Elastic Search Reviews

The tool's stability and performance are good. 

Elastic Search needs to improve its technical support. It should be customer-friendly and have good support. 

I have been using the product for a year. 

The tool is stable; I rate it an eight to nine out of ten. 

The product is scalable, and I rate it a ten out of ten. My company has three users. We use it regularly. 

You need three resources to handle the deployment. 

The tool is not expensive. Its licensing costs are yearly. 

I rate Elastic Search an eight out of ten. You can use the product if you are looking for value for money. 

We have data in different databases. One is a relational database, and another is NoSQL. They are different services. They host document-like data. We used Elastic to convert the data structurally. We used Elastic as a multi-service search engine. It is a good solution. It is too powerful.

I would advise anyone to use the product. It is good. Data indexing of historical data is the most beneficial feature of the product.

The solution must provide AI integrations. I could direct my data flow to my AI tools if I use Elastic for IoT data.

I have been using the solution since 2007.

I rate the stability an eight out of ten.

The solution provides powerful scalability. I rate the scalability a ten out of ten. Our clients are medium-sized businesses.

I do not need technical support because the product works well.

The initial setup was very easy. I rate the ease of setup an eight out of ten. The setup can be done within minutes.

I use the community version. The premium license is expensive. I rate the tool’s pricing an eight out of ten.

With the power of Kibana, we can easily and dynamically analyze and summarize our log data. The internet has information about all the technical solutions. I bought some courses from Udemy for Elastic Search. I also got some documents from Elastic Search. The documentation for Java is very good. It was sufficient to learn as a developer.

I could integrate my products to Elastic Search easily. I use the default index for my solution, and it works very well. Elastic’s indexing policies are very good. I do not need any indexed operations for my solution. Overall, I rate the tool a nine out of ten.

Our main use case is to centralize all the logs from the infrastructure environment and the data center.

The most valuable aspect of the solution is the visualization with Kibana. What we have not yet started, yet, we plan to do, is to use machine learning.

The initial setup is very easy for small environments.

There is very little maintenance needed.

The solution is stable.

The scalability is good.

The solution offers good value for the price.

They could simplify the Filebeat and Logstash configuration piece. There are a lot of manual steps on the operating system. It could be simplified in the user interface.

I've been using the solution for about a year at this point.

The stability is really good. We use it in a fully virtualized environment, and that's not a real recommendation from Elastic. However, even with how it's stored, even if it's not a recommendation, for this small environment we have here, it's stable enough. It's working.

We're in the very early stages of usage. We only have maybe 20 people on the solution currently. We are increasing this, however. There will be more.

The solution is easy to scale. You can add new Elasticsearch clusters. It should be noted that you have to separate the different roles from Elasticsearch to other devices, so you need a little bit more knowledge to do it right.

We've been in touch with technical support a little bit as we're still in negotiation. Right now, we are running the basic product which is free of charge. We're in negotiation with the vendor for a license, where we will get proper support. We need it.

I'm also familiar with Splunk, which is more expensive.

In our case, it was a simple installation process. It was just set up in small environments, however, if it's getting larger, it will be more complex as then you have to split all the different roles onto different machines, to get the performance you need.

Therefore, for small environments, it's very easy. If you're doing a big environment, then it's much more complex.

The only maintenance needed is for updating the systems. We're working on it to make it all more or less automatic. All we need to do is to implement the updates when they arrive.

We just handled the initial setup internally. We did not need the assistance of any integrators or consultants. 

It's a bit too expensive, however, it's not as expensive as Splunk, which is a good thing. It's okay. There are cheaper products that we know, however, this is a very rich product, and it's got a very wide functionality, and a wide range of functionalities which I don't see in the other products, especially not in the cheaper ones.

I'm just a customer and an end-user.

Our company is always using the latest updates.

I'd advise new users that you need to do a POC or get a test installation. It's free of charge. It's important to ingest a lot of data so that you get a feeling of scalability and performance. To put something in your lab, for example, is very helpful. It's only when you have data in the system, that you can see the benefits of the Elastic environment.

I would absolutely recommend the solution to others. I'd rate it at a nine out of ten. I've been pleased with its capabilities overall. 

We try to detect malicious files by the logs. The logs are all centralized including all our PCs, our callers, our servers, Linux, windows, Polaris names. We scan everything. Then we have pre-defined specific use cases that allow us to identify if there is an attack on the machine or indirectly by the endpoint. On top of that, we can check with users as we're not directly dealing with the configuration, so we can follow up on the alerts we receive. On top of that, we have the systems in place that allow us to detect if certain inexcusable items are on the system, such as malicious files. We can do this because we also retrieve the log files of the identifiers.

