Elastic Search Reviews

We use the product for log analytics and metrics features. 

We can easily collect all the data and view historical trends using the product. We can view the applications and identify the issues effectively.

They could improve some of the platform's infrastructure management capabilities. There should be better visualization and insights about the cost of the SaaS services, which are not effective. Additionally, there needs to be more native integrations to merge the data.

We have been using Elastic Search for about a year.

I rate the stability a ten out of ten.

It is a highly scalable application. We have 15 users in our management team. I rate the scalability an eight out of ten.

I have experience working with Splunk in the past.

The initial setup for the SaaS platform is quite easy. We took assistance from an engineer for the onboarding. Thus, it was straightforward for us. However, there could be a better integration with AWS.

I rate the process a seven out of ten.

I rate Elastic Search's pricing an eight out of ten.

By integrating Deepgram insights with the product, we've gained visibility into logging, service behavior, and cost optimization.

I rate Elastic Search a nine out of ten.

We are developing a SIEM application that is similar to QRadar, ArcSight, or Splunk. This application uses Elasticsearch as its search engine because we want to retrieve information fast. We are just using the basic search engine part of Elasticsearch. We have developed lots of things on top of Elasticsearch, such as security, correlation, reporting, etc.

The search speed is most valuable and important.

Its licensing needs to be improved. They don't offer a perpetual license. They want to know how many nodes you will be using, and they ask for an annual subscription. Otherwise, they don't give you permission to use it. Our customers are generally military or police departments or customers without connection to the internet. Therefore, this model is not suitable for us. This subscription-based model is not the best for OEM vendors. 

Another annoying thing about Elasticsearch is its roadmap. We are developing something, and then they say, "Okay. We have removed that feature in this release," and when we are adapting to that release, they say, "Okay. We have removed that one as well." We don't know what they will remove in the next version. They are not looking for backward compatibility from the customers' perspective. They just remove a feature and say, "Okay. We've removed this one."

In terms of new features, it should have an ODBC driver so that you can search and integrate this product with existing BI tools and reporting tools. Currently, you need to go for third parties, such as CData, in order to achieve this. ODBC driver is the most important feature required. 

Its Community Edition does not have security features. For example, you cannot authenticate with a username and password. It should have security features. They might have put it in the latest release.

I have been using this solution since version 1.0.

For a one-node installation, it is easy. You can do it and retrieve information fast, but when you are trying to scale up, everything becomes complicated. If you want to deal with several terabytes of data, you should read whitepapers or case studies or get proper consultancy from Elasticsearch. Otherwise, you will lose data. I know many customers who lost their data and could not recover it. It is not like you store everything and search for everything, and it is just instant. It is not like that. You should do your homework very intensively. It looks easy, but when you scale up, it gets complicated.

We got 60 days of development consultancy with them. Until we sign the agreement, they were quick and prompt. After the signature it changed. Overall experience, we are not satisfied with the development consultancy.

We switched from SQL Server to Elasticsearch. For our application, we wanted the information very fast without locking everything. In SQL Server or Oracle, that would not have been possible. Deleting is also very difficult in SQL Server.

Its initial setup is straightforward. There were no problems.

We are using the Community Edition because Elasticsearch's licensing model is not flexible or suitable for us. They ask for an annual subscription. We also got the development consultancy from Elasticsearch for 60 days or something like that, but they were just trying to do the same trick. That's why we didn't purchase it. We are just using the Community Edition.

We evaluated other products and chose Elasticsearch because the data that we are collecting is unstructured. Every log has a different structure.

The most important thing to keep in mind is that it is not as they advertise on their site. If you want to scale up and are looking for a big deployment, you must read everything. You also need support from the company itself. 

I would rate ELK Elasticsearch a seven out of ten.

The tool's stability and performance are good. 

Elastic Search needs to improve its technical support. It should be customer-friendly and have good support. 

I have been using the product for a year. 

The tool is stable; I rate it an eight to nine out of ten. 

The product is scalable, and I rate it a ten out of ten. My company has three users. We use it regularly. 

You need three resources to handle the deployment. 

The tool is not expensive. Its licensing costs are yearly. 

I rate Elastic Search an eight out of ten. You can use the product if you are looking for value for money. 

Our main use case is to centralize all the logs from the infrastructure environment and the data center.

The most valuable aspect of the solution is the visualization with Kibana. What we have not yet started, yet, we plan to do, is to use machine learning.

The initial setup is very easy for small environments.

