Elastic Search Reviews

We use the solution for log gathering, analyzing, and dashboard creation (with Kibana).

For example, several clients require the ability to store and search logs freely without the constrictions that would be in place if a traditional database was used. 

Elasticsearch is perfect for these use cases since it is a non-SQL database with advanced querying capabilities based on the Lucene search engine. 

There is excellent support and a large community that answers possible questions online in detail and very quickly. I was amazed at the help I got several times.

It gave us a tool to perform queries on unstructured data that had no fixed schema/form. This alone was a great asset, especially when dealing with clients that have large datasets from various sources that each follow their own format. 

It gives us the possibility to store and query this data and also do this efficiently and securely and without delays. 

Moreover, its learning curve was not steep. Therefore, no training was required - or at least no significant amount of time was consumed for training activities.

The ability to store unstructured data and perform fast searches that could be customized in detail is quite helpful. This is also a direct request from more and more customers. The Lucene search engine provides the needed speed. In larger projects with multiple nodes, disaster recovery and prevention is an asset (and it is needless to explain why). 

AI and machine learning capabilities have also emerged as a direct result of requests from customers. The addition of these features is useful and also can provide advanced security capabilities (such as tracking unusual behavior detection in logs).

Dashboards could be more flexible, and it would be nice to provide more drill-down capabilities. 

Although the discover function offers exploratory capabilities and one can search for various patterns in logs, the ability to do this from the dashboard function would be very useful. It would make the procedure more simple for the end user, and require less training. It would also be pretty much self-explanatory (drill down and explore specific parts of the diagram/dashboard). 

Also, more predictive analytics would be a nice-to-have feature.

I have been using the product for about two years.

The stability can be impressive.

The scalability is very good.

Technical support is excellent!

Positive

I have used Prometheus and Grafana. They do not offer the capabilities of ELK and their focus is different.

The setup is straightforward - although Logstash needed extra care in Windows VM installations.

We handled the setup in-house.

We have seen an ROI of 50% at least.

I'd advise people to involve a team with people from different departments in order to predict the correct scale.

Loki seems to be an alternative with fewer capabilities.

Logstash seems to have a very small capability to report errors, and that makes it difficult to troubleshoot. It would be nice to get some indication so as to save time.

We are using the solution for our products. We are keeping some DBs where we are doing pattern searches. On the application side, we are keeping those in Elastic and a huge amount of data for our different product lines.

The way we access it is great.

The scalability that Elastic is providing is quite useful. 

We can do a lot of archiving. 

It is stable. 

The technical support is quite good. 

The cost is too high once you deploy the solution. 

They're making changes in their architecture too frequently. We'd like less frequent updates. 

I've been using the solution for five or six years. 

The solution is quite stable. There are no bugs or glitches. It doesn't crash. It is reliable. 

It's a scalable solution. We can expand it if needed. We have 50 to 60 users on the solution right now. We do not have plans to increase usage at this time. 

We've dealt with technical support in the past and have had very positive experiences. We are satisfied with the level of support we get. 

Positive

The initial setup has a moderate amount of difficulty. It's not simple and not overly complex. 

Since we are paying more for the license, we have not seen a very high ROI. 

The developer and tester licenses are one thing that is not hurting us. However, the deployment license cost is very, very high for Elastic.

We did look at other options five or six years ago. We chose Elastic for multiple reasons in the end. 

I would recommend the solution to others. 

I'd rate the solution nine out of ten. 

Our company uses the solution for centralized logging and monitoring. We have slowly moved our Stackdriver to the solution as a cost-cutting measure. 

We have more than 100 technicians using the solution. 

The observability is the best available because it provides granular insights that identify reasons for defects. The observability is more powerful than Grafana because it is so granular.

The UI point of view is not very powerful because it is dependent on Kibana. This can be a struggle because it is not clear where observability features such as logging originate. The UI visualization could be more interesting.

For example, a centralized login for a strike driver only provides two choices for viewing. You can either view the log for an individual system or view the log at the centralized level. A more granular approach with locations, pods, and servers is preferred. 

For comparison, Stackdriver is awesome because it includes all information with respect to the UI point of view. 

I have been using the solution for a few months. 

We are still exploring the solution but find it to be very stable at the enterprise level. It is not a new product, its stability is trusted, and it is well suited for enterprise applications. Extra features are released with no stability issues. 

