Elastic Search Reviews

The primary use case of this solution is for text indexing and aggregating logs from different microservices.

-Scalability and resiliency

-Clustering and high availability

-Automatic node recovery

Kibana should be more friendly, especially when building dashboards.

Stability needs improvement.

I would like to see the Kibana operating more smoothly, as Grafana does. Also, I would like to see some improvements with the machine learning capability, so that we can rely on it more. It's in the early phases but this would be a great way to start using it.

When it comes to aggregation and calculations, I would like to have to have advanced options in the dashboards to be used in a simplified way, such as building formulas and queries between different fields and indexes.

Alerting feature should be more flexible with advanced options.

I have been using Elasticsearch for approximately five years.

This solution is stable, but at times the stack will freeze and you have to remove and recreate the cluster. It may be an issue related to AWS.

We have not had any issues with the scalability.

We have not had any issues with technical support.

Datadog, it's expensive when it comes for a big infrastructure and cannot be self hosted when it comes to specific sensitive cases.

The initial setup was fast. We have the provisioning, which made it fast and easy.

It can be expensive. When managed by AWS you have different options and features that are locked and not available to you on the Kibana and security levels.

You cannot use the full X-Pack feature set when you go through AWS.

We have some devices that are managed by AWS and we have our own information with switches that are self-hosted.

ELK Elasticsearch is a product that I recommend.

I would rate this solution a seven out of ten.

We try to detect malicious files by the logs. The logs are all centralized including all our PCs, our callers, our servers, Linux, windows, Polaris names. We scan everything. Then we have pre-defined specific use cases that allow us to identify if there is an attack on the machine or indirectly by the endpoint. On top of that, we can check with users as we're not directly dealing with the configuration, so we can follow up on the alerts we receive. On top of that, we have the systems in place that allow us to detect if certain inexcusable items are on the system, such as malicious files. We can do this because we also retrieve the log files of the identifiers.

The fact that you can dump any type of format in the database without any specific reformatting is fantastic. It makes it very flexible in collecting information and that saves us a lot of time because otherwise, we would really need to define specifically what we're looking for and reformat everything. With this solution, that's not necessary. We can directly, and in a really standard raw format, dump the data into the database. Only afterwards do we need to define what specifically we're looking for, however, at that point, it's not a big deal to actually add an additional log and to collect additional information. 

The solution is very scalable. 

There's lots of processing power. You can actually just add machines to get more performance if you need to. It's pretty flexible and very easy to add another log. It's not like 'oh, no, it's going to be so much extra data'. That's not a problem for the machine. It can handle it.

The solution has quite a steep learning curve. The usability and general user-friendliness could be improved. However, that is kind of typical with products that have a lot of flexibility, or a lot of capabilities. Sometimes having more choices makes things more complex. It makes it difficult to configure it, though. It's kind of a bitter pill that you have to swallow in the beginning and you really have to get through it. 

Once you begin to understand the concepts and how to actually look for data it's a very pleasant solution, but the learning curve is very steep in the beginning, to the point that they could improve it to make it a bit less intimidating to start. There needs to be a bit more intuition behind the architecture and the data search.

This solution has been used for at least five years at the company.

It's very stable. The only thing that might happen is that sometimes when you do a search it will stress the machine a bit too much. If that happens, then it's a matter of, if you do it the wrong way, the machine gets stressed and then it slows down. However, it will not crash. It almost never crashes. You'll simply figure out that the machine is overwhelmed and take the stress off. 

The problem, occasionally, is that it may become unresponsive, but it isn't really unresponsive, it's just that the system is overloaded. That can only happen if you do your database search in the wrong way. That's why, especially when you have a lot of data and are really concentrating a lot of data on a few machines, you have to be careful of what you're doing. 

It's a very nice tool but you have to be a bit aware of how to deal with this, especially when you have a lot of data and you have limited processing capacity. If you have unlimited processing capacity you can do whatever you want with it. I personally can say that I've never seen a machine crash.

The scalability of the product is good. It's our key system that generates alerts and does surveillance on a security level. This product is extensively used in our organization.

We have people of course, from the server team that makes sure that the logs get collected. And then we have the people that actually deal with the configuration of the ELK as well. That is a team of five or six people that we use now. Then, of course, we have all the teams that follow up on the alerts, and there, I would say, we have two or three different teams, which is between 10 and 20 people. That's just part of the people that work with the solution.

I work on part of the team that deals with technical support issues. There's a good community around the solution. This is because the product is actually open-source. With a lot of typical issues, you can simply Google questions and you will find the answer. Of course, we do have a support contract with the company. I don't deal directly with that, however. We contact them directly if we really need to and we have maintenance contracts with them. Unfortunately, I can't really speak to how good or bad they are because I've never called them myself.

Before we switched over to this, we used it in combination with an end product called QRadar, but both of them together were time-consuming. 

It's easy to install the servers, that's not really the problem. The difficulty is afterward. Users need to understand how to explore the data.