There is very little maintenance needed.

The solution is stable.

The scalability is good.

The solution offers good value for the price.

They could simplify the Filebeat and Logstash configuration piece. There are a lot of manual steps on the operating system. It could be simplified in the user interface.

I've been using the solution for about a year at this point.

The stability is really good. We use it in a fully virtualized environment, and that's not a real recommendation from Elastic. However, even with how it's stored, even if it's not a recommendation, for this small environment we have here, it's stable enough. It's working.

We're in the very early stages of usage. We only have maybe 20 people on the solution currently. We are increasing this, however. There will be more.

The solution is easy to scale. You can add new Elasticsearch clusters. It should be noted that you have to separate the different roles from Elasticsearch to other devices, so you need a little bit more knowledge to do it right.

We've been in touch with technical support a little bit as we're still in negotiation. Right now, we are running the basic product which is free of charge. We're in negotiation with the vendor for a license, where we will get proper support. We need it.

I'm also familiar with Splunk, which is more expensive.

In our case, it was a simple installation process. It was just set up in small environments, however, if it's getting larger, it will be more complex as then you have to split all the different roles onto different machines, to get the performance you need.

Therefore, for small environments, it's very easy. If you're doing a big environment, then it's much more complex.

The only maintenance needed is for updating the systems. We're working on it to make it all more or less automatic. All we need to do is to implement the updates when they arrive.

We just handled the initial setup internally. We did not need the assistance of any integrators or consultants. 

It's a bit too expensive, however, it's not as expensive as Splunk, which is a good thing. It's okay. There are cheaper products that we know, however, this is a very rich product, and it's got a very wide functionality, and a wide range of functionalities which I don't see in the other products, especially not in the cheaper ones.

I'm just a customer and an end-user.

Our company is always using the latest updates.

I'd advise new users that you need to do a POC or get a test installation. It's free of charge. It's important to ingest a lot of data so that you get a feeling of scalability and performance. To put something in your lab, for example, is very helpful. It's only when you have data in the system, that you can see the benefits of the Elastic environment.

I would absolutely recommend the solution to others. I'd rate it at a nine out of ten. I've been pleased with its capabilities overall. 

We try to detect malicious files by the logs. The logs are all centralized including all our PCs, our callers, our servers, Linux, windows, Polaris names. We scan everything. Then we have pre-defined specific use cases that allow us to identify if there is an attack on the machine or indirectly by the endpoint. On top of that, we can check with users as we're not directly dealing with the configuration, so we can follow up on the alerts we receive. On top of that, we have the systems in place that allow us to detect if certain inexcusable items are on the system, such as malicious files. We can do this because we also retrieve the log files of the identifiers.

The fact that you can dump any type of format in the database without any specific reformatting is fantastic. It makes it very flexible in collecting information and that saves us a lot of time because otherwise, we would really need to define specifically what we're looking for and reformat everything. With this solution, that's not necessary. We can directly, and in a really standard raw format, dump the data into the database. Only afterwards do we need to define what specifically we're looking for, however, at that point, it's not a big deal to actually add an additional log and to collect additional information. 

The solution is very scalable. 

There's lots of processing power. You can actually just add machines to get more performance if you need to. It's pretty flexible and very easy to add another log. It's not like 'oh, no, it's going to be so much extra data'. That's not a problem for the machine. It can handle it.

The solution has quite a steep learning curve. The usability and general user-friendliness could be improved. However, that is kind of typical with products that have a lot of flexibility, or a lot of capabilities. Sometimes having more choices makes things more complex. It makes it difficult to configure it, though. It's kind of a bitter pill that you have to swallow in the beginning and you really have to get through it. 

Once you begin to understand the concepts and how to actually look for data it's a very pleasant solution, but the learning curve is very steep in the beginning, to the point that they could improve it to make it a bit less intimidating to start. There needs to be a bit more intuition behind the architecture and the data search.

This solution has been used for at least five years at the company.

It's very stable. The only thing that might happen is that sometimes when you do a search it will stress the machine a bit too much. If that happens, then it's a matter of, if you do it the wrong way, the machine gets stressed and then it slows down. However, it will not crash. It almost never crashes. You'll simply figure out that the machine is overwhelmed and take the stress off. 

The problem, occasionally, is that it may become unresponsive, but it isn't really unresponsive, it's just that the system is overloaded. That can only happen if you do your database search in the wrong way. That's why, especially when you have a lot of data and are really concentrating a lot of data on a few machines, you have to be careful of what you're doing. 