The fact that you can dump any type of format in the database without any specific reformatting is fantastic. It makes it very flexible in collecting information and that saves us a lot of time because otherwise, we would really need to define specifically what we're looking for and reformat everything. With this solution, that's not necessary. We can directly, and in a really standard raw format, dump the data into the database. Only afterwards do we need to define what specifically we're looking for, however, at that point, it's not a big deal to actually add an additional log and to collect additional information. 

The solution is very scalable. 

There's lots of processing power. You can actually just add machines to get more performance if you need to. It's pretty flexible and very easy to add another log. It's not like 'oh, no, it's going to be so much extra data'. That's not a problem for the machine. It can handle it.

The solution has quite a steep learning curve. The usability and general user-friendliness could be improved. However, that is kind of typical with products that have a lot of flexibility, or a lot of capabilities. Sometimes having more choices makes things more complex. It makes it difficult to configure it, though. It's kind of a bitter pill that you have to swallow in the beginning and you really have to get through it. 

Once you begin to understand the concepts and how to actually look for data it's a very pleasant solution, but the learning curve is very steep in the beginning, to the point that they could improve it to make it a bit less intimidating to start. There needs to be a bit more intuition behind the architecture and the data search.

This solution has been used for at least five years at the company.

It's very stable. The only thing that might happen is that sometimes when you do a search it will stress the machine a bit too much. If that happens, then it's a matter of, if you do it the wrong way, the machine gets stressed and then it slows down. However, it will not crash. It almost never crashes. You'll simply figure out that the machine is overwhelmed and take the stress off. 

The problem, occasionally, is that it may become unresponsive, but it isn't really unresponsive, it's just that the system is overloaded. That can only happen if you do your database search in the wrong way. That's why, especially when you have a lot of data and are really concentrating a lot of data on a few machines, you have to be careful of what you're doing. 

It's a very nice tool but you have to be a bit aware of how to deal with this, especially when you have a lot of data and you have limited processing capacity. If you have unlimited processing capacity you can do whatever you want with it. I personally can say that I've never seen a machine crash.

The scalability of the product is good. It's our key system that generates alerts and does surveillance on a security level. This product is extensively used in our organization.

We have people of course, from the server team that makes sure that the logs get collected. And then we have the people that actually deal with the configuration of the ELK as well. That is a team of five or six people that we use now. Then, of course, we have all the teams that follow up on the alerts, and there, I would say, we have two or three different teams, which is between 10 and 20 people. That's just part of the people that work with the solution.

I work on part of the team that deals with technical support issues. There's a good community around the solution. This is because the product is actually open-source. With a lot of typical issues, you can simply Google questions and you will find the answer. Of course, we do have a support contract with the company. I don't deal directly with that, however. We contact them directly if we really need to and we have maintenance contracts with them. Unfortunately, I can't really speak to how good or bad they are because I've never called them myself.

Before we switched over to this, we used it in combination with an end product called QRadar, but both of them together were time-consuming. 

It's easy to install the servers, that's not really the problem. The difficulty is afterward. Users need to understand how to explore the data.

The server setup is the easy part. Even, let's say, moving the log into the machine or into the database is no problem. However, then you have all this data and you will really struggle to understand the information. That is sometimes not always obvious at the outset. In order to do that in an effective way, it requires a little bit of manipulating.

To install the servers, a minimum installation takes me a day or more. It's for the most part usually pretty fast.

I myself have already had quite a lot of experience with the product. Therefore, I can set it up myself.  Most customers or most IT departments will struggle to set it up due to the difficult learning curve in the beginning. 

I would definitely recommend most users or companies, at least for the beginning, to get help troubleshooting problems. It will help them understand a little bit more about the steep learning curve. It really makes things much easier, and much more effective. 

I have used different products myself due to the nature of my work. I'm a security consultant. I have been working with different customers who use different solutions, which means that I have used other things and can evaluate and compare them for clients.

I've worked with Splunk, for example. Splunk, for instance, on the level of data mining and inquiring, might be easier. It's a bit more intuitive. The downside of it is as soon as you start collecting a lot of data, it becomes extremely expensive to use Splunk. It's a very good product. However, typically, with the need to collect as many logs and as much data as possible, Splunk becomes expensive, and you can't put it in a budget easily. It's simply out of budget for many as soon as they start clicking. Also, the purpose of a security system is not the same.

With Splunk, some will not add additional logs because they don't often have the budget, especially when it immediately means that you're going to need to increase your costs enormously. That's not the purpose of a security system. For the system to be effective you must be able to have good surveillance and that means that you should not hesitate in adding your logs. Still, when the costs double, people hesitate and if they don't have the budget and cut the logs, things can get through. Fortunately, with ELK, you don't have that issue. With ELK you don't pay for gigabytes, or terabytes or the data that you use. That's the main advantage compared to Splunk. But Splunk, it has a less steep learning curve.