The server setup is the easy part. Even, let's say, moving the log into the machine or into the database is no problem. However, then you have all this data and you will really struggle to understand the information. That is sometimes not always obvious at the outset. In order to do that in an effective way, it requires a little bit of manipulating.

To install the servers, a minimum installation takes me a day or more. It's for the most part usually pretty fast.

I myself have already had quite a lot of experience with the product. Therefore, I can set it up myself.  Most customers or most IT departments will struggle to set it up due to the difficult learning curve in the beginning. 

I would definitely recommend most users or companies, at least for the beginning, to get help troubleshooting problems. It will help them understand a little bit more about the steep learning curve. It really makes things much easier, and much more effective. 

I have used different products myself due to the nature of my work. I'm a security consultant. I have been working with different customers who use different solutions, which means that I have used other things and can evaluate and compare them for clients.

I've worked with Splunk, for example. Splunk, for instance, on the level of data mining and inquiring, might be easier. It's a bit more intuitive. The downside of it is as soon as you start collecting a lot of data, it becomes extremely expensive to use Splunk. It's a very good product. However, typically, with the need to collect as many logs and as much data as possible, Splunk becomes expensive, and you can't put it in a budget easily. It's simply out of budget for many as soon as they start clicking. Also, the purpose of a security system is not the same.

With Splunk, some will not add additional logs because they don't often have the budget, especially when it immediately means that you're going to need to increase your costs enormously. That's not the purpose of a security system. For the system to be effective you must be able to have good surveillance and that means that you should not hesitate in adding your logs. Still, when the costs double, people hesitate and if they don't have the budget and cut the logs, things can get through. Fortunately, with ELK, you don't have that issue. With ELK you don't pay for gigabytes, or terabytes or the data that you use. That's the main advantage compared to Splunk. But Splunk, it has a less steep learning curve.

I'm just using it as a customer

We tend to use the latest versions of the solution. We try to upgrade it on a regular basis.

I'd advise other companies considering implementing the solution to get a team in that knows the product and try to take advantage of their knowledge. It will help reduce the pain of the learning curve.

I'd rate the solution eight out of ten.

I would not give it a ten because of the steep learning curve. I know what the product is, but many do not, and for them it will be quite difficult to get started without becoming very frustrated in the process. 

In terms of use case, we combine a lot of things with Elastic. It's two platforms, so with Elasticsearch, we're using the Beats, Kibana, and Suricata. It's a query engine and we use the information from our sensors. It gets ingested into that and we use the resources to get everything put on our dashboards. If something is detected, alerts come up right away and it's very, very accurate. The more ingest it receives, the better we can respond to threats. It's not just Elastic or Logstash, it's a combination of those and other tools that we would apply towards our threat detection and prevention. We have a partnership with ELK.

The company provides excellent technical support and wonderful engineers, even their sales engineers are great. The dashboard is a valuable feature - it's awesome and very customizable. 

I would like to see more open source tools and testing as well as a signature analysis in the solution. I think that a lot of times when we go into a corporate environment where it becomes more add on features or an additional service fee, it typically draws away from that product. 

I think it would be cool if they could provide a couple of licenses that would be test bed licenses so that engineers and people with have their hands on the keyboard could test any new development. 

I've been using this solution for three or four years. 

It is a very scalable soluton. It is very easy and I would recommend it to anyone. In terms of users it's all tiered. Most things are from tier zero at egress point of any major large-scale network all the way down to the customer. We have roughly 200 users. And those would include analysts and real time threat analysts. 

I'm very satisfied with the technical support and would rate it highly. Sometimes there are issues because we are overseas and there is a six hour time difference which creates a lag. It's hard to get around that but they're very responsive. 

We had issues when we first did the initial setup, because our resources were limited because it was a test that it was a proof of concept. It meant the initial setup was somewhat resource intensive. The data NGS itself was an issue when we were trying to filter and pull that information. Again, a signature analysis would have been helpful here.

For anyone considering implementing this solution, I would say take a good hard look at your own infrastructure resources and scalability as you have to future proof everything. Whether it's scale or increase in customers building up through your actual hardware and your network infrastructure. You need to know it's capable of performing the tasks needed, because sometimes you outgrow yourself. So, I would say look at your resources and how it can be scaled.

I would rate this solution a nine out of 10. 

What we use this ELK (Elasticsearch, Logstash, and Kibana) solution is mostly for keeping firewall logs and collecting traffic flow information.

The scalability of this product is something that is very impressive and the performance is also very good.

I think the GUI part of the solution has the most room for improvement. Actually, we are using the free version. We do not use the plug-ins so we have to do some additional development ourselves to have the necessary access to the controls.

We are not a heavy user, we just keep the logs and track data in the system. We use it and there is no problem for our current purposes and level of use.

We have been working with the solution for just over a year.

Up until this point, there have been a few times that we did have some issues and we did not know what went wrong. But we have a guy who is dedicated to managing the system now and it is running pretty well. At this point, we do not have to spend much time in administration and maintenance paying a lot of attention to it. I would say it is pretty stable, overall.

We have around five people involved in using the solution.

The scalability is very impressive. We can do a lot of things with the product and have not explored all the possibilities as it is something we use somewhat lightly compared to its potential.

