Elastic Search Reviews

Elastic has a lot of products. The one I'm most familiar with is Elastic Observability. It's designed to monitor our applications within an organization. It gives managers visibility into the activity and functionality of applications within the network. I've worked with it both on-premises and in the cloud. It helps us monitor applications and identify any issues. For example, we can see if an application is calling on a database if there are any delays or errors, and what might be causing those problems. It can also give us a proper view of the number of transactions done on the database and other information. It's not just pulling data for us; it's giving us real-time insights into the activities and functionalities of our applications within our network environment.

When users understand the root cause of the problem, they spend less time resolving it. The number one benefit is end-to-end stability. It provides deep visibility into your cloud and distributed applications, from microservices to serverless architectures. It quickly identifies and resolves the root causes of issues, like gaining visibility into all your cloud-based and on-prem applications. It also simplifies issue resolution, leading to faster resolution times and optimized performance. It is achieved through numerous tools, metrics, and application performance fine-tuning systems, ensuring a smooth user experience. That's why many enterprises seek this kind of solution. It provides valuable insights into potential security vulnerabilities, enabling pre-emptive measures and safeguards for your data assets. Then there's data-driven decision-making, which is very important! It breaks down data silos by ingesting all the telemetry data (metrics, logs, etc.) into a single, scalable platform with a contextual data model. This flexibility allows you to collect and visualize any data from any source. Essentially, it pulls data from all sources and guides you in making data-driven decisions for capacity planning, resource allocation, and risk mitigation. Finally, it also fosters collaboration across IT teams.

There are potential improvements based on our client feedback, like unifying the licensing cost structure, which might be helpful for clients. This room for improvement is from my perspective as a salesperson. Because when I give customers the pricing information, they might wonder why there are two different licensing models, unlike competitors like BeyondTrust or Delinea. Delinea also has the same thing with the code.

I have been with this solution for more than six months.

It's very, very stable. Most times, I go through the demo sites, which allows understanding of functionalities and use cases and all of that. I would rate the stability a nine out of ten.

It is a scalable solution. I would rate the scalability a nine out of ten.

The customer service and support are very nice.

Positive

I have experience with Delinea, ManageEngine, BeyondTrust, IBM and WALLIX. But compared to Elastic, they lack the same level of artificial intelligence capabilities. It's like an all-encompassing package with tons of features. One of those features is the ability to pinpoint the root cause of any problem, whether it's code issues (like it was not written properly), developer errors, or anything else. It goes beyond just surface-level troubleshooting and digs deep to give you the real why. That's what sets it apart from the others. Imagine an application is having some issues. Elastic can tell if it's faulty code, a developer mistake, or anything else. It gives you the true root cause, not just the surface-level symptoms. That's its strength and why it stands out as the industry standard.

The initial setup is not complex to me. I've seen it displayed before in a demo presentation with Jakadaz. The solution is not difficult to use. It's very easy. Even as a non-technical person, I could interact with the application.

The deployment doesn't take long because we have experts who can help. It's available both in the cloud and on-premises, so it depends on the customer's choice.

It is a cost-effective solution. It is not expensive.

I would rate it a nine out of ten for now. It has a lot of features compared to other solutions. Its comprehensiveness and range of features are what make it stand out for application monitoring. I highly recommend it. It's very good because it's efficient, highly scalable, and has high availability. Additionally, cost-effectiveness is crucial in Nigeria due to exchange rates. Organizations need solutions that are affordable, and Elasticsearch fits the bill. I would absolutely recommend it to any organization.

Hybrid Cloud

We are using the solution for our products. We are keeping some DBs where we are doing pattern searches. On the application side, we are keeping those in Elastic and a huge amount of data for our different product lines.

The way we access it is great.

The scalability that Elastic is providing is quite useful. 

We can do a lot of archiving. 

It is stable. 

The technical support is quite good. 

The cost is too high once you deploy the solution. 

They're making changes in their architecture too frequently. We'd like less frequent updates. 

I've been using the solution for five or six years. 

The solution is quite stable. There are no bugs or glitches. It doesn't crash. It is reliable. 

It's a scalable solution. We can expand it if needed. We have 50 to 60 users on the solution right now. We do not have plans to increase usage at this time. 

We've dealt with technical support in the past and have had very positive experiences. We are satisfied with the level of support we get. 

Positive

The initial setup has a moderate amount of difficulty. It's not simple and not overly complex. 

Since we are paying more for the license, we have not seen a very high ROI. 

The developer and tester licenses are one thing that is not hurting us. However, the deployment license cost is very, very high for Elastic.

We did look at other options five or six years ago. We chose Elastic for multiple reasons in the end. 

I would recommend the solution to others. 

I'd rate the solution nine out of ten. 

