic Search, though I'm not familiar with all the names.

I have used Elastic Search, but I might not be aware of many internal details; I just used the API to create an index, manage data, and search. It's very useful. On a scale of 1-10, I rate it an eight.

Private Cloud

Other

Our primary use case was primarily for data storage and quick searching. We focused on getting objects from the database and filtering them efficiently. This involved getting and searching through objects.

Our productivity was consistently maintained while using this database. Its consistent performance allowed us to maintain steady productivity levels.

The most valuable feature of Elasticsearch was the quick search capability, allowing us to search by any criteria needed. The searches were executed very quickly, which made the process reliable. Additionally, full-text queries were integral to our usage. Our productivity was consistently maintained with this database. Its consistent performance allowed us to maintain steady productivity levels.

It would be useful if a feature for renaming indices could be added without affecting the performance of other features. However, overall, the consistency and stability of Elasticsearch are already commendable, and they should keep up the good work.

I have been using Elasticsearch for two and a half years while at this company.

The stability of Elasticsearch was very high, and I would rate it a ten. It was consistent and reliable in our usage.

Elasticsearch was decently scalable, matching our data growth. I would rate its scalability a ten.

I was not involved in the initial setup. However, the setup process for smaller projects was straightforward.

One person from our DevOps team was responsible for the maintenance of Elasticsearch.

We used the open-source version of Elasticsearch, which was free.

If a feature for renaming indices could be added without affecting the performance of all other features, it would be nice to have. Overall, I rate Elasticsearch a ten out of ten.

Public Cloud

Amazon Web Services (AWS)

I have been using it for a year. The main use cases involved implementing search functionality.

When discussing the features of Elastic Search, the full text search capabilities are particularly beneficial for handling large volumes of data.

The full text search capabilities in Elastic Search have proven to be extremely valuable for our operations.

Regarding AI integration, we have not yet implemented any AI-driven projects or initiatives using Elastic Search.

There are some features and functionality that could be enhanced in Elastic Search to improve its overall capabilities.

I have been using Elastic Search for a year.

In terms of performance and stability, Elastic Search has proven to be a reliable solution.

The environment includes multiple users utilizing Elastic Search across different locations.

Before implementing Elastic Search, I had experience working with other search engines from different vendors.

The implementation strategy involved specific steps during the setup process to ensure proper configuration.

The main benefits observed from using Elastic Search include improvements in operational efficiency, along with cost, time, and resource savings.

I previously used Graylog.

I am currently working with Elastic Search as the primary solution.

My role is Senior DevOps engineer at UVIK Digital.

On a scale of 1 to 10, with 10 being the highest, I would rate Elastic Search as an 8 overall as a product and solution.

I can describe a project where we use Elasticsearch, Logstash, and Kibana (ELK stack) for our archiving objectives. I work in the security department of a Fintech company in the payment industry. We use the ELK stack to connect our internal systems with the bank's systems and we used Beats for data collection. We then store and forward this data to Elasticsearch for indexing and analysis, visualize and create alerts using Kibana based on categorized access logs, identifying and blocking malicious traffic or payloads.

Logsign provides us with the capability to execute multiple queries according to our requirements. The indexing is very high, making it effective for storing and retrieving logs. The real-time analytics with Elastic benefits us due to the huge traffic volume in our organization, which reaches up to 60,000 requests per second. With logs of approximately 25 GB per day, manually analyzing traffic behavior, payloads, headers, user agents, and other details is impractical.

I don't see improvements at the moment. The current setup is working well for me, and I'm satisfied with it. Integrating with different platforms is also fine, and I'm not recommending any changes or enhancements right now.

I have been using Elastic Search for the past year.

We subscribed to NGINX for technical support, and they were helpful during the installation phase. There is a lack of community support for GRPC, which needs improvement. 

we are using a licensed version of the product. 

We are fully satisfied with the usage and support, rating it 8 out of 10. I recommend NGINX for managing traffic due to its multiple functionalities like load balancing, proxy management, and caching.

The main use case for Elastic Search is mainly for log management.

I appreciate the indexing capabilities and the speed of indexing in their product, which demonstrates how quickly logs are collected and stored. The search capabilities are also valuable.

The architecture of Elastic Search could be improved as it is complicated for most general users to build up the environment and maintain the cluster.

Currently, I do not have suggestions for additional functions that could be added to the product.

I have been working with Elastic Search for about two years.

I usually use Elastic Search on-premises, which introduces complexity in deployment. Using the cloud version would reduce the complexity of setting up.

I would rate the stability for Elastic Search as eight out of ten.

I would rate the scalability as eight.

I would rate technical support from Elastic Search as three out of ten.

The main issue is a general sum of all factors. Being based in Hong Kong means I can only assess the service in my region and cannot speak for other regions based on my experience.

Negative

I am currently working with multiple solutions including Elastic Search, Splunk, and Graylog.

The initial setup for Elastic Search is complex.

The real-time analytics capabilities depend on whether you use the paid version or open-source version.

I work with SME users of Elastic Search, though the solution can technically support enterprise customers.

I have not extensively used AI technology with Elastic Search.

I can recommend Elastic Search to other users.

