Elastic Search Reviews

We use the product for log analytics and metrics features. 

We can easily collect all the data and view historical trends using the product. We can view the applications and identify the issues effectively.

They could improve some of the platform's infrastructure management capabilities. There should be better visualization and insights about the cost of the SaaS services, which are not effective. Additionally, there needs to be more native integrations to merge the data.

We have been using Elastic Search for about a year.

I rate the stability a ten out of ten.

It is a highly scalable application. We have 15 users in our management team. I rate the scalability an eight out of ten.

I have experience working with Splunk in the past.

The initial setup for the SaaS platform is quite easy. We took assistance from an engineer for the onboarding. Thus, it was straightforward for us. However, there could be a better integration with AWS.

I rate the process a seven out of ten.

I rate Elastic Search's pricing an eight out of ten.

By integrating Deepgram insights with the product, we've gained visibility into logging, service behavior, and cost optimization.

I rate Elastic Search a nine out of ten.

We are internal integrators. We are in the bigger group as of now, but other groups, our clients, are affiliates from our group. They are our internal clients. 

The solution is currently on-premises.

I was mostly responsible for the SOC team, and I helped them create the detection rules for the production. I wanted to know how it could be implemented in different kinds of products, like Sentinel.

The most valuable features are the detection and correlation features.

Something that could be improved is better integrations with Cortex and QRadar, for example. 

I have been using this solution for no more than one year. 

Not really, because I'm not the engineer and so most problems appear during the installations or maintenance and I'm not in developing infrastructure operations.

The price of Elasticsearch is fair. It is a more expensive solution, like QRadar. The price for Elasticsearch is not much more than other solutions we have.

I would say that Elasticsearch is better than all the other solutions. QRadar is getting better, but it is still behind Elasticsearch in my opinion.

I would rate this solution 8 out of 10.

I would recommend Elasticsearch if you don't have bigger budget limitations to use other enterprise solutions or if you want to avoid the vendor lock-in.

We use ELK Elasticsearch for storing application data logs.

Elasticsearch includes a graphical user interface (GUI) called Kibana. The GUI features are extremely beneficial to us.

Elasticsearch includes mechanisms for ingesting data into the cluster. So it would be great if those mechanisms could be simplified.

Improving machine learning capabilities would be beneficial.

I have been working with ELK Elasticsearch for four years.

We are using the latest version.

We have no issues with the stability of ELK Elasticsearch, it's quite reliable.

ELK Elasticsearch is a scalable product

This solution is used by five to ten people in our organization.

ELK Elasticsearch is used on a daily basis.

We have not contacted technical support.

We had a couple of issues that we were able to resolve by looking up the public information that is available on the internet.

There is a lot of community support for this solution.

The initial setup was straightforward and quite simple.

The installation took between six and eight hours to complete.

There is no maintenance required other than regular updates.

We completed the implementation internally.

Although the ELK Elasticsearch software is open-source, we buy the hardware.

The distributed installation is the way to go.

I would rate ELK Elasticsearch a nine out of ten.

We use this solution for log management. We collect many logs from Windows systems to later analyze them for security checks and audit purposes.

I have found the sort capability of Elastic very useful for allowing us to find the information we need very quickly.

The reports could improve.

I have been using this solution for approximately three years.

The solution is very stable and reliable.

The stability is good but we have only done vertical scaling and not horizontal at this time. We collection approximately 1,000 EPS and have three people using the solution in my organization.

There has been enough support available online for what we have been using the solution for.

The initial setup was easy because we used containers. It can be challenging to implement.

We did the implementation ourselves.

We are using the free open-sourced version of this solution.

I would recommend those wanting to implement this solution use integrators or consultants. However, we did not have any problems with the installation it can be difficult.

I rate ELK Elasticsearchan eight out of ten.

I am using it to get some hands-on experience and learn the product by searching, building use cases, test cases, dashboards, and visualizations.

With hands-on experience, you learn more about the product and how it works.

It should be easier to use. It has been getting better because many functions are pre-defined, but it still needs improvement.

If you have a large enterprise environment, it is costing a lot of money and it's not a full-blown SIEM. It has SIEM features but a lot is missing. You need to involve other products to make a SIEM out of it.

Some of the other products needed were Apache, Kafka, and ticket tools. It was custom made and not what I had expected in the end.

I would like to see them get closer to a full-blown orchestrated SIEM, and create predefined modules to bring you to using it as a SIEM faster, and on the fly instead of having to tweak the Grok filter for weeks.

I would like to see more pre-defined modules.

I have been using Elasticsearch for two weeks.

We are not using the latest version, but not an old version.

It's a stable solution and we have not had any issues.

The scalability is fine.

I have contacted technical support, once or twice. The experience was okay.

The initial setup was okay, not as easy as Splunk but it was manageable.

The pricing model is questionable and needs to be addressed because when you would like to have the security they charge per machine. If you are building any cluster and you are paying €6,000 per machine, that is expensive.