Public Cloud

Our company uses the solution for centralized logging and monitoring. We have slowly moved our Stackdriver to the solution as a cost-cutting measure. 

We have more than 100 technicians using the solution. 

The observability is the best available because it provides granular insights that identify reasons for defects. The observability is more powerful than Grafana because it is so granular.

The UI point of view is not very powerful because it is dependent on Kibana. This can be a struggle because it is not clear where observability features such as logging originate. The UI visualization could be more interesting.

For example, a centralized login for a strike driver only provides two choices for viewing. You can either view the log for an individual system or view the log at the centralized level. A more granular approach with locations, pods, and servers is preferred. 

For comparison, Stackdriver is awesome because it includes all information with respect to the UI point of view. 

I have been using the solution for a few months. 

We are still exploring the solution but find it to be very stable at the enterprise level. It is not a new product, its stability is trusted, and it is well suited for enterprise applications. Extra features are released with no stability issues. 

The solution is definitely scalable and that is one of the reasons we moved from Grafana. We use Spring Boot but the Spring Actuator's micrometer does not scale properly and is very slow. The solution can scale and manage all our monitoring needs in one place. 

Our team is able to solve issues so we do not need technical support. 

I previously used Stackdriver. 

The initial setup is difficult because the solution is an independent product that requires integration with the running system. A one-time configuration is needed for both cloud and on-premises systems. This is common for independent products so is not a big deal for our company. 

For comparison, Stackdriver is already built in the GCP so there is minimal configuration when deploying services in the GCP environment. 

We implemented the solution in-house. 

The solution is less expensive than Stackdriver and Grafana. 

Our company has a relationship with Google so we explored Stackdriver. Its monitoring and logging capabilities are interesting but observability is not that good and it is a bit costly. 

We slowly moved our logging dependencies from Stackdriver. Sometimes we used Splunk but we also used the solution and Grafana because our product is a bit dependent on Spring Boot. 

We found that the solution is more powerful than Grafana with respect to observability and it is more cost effective. 

When using the solution, it is important to understanding indexing concepts and the proper way to search logs from a visualization point of view. These two items work together internally to produce logs that can be filtered to specifications. 

I rate the solution an eight out of ten. 

On-premises

We are using Elastic Enterprise Search for monitoring and alerting. It will look for any kind of possible error that is on the infrastructure side and give notifications.

The most valuable feature of Elastic Enterprise Search is the opportunity to search behind and between different logs.

Elastic Enterprise Search can improve by adding some kind of search that can be used out of the box without too much struggle with configuration. With every kind of search engine, there is some kind of special function that you need to do. A simple out-of-the-box search would be useful.

In the next release, they could improve on the scheduling and alert features.

I have been using Elastic Enterprise Search for a couple of years.

Elastic Enterprise Search is stable.

Everything is managed by Amazon AWS, making Elastic Enterprise Search highly scalable.

We have approximately eight engineers using this solution in my company.

I have not contacted support.

The initial setup of Elastic Enterprise Search was straightforward.

We did the implementation of Elastic Enterprise Search in-house with one person and it was up and running within a couple of days. There is detailed documentation that helped us.

There is fine-tuning needed, but that's never-ending because every time you add a new server, features, or tools inside you have to tune it a little bit better for the alerts.

Elastic Enterprise Search is an open-source solution.

I rate Elastic Enterprise Search a ten out of ten.

Public Cloud

Amazon Web Services (AWS)

I am using Elastic Enterprise Search for the visualization of logs.

The most valuable feature of Elastic Enterprise Search is the Discovery option for the visualization of logs on a GPU instead of on the server.

Elastic Enterprise Search could improve its SSL integration easier. We should not need to go to the back-end servers to do configuration, we should be able to do it on the GUI. 

I have been using Elastic Enterprise Search for two years.

Elastic Enterprise Search has been a stable solution for me for the whole time I have been using it.

I am using Elastic Enterprise Search on-premise and it cannot scale. However, they do have a cloud option.

We have approximately 100 people using this solution in my organization. We use it on a daily basis.

I have not used other similar solutions to Elastic Enterprise Search.

The setup of Elastic Enterprise Search is not normally easy but I was running it on top of Docker which made it easy.

I rate the initial setup of Elastic Enterprise Search a three out of five.

I have configured the solution myself and it has provided me with what I want. I do maintenance of the solution once every other week.

The version of Elastic Enterprise Search I am using is open source which is free. The pricing model should improve for the enterprise version because it is very expensive.

We chose Elastic Enterprise Search over other solutions because the interface was easy to use.

I rate Elastic Enterprise Search a nine out of ten.

On-premises

I'm involved in architecting and implementing Elasticsearch-based solutions, catering to various use cases including IIoT, cybersecurity, IT Ops, and general logging and monitoring.