The pricing for Elastic Search rates as four out of ten. Overall, I would rate Elastic Search as seven out of ten.

On-premises

The primary use case for Elasticsearch is to serve as a non-SQL database platform to replace traditional SQL processes. It is used in situations where unstructured data needs to be studied and searched.

Elasticsearch has been helpful due to its ability to handle unstructured data effectively compared to SQL. It provides a fast and interesting search capability which is advantageous for our needs.

The most valuable feature of Elasticsearch is its convenience in handling unstructured data, making it easy to use.

Elasticsearch could be improved in terms of scalability. If the database becomes too large, its efficiency is not as good as SQL. Additionally, the initial setup could be a little easier.

We have been using Elasticsearch for about two to three years.

We have faced shutdown issues, but these are mostly related to problems with our own machines and not due to Elasticsearch itself.

Elasticsearch is not scalable when dealing with very large databases. The efficiency decreases for huge databases because it deals with unstructured data, which presents an inherent problem.

The initial setup is of medium difficulty since it requires some understanding of the disk and related concepts.

Elasticsearch can be expensive. It requires some support and unlocking of features.

I recommend Elasticsearch for anyone looking to build a simple database, as it should be a top choice.

I'd rate the solution seven out of ten.

Using real-time search functionality to support operational decisions has been helpful. However, it is not functioning correctly, as the real-time search consumes significant system resources.

The search feature is one of the valuable features of Elasticsearch.

There are areas for improvement in Elasticsearch.

The real-time search functionality is not operational due to its impact on system resources. There are some stability issues.

My overall experience with support was positive.

Neutral

The initial setup is complex.

I do not have specific details about the implementation team. The process might require certain expertise.

The pricing is not cheap and is expensive.

I compared the differences between Elastic and other SIEM solutions.

I am more like an implementer than a customer.

I'd rate the solution seven out of ten.

Other

Elastic Search significantly improved our blog management at the organization. It played a crucial role in enhancing our cybersecurity efforts by allowing me to identify the geographical origins of web traffic. This feature was instrumental in identifying and mitigating potential threats from various actors. The ability to pinpoint the source of the traffic helped in quickly addressing security concerns and filtering out potential threats.

The most valuable features are its user-friendly interface and seamless navigation. The abundance of tutorials and helpful mocktails significantly contributed to the ease of managing the system. The user interface stood out for its accessibility, making it straightforward to perform tasks and queries. The availability of resources, such as tutorials and mocktails, not only facilitated my learning process but also enhanced the overall usability of Elastic Search. Additionally, the ability to seamlessly integrate Elastic agents into our system not only enhanced our overall efficiency but also facilitated smooth integration with the cloud. The versatility of adding Elastic agents and leveraging the source components provided a comprehensive solution for managing and optimizing our system.

Elastic Search could benefit from a more user-friendly onboarding process for beginners. Creating a module or series specifically designed for those new to Elastic Search would be valuable, starting with the basics and gradually introducing the integration of Elastic Search with emerging technologies like AI. Additionally, it would be helpful to see improvements in mailing integration and potentially offer a more accessible pricing tier for individuals or students who are just starting to explore security and monitoring aspects. A tier tailored for the average user, focusing on simplicity and affordability, could attract a broader audience and encourage long-term use.

I would rate the stability of Elastic Search at a solid nine out of ten. Throughout my usage, I didn't encounter any failures, errors, or unexpected shutdowns. It was a reliable experience, and the fact that it didn't stop working unexpectedly was a relief.

It is quite scalable.

I used a different solution before switching to Elastic Search because Elastic Search offered a wider range of features. The other solution focused on monitoring app usage, Elastic Search stood out with its extensive modules, cloud deployment options, and flexible monitoring capabilities. Despite Splunk being a bigger name, I found Elastic Search to be more versatile and enjoyed using it.

Initially, deploying Elastic Search was a bit challenging for me as it was my first time using the Elastic Stack. Setting it up to monitor traffic on multiple VMs, including an enterprise-level VM, posed some configuration hiccups, especially when connecting to the cloud. I had to rely on online resources and Google searches to troubleshoot and figure things out. While I eventually got through it, the process felt overwhelming with lots of information to digest at once. As for maintenance, during the short period I used it for a lab, there wasn't much to handle beyond shutting it down and reinstalling it at the end. I can't speak to long-term maintenance since my usage was relatively brief.

Elastic Search has provided a valuable return on investment by enhancing effectiveness and aiding in learning about security features. It has saved me an estimated couple of hundred dollars in both time and money.

Elastic Search is a bit pricey, especially for individuals or small learners interested in cybersecurity. It could be more affordable for personal use, making it accessible to a broader audience learning about network security and traffic monitoring.

My advice to anyone who is evaluating Elastic Search is to explore the user-friendly website and navigate to the documentation or resources section. Start with a basic overview of the components, and how they work together, and try simple tasks like searching or detecting. The key is to begin with something straightforward. Utilize the documentation to understand how to get started and explore the various integrations Elastic Search offers. Overall, I would rate it as an eight out of ten.

