Elastic Search Reviews

ELK has helped my team leverage a powerful and efficient capability that is comparable to more costly solutions.

The ability to aggregate log and machine data into a searchable index reduces time to identify and isolate issues for an application. Saves time in triage and incident response by eliminating manual steps to access and parse logs on separate systems, within large infrastructure footprints.

Enterprise scaling of what have been essentially separate, free open source software (FOSS) products has been a challenge, but the folks at Elastic have published new add-ons (X-Pack and ECE) to help large companies grow ELK to required scales.

No issues with stability.

We encountered issues with scalability.

Not applicable, for my team's experience with ELK. Being a FOSS, there is limited support from Elastic without a service – support, consulting, training. There is wealth of information on the web and a growing community of users to lean on for support, though.

Yes, we had a previous solution but we did not switch. We use multiple log analysis engines. Where we have funds to support commercial, off-the-shelf tools (COTS), we have seen more immediate benefits. Where we must go with low/no-cost FOSS, we use ELK.

Initial setups were complex years ago, but they are more straightforward in the current offering. ELK is essentially a collection of products that each requires infrastructure and expertise to set up independently, and connecting them to gain a functional tool requires still more expertise.

This is a free, open source software (FOSS) tool, which means no cost on the front-end. There are no free lunches in this world though. Technical skill to implement and support are costly on the back-end with ELK, whether you train/hire internally or go for premium services from Elastic.

Splunk, Sumo Logic, and IBM’s Operation Analytics.

Try it out. There is little to lose but time.

The solution satisfies our business needs.

The most valuable feature of Elastic Enterprise Search is user behavior analysis.

Elastic Enterprise Search could improve the report templates.

I have been using Elastic Enterprise Search for a while.

Elastic Enterprise Search is stable.

The scalability of Elastic Enterprise Search is good.

I have not contacted the support from the vendor.

Elastic Enterprise Search is of a moderate range of difficulty, it is not difficult and not easy.

We are paying $1,500 a month to use the solution. If you want to have endpoint protection you need to pay more.

I rate the price of Elastic Enterprise Search a three out of five.

My advice to others is for them to make sure this solution satisfies their business needs because there are many solutions and providers, with a lot of options. There are solutions that have a lot of features that the business might not need and it is not good for the business to waste money on features not used. It was recommended by many peers not to seek many options in a solution that you are not going to use, and to concentrate on what is needed.

I rate Elastic Enterprise Search a seven out of ten.

The solution is a dashboarding tool that's useful for DevOps engineers for monitoring. The solution is like a log database. You can ingest into it anything you want and then find the value of the things you ingest. The solution can also be used to make reports.

The most valuable feature of the solution is its utility and usefulness. I use the solution to see the logs better or the error explained. The solution allows us to be more on top of the alerts for the logs. The solution makes passing of the logs easier and faster.

I would like to see more integration for the solution with different platforms. Sometimes, it's hard to understand what you need to send to Elastic Search.

I have been using the solution for two to three years.

Elastic Search is a stable solution.

More than 50 users are using the solution in our organization.

We use the solution's live data analysis for operations purposes. The solution also has a monitoring aspect. ElasticSearch is like a middleman between the PRTG and ITSM tools. It is easier to pass the information about the metrics or the full logs of the cloud platform you are ingesting in the solution instead of giving the output to PRTG.

The solution is deployed on the cloud in our organization. Elastic Search is something that comes after the projects are done. After implementing the project, we use the solution to have that project monitored. I would recommend the solution to other users.

Overall, I rate the solution an eight out of ten.

It's a cloud-based service. At that time, we were using AWS, so we could get the same Elasticsearch capabilities from AWS. It was mostly a PaaS service that we could access. We had the Elasticsearch specific server and database hosted on an AWS instance, and then we fed the data to it and tried to fine-tune the algorithm to give the necessary search intelligence that we needed.

We're not using the latest version. We're using a version that was released one year ago.

The whole organization has about half a million users, but at any point of time, a hundred users might be using it.

The AI-based attribute tagging is a valuable feature. It passes through text data and identifies the tag-words and keywords and connects them to various attributes in the whole system. The system was supposed to run through a lot of existing data in terms of which tag-words would reflect which keywords. There was a model built on top of that. We were building a machine-learning model, which passed through all of the data and did the necessary attribute tagging. We couldn't find attribute tagging in other services.