The solution is definitely scalable and that is one of the reasons we moved from Grafana. We use Spring Boot but the Spring Actuator's micrometer does not scale properly and is very slow. The solution can scale and manage all our monitoring needs in one place. 

Our team is able to solve issues so we do not need technical support. 

I previously used Stackdriver. 

The initial setup is difficult because the solution is an independent product that requires integration with the running system. A one-time configuration is needed for both cloud and on-premises systems. This is common for independent products so is not a big deal for our company. 

For comparison, Stackdriver is already built in the GCP so there is minimal configuration when deploying services in the GCP environment. 

We implemented the solution in-house. 

The solution is less expensive than Stackdriver and Grafana. 

Our company has a relationship with Google so we explored Stackdriver. Its monitoring and logging capabilities are interesting but observability is not that good and it is a bit costly. 

We slowly moved our logging dependencies from Stackdriver. Sometimes we used Splunk but we also used the solution and Grafana because our product is a bit dependent on Spring Boot. 

We found that the solution is more powerful than Grafana with respect to observability and it is more cost effective. 

When using the solution, it is important to understanding indexing concepts and the proper way to search logs from a visualization point of view. These two items work together internally to produce logs that can be filtered to specifications. 

I rate the solution an eight out of ten. 

We are using Elastic Enterprise Search for monitoring and alerting. It will look for any kind of possible error that is on the infrastructure side and give notifications.

The most valuable feature of Elastic Enterprise Search is the opportunity to search behind and between different logs.

Elastic Enterprise Search can improve by adding some kind of search that can be used out of the box without too much struggle with configuration. With every kind of search engine, there is some kind of special function that you need to do. A simple out-of-the-box search would be useful.

In the next release, they could improve on the scheduling and alert features.

I have been using Elastic Enterprise Search for a couple of years.

Elastic Enterprise Search is stable.

Everything is managed by Amazon AWS, making Elastic Enterprise Search highly scalable.

We have approximately eight engineers using this solution in my company.

I have not contacted support.

The initial setup of Elastic Enterprise Search was straightforward.

We did the implementation of Elastic Enterprise Search in-house with one person and it was up and running within a couple of days. There is detailed documentation that helped us.

There is fine-tuning needed, but that's never-ending because every time you add a new server, features, or tools inside you have to tune it a little bit better for the alerts.

Elastic Enterprise Search is an open-source solution.

I rate Elastic Enterprise Search a ten out of ten.

I am using Elastic Enterprise Search for the visualization of logs.

The most valuable feature of Elastic Enterprise Search is the Discovery option for the visualization of logs on a GPU instead of on the server.

Elastic Enterprise Search could improve its SSL integration easier. We should not need to go to the back-end servers to do configuration, we should be able to do it on the GUI. 

I have been using Elastic Enterprise Search for two years.

Elastic Enterprise Search has been a stable solution for me for the whole time I have been using it.

I am using Elastic Enterprise Search on-premise and it cannot scale. However, they do have a cloud option.

We have approximately 100 people using this solution in my organization. We use it on a daily basis.

I have not used other similar solutions to Elastic Enterprise Search.

The setup of Elastic Enterprise Search is not normally easy but I was running it on top of Docker which made it easy.

I rate the initial setup of Elastic Enterprise Search a three out of five.

I have configured the solution myself and it has provided me with what I want. I do maintenance of the solution once every other week.

The version of Elastic Enterprise Search I am using is open source which is free. The pricing model should improve for the enterprise version because it is very expensive.

We chose Elastic Enterprise Search over other solutions because the interface was easy to use.

I rate Elastic Enterprise Search a nine out of ten.

I'm involved in architecting and implementing Elasticsearch-based solutions, catering to various use cases including IIoT, cybersecurity, IT Ops, and general logging and monitoring.

The intention of this article is not to compare AWS Elasticsearch with Elastic ELK Elasticsearch and at the end declare the winner. Elasticsearch by itself is one of the coolest and versatile Big Data stacks out there. If you are planning to use it in your organization or trying to evaluate if it is the right stack for your product/ solution, this article offers some insights from an architect's perspective.

I'm not the right person to answer this question as I'm the service provider. My clients are the right people to answer.

The Spaces feature in Kibana is really useful. I can ingest all data and then offer multi-tenancy on a single stack to various departments (internal) or customers (external). This feature isn't available in AWS Elasticsearch, and Machine Learning isn't available either.