Public Cloud

For me, the primary use case of Elasticsearch is log analysis, as it is a text-based search tool. To explain how it works, let's consider its role at the backend. Elasticsearch operates on keywords used to fetch data. This is in contrast to some databases, where operations might be based on a key order or a primary key, allowing for various maintenance and analysis tasks.

Many people use Elasticsearch to store their application logs in JSON format. These logs are indexed, facilitating efficient search and analysis. Additionally, Elasticsearch integrates well with tools like Grafana and Kibana, enabling users to create diverse dashboards for data visualization.

There's also the text-based search scenario. For instance, if a user wants to search for something using a specific keyword, Elasticsearch excels in this area by creating multiple indices. 

Elasticsearch is a versatile tool that can store and retrieve information effectively, making it suitable for various applications across different industries.

Elasticsearch is a quick search engine tool. A good use case is saving metadata of your systems for data cataloging. Various systems, like those opened in metadata and similar applications, use Elasticsearch to store their text data. However, the major use case for many is to store application logs and build different dashboards on top of it.

The use of Elasticsearch is very specific. It is not helpful for storing your OLTP data. Elasticsearch's specific use is when you need to provide text-based search functionality. That's when Elasticsearch becomes relevant. 

For instance, for log analysis or searching values, Elasticsearch performs very well. However, there are challenges with performance management and scalability, particularly how developers manage these aspects. 

For example, Kubernetes is a popular choice as it offers the needed features to run your application and allows performance optimization in response to increased system load, and managing itself. If you plan to deploy Elasticsearch with limited or predefined resources, it may not be the ideal setup. 

Therefore, it's better to create ultimate commerce capabilities for it. This is the challenge people are facing in the market and the solution for it. So, this answer combines two aspects: the challenge and its solution.

I have been using Elasticsearch for almost a year now. I'm comfortable working with it and understand its functionalities. 

In our organization, it's not so much about the number of people as it is about the number of products utilizing it. Currently, we use Elasticsearch in more than 12 products. 

It's become essential for any component that requires text-based functionality. Besides that, it's also used for logging to analyze application performance, peak times, etc. Elasticsearch is a basic component of the architecture for each of these products.

Most of our deployments are not exposed to the Internet or public networks; they're restricted to closed networks. We don’t frequently upgrade from previous versions unless a specific use case arises. 

In such cases, we usually turn to the developer community for support. 

Another scenario is when running the application in a careful mode, where the main requirement is to change the image name in the configuration. Then, we check for any changes or incompatibilities with previous versions. Upgrades can sometimes introduce issues if they’re not compatible with existing configuration files, but it's generally not too problematic to handle.

Deploying in Kubernetes is not complex. There are many resources in the market, like DevOps guys and guides, which make the process straightforward. The deployment can be done in a matter of minutes. You basically run a configuration file to set up your application, define replicas, and so on. It shouldn't take much time; even with an expert, it's a matter of a few hours. 

However, the key lies in following best practices and configuring your files properly. If you follow the best practices, you'll likely face fewer issues. But if not, problems are inevitable. 

It’s crucial to analyze these practices, considering factors like bandwidth, data volume, user interaction, and how it's read by different applications. These considerations help in managing resources and scalability, including scaling up and down your Elasticsearch container. These points are vital for running Elasticsearch efficiently, especially for text-based search applications.

You can deploy it as required. Elasticsearch is versatile; you can run it on Kubernetes, in the cloud, or on-premises. There is no limitation in terms of deployment options.

The cost varies based on factors like usage volume, network load, data storage size, and service utilization. If your usage isn't too extensive, the cost will be lower. 

However, if you're dealing with high volumes, you'll need to reconsider the cost-effectiveness. If there are no challenges or bottlenecks in buying a service from a cloud service provider, that might be a viable option. 

But if you're concerned about price or issues like exposing your data to the public cloud, then deploying on-premises and conducting stress testing becomes important. It’s a part of the learning and development process, not just a deployment for production. 

You need to pass through testing processes in the development environment and then move to staging and production. This involves various tests to understand user access patterns, data push, and performance assessment. Deploying on your own requires considering all these factors. On the other hand, if you use a cloud service, many of these concerns aren't your responsibility.

If you're interested in using Elasticsearch as a search tool and for cloud data integration, comparing it with alternatives like Amazon Cloud Search or Azure Search is valid. Many cloud service providers that offer text-search services are utilizing Elasticsearch. They've implemented best practices and resolved a myriad of issues experienced by companies using Azure, AWS, or GCP. 

These providers have integrated Elasticsearch into their cloud offerings effectively. Choosing their services might be preferable due to lower operational costs on your side. 

In case of any disaster or issue, their development and DevOps teams are available to support you. However, if you face limitations, like client requirements prohibiting data storage in public or private clouds, then deploying Elasticsearch on-premises would be your alternative.

I would definitely rate it an eight out of ten,  which is very good. The reason is the active community continuously working on it, and the support from contributors and the support team is notable. Because Elasticsearch is very specific in its use cases. 

It excels in text-based search and creating dashboards for application logs. It provides results and functionality that are hard to find in alternative tools. So, if you have a use case that fits, Elasticsearch is a great service without any direct alternatives.