We initially tried to do it in-house, but we couldn't get the accuracy that we wanted. Elasticsearch was quite efficient in terms of getting accuracy with the limited amount of data that we had. We had 10,000 to 20,000 records. Based on that, we had a good amount of accuracy, which we were happy with. There's a lot we can do with customization.

The documentation regarding customization could be better. Other than that, Elasticsearch has very good documentation. We can get a lot of information from forums.

I have worked with this solution for six months. 

The solution is stable.

As far as what we could accomplish, it was scalable, but we didn't have a lot of data that needed to be processed. We had 10,000 records and it was scalable.

We have reached out to tech support when we have had queries, and they respond in time. We didn't have an escalation process, but we had a lot of queries.

We chose Elasticsearch because we could build a model in a short amount of time. It allows us to build a whole setup in one month and get 93% accuracy. Even if you look at the complex AI-based features that we built within a shorter span, we could build that model with high accuracy, which wasn't possible with other search enterprise vendors that we used.

Setup was a little complex, but we had in-house expertise.

The solution needs regular fine-tuning in terms of the data model. As we get more and more data into the system, the predictability and accuracy of the output keeps changing. On the application and DB side, it was fine. Not a lot of maintenance was required.

Deployment was done in-house.

The solution is affordable. Previously, we wasted a lot of time by building our own system, which we could have avoided by moving to Elasticsearch earlier.

I would rate Elasticsearch as eight out of ten. 

Elasticsearch provides a lot of possibilities. You need to understand your requirements and how Elasticsearch can fulfill them. Somebody might be looking at a simple keyword service or attribute tagging. If you don't understand exactly what you're looking for, you'll get lost in their options and waste a lot of time.

All my use cases have been based more on observability for IT operations. We deal with it in terms of metrics, logs, transactions, traces, and so on. 

In terms of enterprise, most of the use cases are based on search capacity within the company to find documents and relevant information. That is the main use case.

The most relevant feature for me is the platform capacity. I consider the capacity high-performance with a distributed model that can support it, and recently we are growing. 

Search is really powerful. All the search engines and the rules that complement them allow the users to create different kinds of administration for the platform. YOu can create synonyms or rules to better understand or to better detect partial search criteria. It's like an AI that boosts searchability.  

The platform has a powerful tool to correlate and create rules that understand what people will be searching for. 

All the community support that we have available from different users in the open source community is great. Everyone shares and publishes all of these different use cases. That makes the platform and the platform understanding really powerful for anyone who wants to implement a different case.

It is easy to set up.

The solution scales well. 

They have great integrations on offer. 

Maybe Elastic Search could improve the analytics part of the search so it can be more powerful to the user. It could help provide more understanding of what people are searching for. 

We'd like more user-friendly integrations. It should be easier for non-technical people to understand how to handle them. 

I've used the solution for the last four years or so. 

It's stable. We have on-premise and on-cloud deployments. It's stable on both. I prefer the cloud as I avoid the time it takes to manage the platform. However, both cases are stable.

It is a product that can scale well. It's not a problem. 

We have maybe 200 people on the product right now. 

I have experience working with technical support. They are good at responding to incidents. I have not had too many incidents, however, sometimes for probably technical questions in terms of platform performance, search, cluster distribution, and so on, I might reach out. 

My point of view is that the technical support is awesome. They are very responsive and they have a really high understanding. The team has a lot of people with a lot of technical skills and technical knowledge.

The initial setup is very straightforward. It's not difficult as well. 

As I use the cloud, all of the costs for me are based on customer needs. There is a fascinating calculator published in Elastic. That there is not a specific starting cost. It can move from $10,000 US Dollars per year to any price based on how powerful you need the searches to be and the capacity in terms of storage and process. That said, you can start with a small budget, implement the use cases, and start growing slowly.

I'd rate the solution nine out of ten. 

I'm a customer and end-user. 

In terms of use case, we combine a lot of things with Elastic. It's two platforms, so with Elasticsearch, we're using the Beats, Kibana, and Suricata. It's a query engine and we use the information from our sensors. It gets ingested into that and we use the resources to get everything put on our dashboards. If something is detected, alerts come up right away and it's very, very accurate. The more ingest it receives, the better we can respond to threats. It's not just Elastic or Logstash, it's a combination of those and other tools that we would apply towards our threat detection and prevention. We have a partnership with ELK.