It's a very nice tool but you have to be a bit aware of how to deal with this, especially when you have a lot of data and you have limited processing capacity. If you have unlimited processing capacity you can do whatever you want with it. I personally can say that I've never seen a machine crash.

The scalability of the product is good. It's our key system that generates alerts and does surveillance on a security level. This product is extensively used in our organization.

We have people of course, from the server team that makes sure that the logs get collected. And then we have the people that actually deal with the configuration of the ELK as well. That is a team of five or six people that we use now. Then, of course, we have all the teams that follow up on the alerts, and there, I would say, we have two or three different teams, which is between 10 and 20 people. That's just part of the people that work with the solution.

I work on part of the team that deals with technical support issues. There's a good community around the solution. This is because the product is actually open-source. With a lot of typical issues, you can simply Google questions and you will find the answer. Of course, we do have a support contract with the company. I don't deal directly with that, however. We contact them directly if we really need to and we have maintenance contracts with them. Unfortunately, I can't really speak to how good or bad they are because I've never called them myself.

Before we switched over to this, we used it in combination with an end product called QRadar, but both of them together were time-consuming. 

It's easy to install the servers, that's not really the problem. The difficulty is afterward. Users need to understand how to explore the data.

The server setup is the easy part. Even, let's say, moving the log into the machine or into the database is no problem. However, then you have all this data and you will really struggle to understand the information. That is sometimes not always obvious at the outset. In order to do that in an effective way, it requires a little bit of manipulating.

To install the servers, a minimum installation takes me a day or more. It's for the most part usually pretty fast.

I myself have already had quite a lot of experience with the product. Therefore, I can set it up myself.  Most customers or most IT departments will struggle to set it up due to the difficult learning curve in the beginning. 

I would definitely recommend most users or companies, at least for the beginning, to get help troubleshooting problems. It will help them understand a little bit more about the steep learning curve. It really makes things much easier, and much more effective. 

I have used different products myself due to the nature of my work. I'm a security consultant. I have been working with different customers who use different solutions, which means that I have used other things and can evaluate and compare them for clients.

I've worked with Splunk, for example. Splunk, for instance, on the level of data mining and inquiring, might be easier. It's a bit more intuitive. The downside of it is as soon as you start collecting a lot of data, it becomes extremely expensive to use Splunk. It's a very good product. However, typically, with the need to collect as many logs and as much data as possible, Splunk becomes expensive, and you can't put it in a budget easily. It's simply out of budget for many as soon as they start clicking. Also, the purpose of a security system is not the same.

With Splunk, some will not add additional logs because they don't often have the budget, especially when it immediately means that you're going to need to increase your costs enormously. That's not the purpose of a security system. For the system to be effective you must be able to have good surveillance and that means that you should not hesitate in adding your logs. Still, when the costs double, people hesitate and if they don't have the budget and cut the logs, things can get through. Fortunately, with ELK, you don't have that issue. With ELK you don't pay for gigabytes, or terabytes or the data that you use. That's the main advantage compared to Splunk. But Splunk, it has a less steep learning curve.

I'm just using it as a customer

We tend to use the latest versions of the solution. We try to upgrade it on a regular basis.

I'd advise other companies considering implementing the solution to get a team in that knows the product and try to take advantage of their knowledge. It will help reduce the pain of the learning curve.

I'd rate the solution eight out of ten.

I would not give it a ten because of the steep learning curve. I know what the product is, but many do not, and for them it will be quite difficult to get started without becoming very frustrated in the process. 

Elastic Search is added advantage for us because we normally use it for our uptime monitoring and our log analysis. When we merge it with Splunk, it helps us correlate and do security monitoring. 

Elastic Enterprise Search comes embedded within a solution that we have developed for our clients. It's a payment solution. We've recently shipped it with Elastic Enterprise Search embedded. All the logs and all the internal communications get captured by Elastic Enterprise Search. It makes it easy for the IT teams who are doing uptime monitoring and troubleshooting to have a look at it. We have the security teams develop their own monitoring metrics and logs, if they wish, based on their deployment. 

The beauty of Elastic Enterprise Search is if they also have their own third-party tools, there's the ability to integrate and read off Elastic Enterprise Search and have any third-party tool process the logs as well. It is highly extensible.

The most valuable features of Elastic Enterprise Search are it's cloud-ready and we do a lot of infrastructure as code. By using ELK, we're able to deploy the solution as part of our ISC deployment. 