The intention of this article is not to compare AWS Elasticsearch with Elastic ELK Elasticsearch and at the end declare the winner. Elasticsearch by itself is one of the coolest and versatile Big Data stacks out there. If you are planning to use it in your organization or trying to evaluate if it is the right stack for your product/ solution, this article offers some insights from an architect's perspective.

I'm not the right person to answer this question as I'm the service provider. My clients are the right people to answer.

The Spaces feature in Kibana is really useful. I can ingest all data and then offer multi-tenancy on a single stack to various departments (internal) or customers (external). This feature isn't available in AWS Elasticsearch, and Machine Learning isn't available either.

Other useful features such as Canvas (used to create live infographics) and Lens (used to explore and create visualisations using a drag-and-drop feature) are available only in Elastic's ELK Elasticsearch.

In the last 18 months Elastic has really caught up and also gone way beyond AWS by putting together all the missing components that make ELK Elasticsearch the most comprehensive stack in the entire Big Data ecosystem. Comprehensive because one stack addresses all of the three essential technical components of an end-to-end system: collect, store and visualise terabytes (and even petabytes) of structured or semi-structured data at ease.

Enhance the Spaces feature to make it fully multi-tenant by enabling role-based access control (RBAC) at a Space level rather than overall Kibana or stack level like it is currently.

Elastic needs to work on their Machine Learning offering because currently they have been trying to make it a black box which doesn't work for a serious user (a Data Scientist) as it doesn't give any control over the underlying algorithm. It's like a point-and-click camera vs a DSLR. The offering started with a single/ univariate anomaly detection on time-series data. Now, they have a multivariate which is good, but beyond this, we cannot build any other Machine Learning models, like traditional supervised models. Anomaly detection uses mostly unsupervised algorithms and also it is a very broad problem space for a black box to solve it fully.

Make index’s metadata searchable (or referenceable in search queries).

5 years

Elastic ELK Elasticsearch is one of the most stable Big Data engines and the simplest to maintain and scale. Redundancy is built into the design so there is no single point of failure. We can configure a DR easily and if something goes wrong, we can restore the system into a brand new cluster in hours.

Elasticsearch by itself is 100% scalable as scalability is built into the design like any Big Data system. We just have to add more nodes, and it scales horizontally and then redistributes the data into the new nodes, and the cluster becomes faster and agile automatically. Cross-cluster replication comes with a Platinum license. But this feature is highly exceptional and not a common need.

I have worked with all the flavours of Elasticsearch viz. Elastic.co's ELK which is popularly known as the ELK stack (pronounced as 'yelk'), AWS Elasticsearch and Open Distro plugins for Elasticsearch.

All (including Solr that comes with Hadoop) are built on a common underlying technology, Apache Lucene. The difference is the added features that I call 'batteries included'. To be precise, Elastic's ELK Elasticsearch, unlike others, comes with free enterprise-grade apps (called plugins in Kibana) and a bunch of cool and useful Kibana features. It also features a good deal of engineering automation conveniences built into the stack.

Did you know that the original founders of Elasticsearch are the folks at Elastic.co, the company that has recently transitioned to an open-core philosophy by design. But since AWS took the initial lead and started offering the stack as AWS Elasticsearch service it became more popular and a preferred option for the uninformed. Elastic, on the other hand, was busy innovating and adding more muscle to the stack that it is no more limited to being just the fastest search engine on the planet. In fact, the keyword ‘search’ in Elasticsearch is not relevant anymore and, moreover, it is misleading.

Initial setup is indeed straightforward and fast because it will mostly be a single-node cluster. But as the data volume grows and we start seeing a performance lag, the stack requires scaling (by adding more nodes) and a professional intervention for doing the right capacity design and configuration fine tuning.

It is always a good idea to engage a professional vendor to implement it right the first time and save yourself a lot of time in experimenting and trying to figure out the optimisation hacks and how-to’s all by yourself.

A stack like Elasticsearch that enables heavy lifting of the data effortlessly comes with its intrinsic yet obvious ROI. If one is not able to realise the ROI it means either the data is bad (garbage in, garbage out) or the stack is not implemented properly.

The basic license is free, and it comes with a lot of features that aren't supposed to be free! With a Gold license, we get Alerting (called Watcher) and some modest enterprise features. Note that if alerting is a must feature for you, you can install open-source alerting plugins like Open Distro Alerting or ElastAlert and avoid the Gold license cost. Active Directory integration, SAML, SSO, Machine Learning etc. come with Platinum license. The licensing is per-node and per-annum basis for an on-premise installation and for Cloud Elastic-managed service the cost is baked into the hourly pay-as-you-go fee. Kibana does not have a license, so it's free.