Other useful features such as Canvas (used to create live infographics) and Lens (used to explore and create visualisations using a drag-and-drop feature) are available only in Elastic's ELK Elasticsearch.

In the last 18 months Elastic has really caught up and also gone way beyond AWS by putting together all the missing components that make ELK Elasticsearch the most comprehensive stack in the entire Big Data ecosystem. Comprehensive because one stack addresses all of the three essential technical components of an end-to-end system: collect, store and visualise terabytes (and even petabytes) of structured or semi-structured data at ease.

Enhance the Spaces feature to make it fully multi-tenant by enabling role-based access control (RBAC) at a Space level rather than overall Kibana or stack level like it is currently.

Elastic needs to work on their Machine Learning offering because currently they have been trying to make it a black box which doesn't work for a serious user (a Data Scientist) as it doesn't give any control over the underlying algorithm. It's like a point-and-click camera vs a DSLR. The offering started with a single/ univariate anomaly detection on time-series data. Now, they have a multivariate which is good, but beyond this, we cannot build any other Machine Learning models, like traditional supervised models. Anomaly detection uses mostly unsupervised algorithms and also it is a very broad problem space for a black box to solve it fully.

Make index’s metadata searchable (or referenceable in search queries).

5 years

Elastic ELK Elasticsearch is one of the most stable Big Data engines and the simplest to maintain and scale. Redundancy is built into the design so there is no single point of failure. We can configure a DR easily and if something goes wrong, we can restore the system into a brand new cluster in hours.

Elasticsearch by itself is 100% scalable as scalability is built into the design like any Big Data system. We just have to add more nodes, and it scales horizontally and then redistributes the data into the new nodes, and the cluster becomes faster and agile automatically. Cross-cluster replication comes with a Platinum license. But this feature is highly exceptional and not a common need.

I have worked with all the flavours of Elasticsearch viz. Elastic.co's ELK which is popularly known as the ELK stack (pronounced as 'yelk'), AWS Elasticsearch and Open Distro plugins for Elasticsearch.

All (including Solr that comes with Hadoop) are built on a common underlying technology, Apache Lucene. The difference is the added features that I call 'batteries included'. To be precise, Elastic's ELK Elasticsearch, unlike others, comes with free enterprise-grade apps (called plugins in Kibana) and a bunch of cool and useful Kibana features. It also features a good deal of engineering automation conveniences built into the stack.

Did you know that the original founders of Elasticsearch are the folks at Elastic.co, the company that has recently transitioned to an open-core philosophy by design. But since AWS took the initial lead and started offering the stack as AWS Elasticsearch service it became more popular and a preferred option for the uninformed. Elastic, on the other hand, was busy innovating and adding more muscle to the stack that it is no more limited to being just the fastest search engine on the planet. In fact, the keyword ‘search’ in Elasticsearch is not relevant anymore and, moreover, it is misleading.

Initial setup is indeed straightforward and fast because it will mostly be a single-node cluster. But as the data volume grows and we start seeing a performance lag, the stack requires scaling (by adding more nodes) and a professional intervention for doing the right capacity design and configuration fine tuning.

It is always a good idea to engage a professional vendor to implement it right the first time and save yourself a lot of time in experimenting and trying to figure out the optimisation hacks and how-to’s all by yourself.

A stack like Elasticsearch that enables heavy lifting of the data effortlessly comes with its intrinsic yet obvious ROI. If one is not able to realise the ROI it means either the data is bad (garbage in, garbage out) or the stack is not implemented properly.

The basic license is free, and it comes with a lot of features that aren't supposed to be free! With a Gold license, we get Alerting (called Watcher) and some modest enterprise features. Note that if alerting is a must feature for you, you can install open-source alerting plugins like Open Distro Alerting or ElastAlert and avoid the Gold license cost. Active Directory integration, SAML, SSO, Machine Learning etc. come with Platinum license. The licensing is per-node and per-annum basis for an on-premise installation and for Cloud Elastic-managed service the cost is baked into the hourly pay-as-you-go fee. Kibana does not have a license, so it's free.

If you don't want alerting, Active Directory or LDAP integration and are good with native authentication, the basic license will suffice. The basic license also comes with many internal stack features, which are free. For example, data segregation into hot and warm storage, automatic configuration, and rolling over the index after achieving a certain size limit. 