The extensibility and configurability of the solution are great. Having the ability to mine for anything is useful. It's extensible and useful in terms of digesting any type of information. Since we do a lot of consulting, it means we are able to apply it to diverse environments without having to suffer the overhead of integration.

There is another solution I'm testing which has a 500 record limit when you do a search on Elastic Enterprise Search. That's the only area in which I'm not sure whether it's a limitation on our end in terms of knowledge or a technical limitation from Elastic Enterprise Search. There is another solution we are looking at that rides on Elastic Enterprise Search. And the limit is for any sort of records that you're doing or data analysis you're trying to do, you can only extract 500 records at a time. I know the open-source nature has a lot of limitations, Otherwise, Elastic Enterprise Search is a fantastic solution and I'd recommend it to anyone.

I have been using Elastic Enterprise Search for approximately four years.

I have no complaints in terms of stability. However, you have to make sure you give Elastic Enterprise Search the minimum resources it requires. We have not seen any major issues that we would send back to the vendor or the solution maker. If there was an issue it most likely would be from the environment, depending on how it was deployed and how it was configured.

Elastic Enterprise Search is scalable. In our environment, we deploy it in a containerized environment. For us, we've experienced the scalability of the solution because as we grow and expand, we spin up more containers that are interconnected. I don't see any issues with Elastic Enterprise Search from a scalability perspective. 

There's a lot of material available online. We tend to look online before we reach out for technical support. We have not needed to contact the support and this is a testament to how much information is available online. 

The solution is not expensive because users have the option of choosing the managed or the subscription model. 

Elastic Enterprise Search is a very good solution and they should keep doing good work.

I'm a very satisfied customer because almost everything I need comes out of the book. You already have machine learning, alerts, the ability to search, APIs, inbuilt security, and integration to third-party authentication.

I rate Elastic Enterprise Search a ten out of ten.

While the solution is slated for making logging positions more centralized, at present we are gearing through it. A fully-fledged deployment of alignments is not yet in place.

We have adjusted the logs into the spec for a couple of our applications.

We consider all of the features to be valuable. With respect to 12B Kibana, all of the components fit in very well. Logsearch gives us certain log filtering capabilities and we can vet what we push into our database. This allows us only to log and ship limited items. Essentially, Logsearch plays a big role although not the most important one. 

The solution itself needs improvement. There is an index issue in which the data starts to crash as it increases.

This leads to an impact on the solution's stability.

The index and part of the solution's stage have weak points.

In the next release, I would like to see better plugins when integrating with, say, Microsoft Teams.

The Kibana dashboard is quite user-friendly and we have had no issues involving our technical team. However, some technical knowledge is required, especially if one wishes to create dashboards and as it relates to index management.

I have been Vusing ELK Elasticsearch for plus or minus two years.

ELK Elasticsearch is definitely a stable solution. It is the spec that surprises most of the other logging solutions in the market.

The solution is quite scalable and this is one of its advantages. We are trying to add or plug on to Elasticsearch at present.

We have been open to solutions and haven't really had a need to rely on technical support. We've relied mostly on support forums.

This said, I would rate the support well, as we initially interacted with the support team and made use of Google.

The initial setup had a bit of a learning curve for us while we acclimated ourselves to the use of the solution. However, after a while, it became quite easy. 

I would not say there was much complexity even at the outset, as we have an understanding of how to troubleshoot and do the installation.

There is more than enough documentation of the solution online. It is useful and you can find what you're looking for. There are also forums that can be of assistance. 

While I cannot say for sure, as our organization is structured so that we work in silos with everyone looking after his own infrastructure, I would estimate that we have approximately 200 employees making use of the solution.

My advice to others who are considering implementing the solution is that they first make a plan to figure out how they wish to cluster the solution and the amount of data that must be ingested. Much planning would be involved. It would be wise to start with the open-source solution, which comes with many advantages, and to move on to the Enterprise version if there should be a need for dedicated support. 

I cannot posit whether management will wish to take this route, although this is definitely worth considering, as we are talking about a fully robust infinite solution across the board. 

I rate ELK Elasticsearch an eight out of ten.

We use the solution for search engines and indexing. 

The solution is valuable for log analytics. 

The solution's integration and configuration are not easy. Not many people know exactly what to do.  

I have been working with the product for five years. 

The product's deployment took a couple of days to complete. 

The product's deployment was done in-house by myself. 

I would rate the product a nine out of ten.