If you don't want alerting, Active Directory or LDAP integration and are good with native authentication, the basic license will suffice. The basic license also comes with many internal stack features, which are free. For example, data segregation into hot and warm storage, automatic configuration, and rolling over the index after achieving a certain size limit. 

SIEM (Security Information and Event Management) app is free. Also is another cool app called Uptime that helps us monitor the uptime of servers and web services. We can do this without any third-party licensing cost. Just turn on the apps, ingest data using Beats and the apps will start thriving. Over time they become mission critical to your business.

For example, the SIEM app will automatically populate the dashboards and allow us to monitor network traffic, successful logins, unsuccessful login attempts, and anomalous security events. All that comes off the shelf and is free. You'll pay a lot, on the other hand, for a traditional SIEM like ArcSight or LogRhythm.

Another free app called Infrastructure (formerly known as Metrics) helps monitor the server infrastructure by configuring light-weight data collectors called MetricBeats (for Windows systems) and AuditBeats (for Linux systems). The Beats will start pumping in all the system performance metrics into the stack and help monitor the memory, CPU and disk utilization.

I have worked with all the flavours of Elasticsearch viz. Elastic.co's ELK which is popularly known as the ELK stack (pronounced as 'yelk'), AWS Elasticsearch and Open Distro plugins for Elasticsearch.

All (including Solr that comes with Hadoop) are built on a common underlying technology- Apache Lucene. The difference is the added features that I call 'batteries included'. To be precise, Elastic's ELK, unlike the others, comes with free enterprise-grade apps (called plugins in Kibana), a bunch of cool and useful Kibana features, and a good deal of engineering automation built into the stack.

Moreover, the original founders of Elasticsearch are the folks at Elastic.co, the company that's built on open-core philosophy. But AWS took the initial lead and offered the stack as AWS Elasticsearch service catering mostly to search-engine use cases. But ELK, with all its goodness, is much more than a search engine! In fact, the keyword search in Elasticsearch is very misleading.

You can spin up Elastic ELK Elasticsearch fully-managed service either on AWS, GCP, or Azure, or have your own on-premises installation and dockerize it. Whereas the AWS Elasticsearch is available only on AWS. That's the hosting difference.

Elastic ELK Elasticsearch comes with a support-only subscription, and there are a lot of updates happening. Kibana is constantly improved and there’s a new release every two weeks.

It has helped by notifying me when something happens. I deploy my team to the infrastructure to fix the application. However, receiving alerts before something happens would be more beneficial.

New Relic is very similar to Elasticsearch in functionality; it's easier to use.

New Relic could be more flexible, similar to Elasticsearch. It could improve on providing notifications before something happens instead of when something happens.

It is a stable and good platform.

It's scalable. There's no need to worry about the environment. You just configure it, and it runs without issues.

I haven't used their support, however, a colleague I talked to about this platform with has used it.

Positive

The initial setup is not complex. The only part that may require specific knowledge is communicating your cloud environment with New Relic and managing the cloud environment configurations.

Comparing the costs between New Relic and Elasticsearch is difficult as New Relic's cost is for processing metrics, whereas Elasticsearch's cost is for storage.

I recommend New Relic, however, it depends on the specific use case you have. I'd rate the solution eight out of ten.

Public Cloud

Other

ELK has helped my team leverage a powerful and efficient capability that is comparable to more costly solutions.

The ability to aggregate log and machine data into a searchable index reduces time to identify and isolate issues for an application. Saves time in triage and incident response by eliminating manual steps to access and parse logs on separate systems, within large infrastructure footprints.

Enterprise scaling of what have been essentially separate, free open source software (FOSS) products has been a challenge, but the folks at Elastic have published new add-ons (X-Pack and ECE) to help large companies grow ELK to required scales.

Three to five years.

No issues with stability.

We encountered issues with scalability.

Not applicable, for my team's experience with ELK. Being a FOSS, there is limited support from Elastic without a service – support, consulting, training. There is wealth of information on the web and a growing community of users to lean on for support, though.

Yes, we had a previous solution but we did not switch. We use multiple log analysis engines. Where we have funds to support commercial, off-the-shelf tools (COTS), we have seen more immediate benefits. Where we must go with low/no-cost FOSS, we use ELK.

Initial setups were complex years ago, but they are more straightforward in the current offering. ELK is essentially a collection of products that each requires infrastructure and expertise to set up independently, and connecting them to gain a functional tool requires still more expertise.

This is a free, open source software (FOSS) tool, which means no cost on the front-end. There are no free lunches in this world though. Technical skill to implement and support are costly on the back-end with ELK, whether you train/hire internally or go for premium services from Elastic.

Splunk, Sumo Logic, and IBM’s Operation Analytics.

Try it out. There is little to lose but time.