SIEM (Security Information and Event Management) app is free. Also is another cool app called Uptime that helps us monitor the uptime of servers and web services. We can do this without any third-party licensing cost. Just turn on the apps, ingest data using Beats and the apps will start thriving. Over time they become mission critical to your business.

For example, the SIEM app will automatically populate the dashboards and allow us to monitor network traffic, successful logins, unsuccessful login attempts, and anomalous security events. All that comes off the shelf and is free. You'll pay a lot, on the other hand, for a traditional SIEM like ArcSight or LogRhythm.

Another free app called Infrastructure (formerly known as Metrics) helps monitor the server infrastructure by configuring light-weight data collectors called MetricBeats (for Windows systems) and AuditBeats (for Linux systems). The Beats will start pumping in all the system performance metrics into the stack and help monitor the memory, CPU and disk utilization.

I have worked with all the flavours of Elasticsearch viz. Elastic.co's ELK which is popularly known as the ELK stack (pronounced as 'yelk'), AWS Elasticsearch and Open Distro plugins for Elasticsearch.

All (including Solr that comes with Hadoop) are built on a common underlying technology- Apache Lucene. The difference is the added features that I call 'batteries included'. To be precise, Elastic's ELK, unlike the others, comes with free enterprise-grade apps (called plugins in Kibana), a bunch of cool and useful Kibana features, and a good deal of engineering automation built into the stack.

Moreover, the original founders of Elasticsearch are the folks at Elastic.co, the company that's built on open-core philosophy. But AWS took the initial lead and offered the stack as AWS Elasticsearch service catering mostly to search-engine use cases. But ELK, with all its goodness, is much more than a search engine! In fact, the keyword search in Elasticsearch is very misleading.

You can spin up Elastic ELK Elasticsearch fully-managed service either on AWS, GCP, or Azure, or have your own on-premises installation and dockerize it. Whereas the AWS Elasticsearch is available only on AWS. That's the hosting difference.

Elastic ELK Elasticsearch comes with a support-only subscription, and there are a lot of updates happening. Kibana is constantly improved and there’s a new release every two weeks.

It has helped by notifying me when something happens. I deploy my team to the infrastructure to fix the application. However, receiving alerts before something happens would be more beneficial.

New Relic is very similar to Elasticsearch in functionality; it's easier to use.

New Relic could be more flexible, similar to Elasticsearch. It could improve on providing notifications before something happens instead of when something happens.

It is a stable and good platform.

It's scalable. There's no need to worry about the environment. You just configure it, and it runs without issues.

I haven't used their support, however, a colleague I talked to about this platform with has used it.

Positive

The initial setup is not complex. The only part that may require specific knowledge is communicating your cloud environment with New Relic and managing the cloud environment configurations.

Comparing the costs between New Relic and Elasticsearch is difficult as New Relic's cost is for processing metrics, whereas Elasticsearch's cost is for storage.

I recommend New Relic, however, it depends on the specific use case you have. I'd rate the solution eight out of ten.

We have data in different databases. One is a relational database, and another is NoSQL. They are different services. They host document-like data. We used Elastic to convert the data structurally. We used Elastic as a multi-service search engine. It is a good solution. It is too powerful.

I would advise anyone to use the product. It is good. Data indexing of historical data is the most beneficial feature of the product.

The solution must provide AI integrations. I could direct my data flow to my AI tools if I use Elastic for IoT data.

I have been using the solution since 2007.

I rate the stability an eight out of ten.

The solution provides powerful scalability. I rate the scalability a ten out of ten. Our clients are medium-sized businesses.

I do not need technical support because the product works well.

The initial setup was very easy. I rate the ease of setup an eight out of ten. The setup can be done within minutes.

I use the community version. The premium license is expensive. I rate the tool’s pricing an eight out of ten.

With the power of Kibana, we can easily and dynamically analyze and summarize our log data. The internet has information about all the technical solutions. I bought some courses from Udemy for Elastic Search. I also got some documents from Elastic Search. The documentation for Java is very good. It was sufficient to learn as a developer.

I could integrate my products to Elastic Search easily. I use the default index for my solution, and it works very well. Elastic’s indexing policies are very good. I do not need any indexed operations for my solution. Overall, I rate the tool a nine out of ten.