The company provides excellent technical support and wonderful engineers, even their sales engineers are great. The dashboard is a valuable feature - it's awesome and very customizable. 

I would like to see more open source tools and testing as well as a signature analysis in the solution. I think that a lot of times when we go into a corporate environment where it becomes more add on features or an additional service fee, it typically draws away from that product. 

I think it would be cool if they could provide a couple of licenses that would be test bed licenses so that engineers and people with have their hands on the keyboard could test any new development. 

I've been using this solution for three or four years. 

It is a very scalable soluton. It is very easy and I would recommend it to anyone. In terms of users it's all tiered. Most things are from tier zero at egress point of any major large-scale network all the way down to the customer. We have roughly 200 users. And those would include analysts and real time threat analysts. 

I'm very satisfied with the technical support and would rate it highly. Sometimes there are issues because we are overseas and there is a six hour time difference which creates a lag. It's hard to get around that but they're very responsive. 

We had issues when we first did the initial setup, because our resources were limited because it was a test that it was a proof of concept. It meant the initial setup was somewhat resource intensive. The data NGS itself was an issue when we were trying to filter and pull that information. Again, a signature analysis would have been helpful here.

For anyone considering implementing this solution, I would say take a good hard look at your own infrastructure resources and scalability as you have to future proof everything. Whether it's scale or increase in customers building up through your actual hardware and your network infrastructure. You need to know it's capable of performing the tasks needed, because sometimes you outgrow yourself. So, I would say look at your resources and how it can be scaled.

I would rate this solution a nine out of 10. 

I am an end user, and we use Elasticsearch for our logs. Specifically, we use it for security logs for our enterprise, including machines, networks, and endpoints, as part of our IT infrastructure.

We have been able to collect our live logs, which helps us run security operations more effectively. It has enabled us to identify false positives and detect real-time malicious activities in the network.

The security portion of Elasticsearch is particularly beneficial, allowing me to view and analyze security alerts. It serves as a query engine for the database, enabling us to analyze logs for potential threats.

An improvement would be to have an interface that allows easier navigation and tracing of logs. The current system requires manually inputting dates to verify alerts. A visual timeline that pinpoints possible anomalies would be beneficial.

I have been using Elasticsearch for approximately one year.

I would rate the stability of the solution as nine out of ten. It is very robust.

I would rate the scalability as either nine out of ten. It's a very robust solution.

I do not interface directly with technical support from Elastic. Another colleague manages that aspect.

Positive

We did not use any different solution before Elasticsearch.

I was not involved in the setup process. Our architects and technical officer managed it.

I am not directly involved with pricing or setup costs. While I know a portion is open-source, a paid version might be necessary.

It was not my duty to evaluate other options. The architects and chief technical officer handled those decisions.

For someone wanting to be a security analyst, Elasticsearch is a valuable tool. It helps organizations collect large amounts of logs from various platforms like Windows, Ubuntu, and Palo Alto Networks.

I'd rate the solution eight out of ten.

We use Elasticsearch as an alternative to Splunk. It is basically for log monitoring.

It's probably a cost-efficient alternative to Splunk. The search interface is nearly the same. When it comes to visualizations, Elastic is a bit better than Splunk.

Elastic Search needs better guides for developers. Better guides for development.

I have been using it for a year.

I would rate the stability an eight out of ten. 

It's fairly scalable. I would rate the scalability of this solution a ten out of ten. 

There are around five end users using it in my team. 

Till date, we did not have any issues with  customer service and support. Like, initially, we had issues in accessing the portal. But that was the only issue, but it was resolved pretty quick.

The initial setup is fairly simple. Initially, it was on-prem, but right now, it's on the cloud.

It is pretty easy to integrate as well.

It's like, when someone is buidling products for scale, it reduces the time to market.

I would rate the pricing a seven out of ten, with one being high price and ten being low price. It could be cheaper for certain use cases, but since it gets the job done, no complaints for the pricing. 

Overall, I would rate it a nine out of ten. I would definitely recommend it to other users.