We do not yet currently use a full technical support plan. We are not really using the product extensively enough to warrant that expenditure. Up until now, our use has been light and the product is not heavily burdened. It has been performing as expected. When we upscale usage we will probably engage with a paid support plan.

The initial setup is not that problematic. It is obviously manageable as we are doing it by ourselves, so it is okay and fairly straightforward. We didn't need any assistance from integrators or consultants for the deployment.

Before choosing to go in this direction, we actually checked with some of the database options like the JSON option and Mango. The Elasticsearch product was referred to us by a friend at another company as a better solution for our particular need. They are using the system. After some tests and reviews of the products, we thought it would fit our needs, so we decided to go with it.

The advice I would give to others considering this solution is that you have to have someone knowledgeable managing the system. You have to know the needs, know how to manage queries, and understand the visualization. You have to have someone working on it and dedicated to it so that you can manage it. It is not just plug-and-play. If you decide to run with it, the performance and the result can be very satisfactory. We did not have any issues with achieving what we tried to do. When we need certain data, we always find it.

On a scale from one to ten where one is the worst and ten is the best, I would rate ELK Elasticsearch as an eight out of ten. What would make it a ten for us is something I wouldn't know at this point. Until we use it more heavily in production then we'll see how it performs under a full load and we'll have a better idea of what needs to be improved.

I'm a data scientist and we're a customer of ELK. We use the solution for multiple projects, mainly based around customer analytics.

I value the feature that allows me to share dashboards with different people with different levels of access. They can perform their own queries, like adjusting the time filter or hitting some other filters. It's very useful.

In terms of product improvement, ratio aggregation is not supported in this solution. I can do aggregations, but taking a ratio of two metrics is not supported. That's a common use case that I have come across. And if I want to do bulk coding then that's something that is not very convenient. I would like those things to be included in the next version. 

I've been using this solution for three years. 

Occasionally when you're handling large data you get some out of memory exceptions from time to time. It happens when you're doing pairing. Sometimes a few shots will fail. These are all typically when you're doing things on cloud on a large scale they tend happen.

It's a scalable solution. For now, we have about 10 users and we plan to increase that number. We use it regularly. 

I haven't needed to contact technical support. The forums are pretty good and most of the things that I need to ask are already answered so no need for support. The documentation and forums were enough. 

I haven't used other solutions. 

The initial setup is straightforward, it took about an hour. I did the setup myself. Some others also did it themselves and we had developers who put it up in the cloud for the others. 

We are currently using the Open Source version, so we didn't need to offset any licensing. For now, it's just the cost of maintaining the server. 

Our tech team did the research and I don't know if there were other options considered. 

You can test the product for your use case on their user free trial, they offer a seven or 14-day free trial, You can put it up on cloud and just push your data to check if your use cases are being handled or not. It's a quick test of the waters. 

I would rate this product an eight out of 10. 

I use Elasticsearch with Logstash and Kibana.

The most valuable features are the data store and the X-pack extension.

The user interface is ok.

The integration of Elasticsearch, Logstash, and Kibana is very good.

The pricing of this product needs to be more clear because I cannot understand it when I review the website.

This solution is scalable.

I rely on the community for technical support.

The initial setup of this solution is a little bit hard. I did not find it hard, myself, but it was difficult for my colleague who had less experience.

The deployment takes between one and two hours.

We implemented this solution ourselves.

The pricing of this solution is not clear.

This solution is ok for me and my business.

I would rate this solution an eight out of ten.

We use this solution to collect log data and analyze it. We have an on-premises deployment.

The special text processing features in this solution are very important for me.

As a system, it is easy to use.

This is not a robust system, so in terms of resilience, they have to make some improvements. From time to time the system goes down and we have to start again, after adjusting some configuration parameters.

Technical support can be improved.

The interface would be improved with the inclusion of dashboards to assist in analyzing problems because it is very difficult. Better dashboards or a better configuration system would be very good.

This is not exactly a stable solution, which is why we are considering another compatible tool, and whether we go on with Elasticsearch or change it.

I follow their forum and blogs, and I have also asked questions directly to their technical department. I would say that support is moderate. It is not very good or very bad, but in between.

We did not use another solution prior to this one.

The initial setup of this solution is easy and straightforward.

The deployment is both easy and quick.

We have an in-house team that handles deployment.

Two people are enough for deployment and maintenance.

We did not evaluate other options before choosing this solution, but due to issues with stability, I'm now trying out PostgreSQL for comparison.

My advice for anybody considering this solution is that it is an easy to use tool, but for work that is not complex. If on the other hand, the work is more complex, with more data and perhaps a clustering environment, then they may have to consider something more stable and more robust.

I would rate this solution a seven out of ten.

Our primary use case for this solution is to operate an integration platform for a warehouse management system.

This has improved our organization because we articulated Kubernetes, Docker, and GitHub with amazing simplicity in the scaling up of our service.

The most valuable feature for us is the analytics that we can configure and view using Kibana.

This product could be improved with additional security, and the addition of support for machine learning devices.