I think that Elasticsearch is a good product and cheaper than Splunk.

I like this solution, but it has too much hands-on time required tweaking to get it up and running.

I have no plans to continue using this product. Currently, I am focused on SIEMonster because I signed a partnership and I would like to sell a total product. It doesn't make sense to spread across multiple products. 

I would like to earn money out of it, so I'm focusing currently on SIEMonster.

I think that Elasticsearch is a good product and cheaper than Splunk.

When I check Gartner, I don't see mention of Elasticsearch, it seems they need to make some improvements.

I would rate this solution a seven out of ten.

I am using this product for a SIM solution.

Their anomaly detection engine is really good for example, compared to SolarWinds. You can ingest different pipelines. You have dashboards, it is visual, there are maps, you can create canvases. It's more visual than anything that I've ever used.

I have not been using the solution for many years to know exactly the improvements needed. However, they could simplify how the YML files have to be structured properly. If you want to ingest certain logs, you need to edit the YML file and connect it to your modules to start ingesting and parsing the end-user logs. Doing this is sometimes difficult and could be streamlined.

I have been using the product for approximately three months.

The customer service is very good.

I have used SolarWinds in the past.

The solution has a lot of features. They have machine learning jobs they can implement, I'm not there yet, but I can use anomaly detection to see there are various processes that can find users that aren't supposed to log onto certain machines. All of these features are visual and graphical. I can show it as a bar chart, a pie chart, I can Instagram, or I can split chart. The power to see everything on the front end is so much more powerful.

I rate ELK Elasticsearch a ten out of ten.

The primary use case of this solution is for text indexing and aggregating logs from different microservices.

-Scalability and resiliency

-Clustering and high availability

-Automatic node recovery

Kibana should be more friendly, especially when building dashboards.

Stability needs improvement.

I would like to see the Kibana operating more smoothly, as Grafana does. Also, I would like to see some improvements with the machine learning capability, so that we can rely on it more. It's in the early phases but this would be a great way to start using it.

When it comes to aggregation and calculations, I would like to have to have advanced options in the dashboards to be used in a simplified way, such as building formulas and queries between different fields and indexes.

Alerting feature should be more flexible with advanced options.

I have been using Elasticsearch for approximately five years.

This solution is stable, but at times the stack will freeze and you have to remove and recreate the cluster. It may be an issue related to AWS.

We have not had any issues with the scalability.

We have not had any issues with technical support.

Datadog, it's expensive when it comes for a big infrastructure and cannot be self hosted when it comes to specific sensitive cases.

The initial setup was fast. We have the provisioning, which made it fast and easy.

It can be expensive. When managed by AWS you have different options and features that are locked and not available to you on the Kibana and security levels.

You cannot use the full X-Pack feature set when you go through AWS.

We have some devices that are managed by AWS and we have our own information with switches that are self-hosted.

ELK Elasticsearch is a product that I recommend.

I would rate this solution a seven out of ten.

In terms of use case, we combine a lot of things with Elastic. It's two platforms, so with Elasticsearch, we're using the Beats, Kibana, and Suricata. It's a query engine and we use the information from our sensors. It gets ingested into that and we use the resources to get everything put on our dashboards. If something is detected, alerts come up right away and it's very, very accurate. The more ingest it receives, the better we can respond to threats. It's not just Elastic or Logstash, it's a combination of those and other tools that we would apply towards our threat detection and prevention. We have a partnership with ELK.

The company provides excellent technical support and wonderful engineers, even their sales engineers are great. The dashboard is a valuable feature - it's awesome and very customizable. 

I would like to see more open source tools and testing as well as a signature analysis in the solution. I think that a lot of times when we go into a corporate environment where it becomes more add on features or an additional service fee, it typically draws away from that product. 

I think it would be cool if they could provide a couple of licenses that would be test bed licenses so that engineers and people with have their hands on the keyboard could test any new development. 

I've been using this solution for three or four years. 

It is a very scalable soluton. It is very easy and I would recommend it to anyone. In terms of users it's all tiered. Most things are from tier zero at egress point of any major large-scale network all the way down to the customer. We have roughly 200 users. And those would include analysts and real time threat analysts. 

I'm very satisfied with the technical support and would rate it highly. Sometimes there are issues because we are overseas and there is a six hour time difference which creates a lag. It's hard to get around that but they're very responsive. 

We had issues when we first did the initial setup, because our resources were limited because it was a test that it was a proof of concept. It meant the initial setup was somewhat resource intensive. The data NGS itself was an issue when we were trying to filter and pull that information. Again, a signature analysis would have been helpful here.

For anyone considering implementing this solution, I would say take a good hard look at your own infrastructure resources and scalability as you have to future proof everything. Whether it's scale or increase in customers building up through your actual hardware and your network infrastructure. You need to know it's capable of performing the tasks needed, because sometimes you outgrow yourself. So, I would say look at your resources and how it can be scaled.

I would rate this solution a nine out of 10.