I'm just using it as a customer

We tend to use the latest versions of the solution. We try to upgrade it on a regular basis.

I'd advise other companies considering implementing the solution to get a team in that knows the product and try to take advantage of their knowledge. It will help reduce the pain of the learning curve.

I'd rate the solution eight out of ten.

I would not give it a ten because of the steep learning curve. I know what the product is, but many do not, and for them it will be quite difficult to get started without becoming very frustrated in the process. 

While the solution is slated for making logging positions more centralized, at present we are gearing through it. A fully-fledged deployment of alignments is not yet in place.

We have adjusted the logs into the spec for a couple of our applications.

We consider all of the features to be valuable. With respect to 12B Kibana, all of the components fit in very well. Logsearch gives us certain log filtering capabilities and we can vet what we push into our database. This allows us only to log and ship limited items. Essentially, Logsearch plays a big role although not the most important one. 

The solution itself needs improvement. There is an index issue in which the data starts to crash as it increases.

This leads to an impact on the solution's stability.

The index and part of the solution's stage have weak points.

In the next release, I would like to see better plugins when integrating with, say, Microsoft Teams.

The Kibana dashboard is quite user-friendly and we have had no issues involving our technical team. However, some technical knowledge is required, especially if one wishes to create dashboards and as it relates to index management.

I have been Vusing ELK Elasticsearch for plus or minus two years.

ELK Elasticsearch is definitely a stable solution. It is the spec that surprises most of the other logging solutions in the market.

The solution is quite scalable and this is one of its advantages. We are trying to add or plug on to Elasticsearch at present.

We have been open to solutions and haven't really had a need to rely on technical support. We've relied mostly on support forums.

This said, I would rate the support well, as we initially interacted with the support team and made use of Google.

The initial setup had a bit of a learning curve for us while we acclimated ourselves to the use of the solution. However, after a while, it became quite easy. 

I would not say there was much complexity even at the outset, as we have an understanding of how to troubleshoot and do the installation.

There is more than enough documentation of the solution online. It is useful and you can find what you're looking for. There are also forums that can be of assistance. 

While I cannot say for sure, as our organization is structured so that we work in silos with everyone looking after his own infrastructure, I would estimate that we have approximately 200 employees making use of the solution.

My advice to others who are considering implementing the solution is that they first make a plan to figure out how they wish to cluster the solution and the amount of data that must be ingested. Much planning would be involved. It would be wise to start with the open-source solution, which comes with many advantages, and to move on to the Enterprise version if there should be a need for dedicated support. 

I cannot posit whether management will wish to take this route, although this is definitely worth considering, as we are talking about a fully robust infinite solution across the board. 

I rate ELK Elasticsearch an eight out of ten.

The solution is a dashboarding tool that's useful for DevOps engineers for monitoring. The solution is like a log database. You can ingest into it anything you want and then find the value of the things you ingest. The solution can also be used to make reports.

The most valuable feature of the solution is its utility and usefulness. I use the solution to see the logs better or the error explained. The solution allows us to be more on top of the alerts for the logs. The solution makes passing of the logs easier and faster.

I would like to see more integration for the solution with different platforms. Sometimes, it's hard to understand what you need to send to Elastic Search.

I have been using the solution for two to three years.

Elastic Search is a stable solution.

More than 50 users are using the solution in our organization.

We use the solution's live data analysis for operations purposes. The solution also has a monitoring aspect. ElasticSearch is like a middleman between the PRTG and ITSM tools. It is easier to pass the information about the metrics or the full logs of the cloud platform you are ingesting in the solution instead of giving the output to PRTG.

The solution is deployed on the cloud in our organization. Elastic Search is something that comes after the projects are done. After implementing the project, we use the solution to have that project monitored. I would recommend the solution to other users.

Overall, I rate the solution an eight out of ten.

We use the solution for search engines and indexing. 

The solution is valuable for log analytics. 

The solution's integration and configuration are not easy. Not many people know exactly what to do.  

I have been working with the product for five years. 

The product's deployment took a couple of days to complete. 

The product's deployment was done in-house by myself. 

I would rate the product a nine out of ten. 

We use ELK primarily for enterprise monitoring and analytics through log ingestion. The data collected in Elasticsearch will be used for near real-time monitoring, analytics, and machine learning.

All new applications have been onboarded and used by the application teams. The initial feedback has been positive, and its capabilities seem to be a descent fit for our needs.

ELK being an open source certainly provided a platform for our organization to get involved. 

X-Pack provides good features, like authorization and alerts. An X-Pack license is more affordable than Splunk.

Logstash has been a challenge and needs improvements in data ingestion reconciliation. The Kibana Cross Cluster feature is long awaited and I hope 6.0 will address it without issues.

ELK has been considered as an alternative to Splunk to reduce licensing costs.