Elastic Search Reviews

The tool's stability and performance are good. 

Elastic Search needs to improve its technical support. It should be customer-friendly and have good support. 

I have been using the product for a year. 

The tool is stable; I rate it an eight to nine out of ten. 

The product is scalable, and I rate it a ten out of ten. My company has three users. We use it regularly. 

You need three resources to handle the deployment. 

The tool is not expensive. Its licensing costs are yearly. 

I rate Elastic Search an eight out of ten. You can use the product if you are looking for value for money. 

We are mainly using it for analytics reports for the data taken from our call center. We are using the entire stack. We are using Kibana and Elasticsearch. Kibana is the front end for dashboards, reports, etc.  

The flexibility and the support for diverse languages that it provides for searching the database are most valuable. We can use different languages to query the database. 

It is hard to learn and understand because it is a very big platform. This is the main reason why we still have nothing in production. We have to learn some things before we get there.

I have reported and had discussions about several bugs at discuss.elastic.co, but that happens with many products. It is not only with this product.

We have been using it for about one year, but it is not yet in our production environment.

It is reliable.

If you use a cloud platform or a cloud environment, it is easy to scale. 

For on-premises, we are using OpenShift. We are using a cluster on OpenShift, and we are facing some issues, but they are not related to Elastic. They are related to our infrastructure of OpenShift because OpenShift is deployed on VMware, and the storage of VMware doesn't allow us to take backup snapshots in a secure way. We are thinking of migrating this cluster of OpenShift to another platform.

Currently, we have a few users of this product because we have been using it only for one year, and we are the first ones in our company. In the future, we will have more people involved with the product.

We have only used their community support from the discuss.elastic.co site.

There is a free version, and there is also a hosted version for which you have to pay.

We're currently using the free version. If things go well, we might go for the paid version.

It is a good choice, but you have to take your time to learn it. Its learning curve can be hard. 

I would rate it an eight out of 10.

Our main use case is to centralize all the logs from the infrastructure environment and the data center.

The most valuable aspect of the solution is the visualization with Kibana. What we have not yet started, yet, we plan to do, is to use machine learning.

The initial setup is very easy for small environments.

There is very little maintenance needed.

The solution is stable.

The scalability is good.

The solution offers good value for the price.

They could simplify the Filebeat and Logstash configuration piece. There are a lot of manual steps on the operating system. It could be simplified in the user interface.

I've been using the solution for about a year at this point.

The stability is really good. We use it in a fully virtualized environment, and that's not a real recommendation from Elastic. However, even with how it's stored, even if it's not a recommendation, for this small environment we have here, it's stable enough. It's working.

We're in the very early stages of usage. We only have maybe 20 people on the solution currently. We are increasing this, however. There will be more.

The solution is easy to scale. You can add new Elasticsearch clusters. It should be noted that you have to separate the different roles from Elasticsearch to other devices, so you need a little bit more knowledge to do it right.

We've been in touch with technical support a little bit as we're still in negotiation. Right now, we are running the basic product which is free of charge. We're in negotiation with the vendor for a license, where we will get proper support. We need it.

I'm also familiar with Splunk, which is more expensive.

In our case, it was a simple installation process. It was just set up in small environments, however, if it's getting larger, it will be more complex as then you have to split all the different roles onto different machines, to get the performance you need.

Therefore, for small environments, it's very easy. If you're doing a big environment, then it's much more complex.

The only maintenance needed is for updating the systems. We're working on it to make it all more or less automatic. All we need to do is to implement the updates when they arrive.

We just handled the initial setup internally. We did not need the assistance of any integrators or consultants. 

It's a bit too expensive, however, it's not as expensive as Splunk, which is a good thing. It's okay. There are cheaper products that we know, however, this is a very rich product, and it's got a very wide functionality, and a wide range of functionalities which I don't see in the other products, especially not in the cheaper ones.

I'm just a customer and an end-user.

Our company is always using the latest updates.

I'd advise new users that you need to do a POC or get a test installation. It's free of charge. It's important to ingest a lot of data so that you get a feeling of scalability and performance. To put something in your lab, for example, is very helpful. It's only when you have data in the system, that you can see the benefits of the Elastic environment.

I would absolutely recommend the solution to others. I'd rate it at a nine out of ten. I've been pleased with its capabilities overall. 

We use the solution for search engines and indexing. 

The solution is valuable for log analytics. 

The solution's integration and configuration are not easy. Not many people know exactly what to do.  

I have been working with the product for five years. 

The product's deployment took a couple of days to complete. 

The product's deployment was done in-house by myself. 

I would rate the product a nine out of ten. 

There are a lot of good things about this solution. First, it is an extremely fast search. We have quite an extensive number of logs, and we can search through billions of documents in just a few minutes, and get the results we're looking for.

The second is easy indexing. We can index almost anything that comes from a log. Anything produced in the system can be ingested in Elastic Search.

I want the solution to improve the graph feature because it is a little bit poor. Both the graph feature and the reporting feature are a little bit lacking. The alerting also needs to be improved.

As for new features, I would like to see more on the network monitoring side. I can see that a lot has been done in server management, security, and application. However, I would love to see the same attention given to network management. If we could go and harvest the network information and bring it into Elastic Search, it would be the perfect solution for achieving a NOC and SOC environment.

I have been using this solution for five years.

We haven't had any stability issues at all. You just have to make sure that you are ingesting the right amount of data and maintaining your cluster by clearing up all of the data regularly. We input some script that tells the solution to drop any data it sees that is older than three months. It's as simple as that, and we're very happy with it. 

If you size your nodes properly, and a node drops or there is a problem, the product will still function. Last night, one of the nodes in my cluster crashed. I went in to check it and restarted the node, and the data appeared and everything was fine. I cannot say the same for a lot of other solutions.

The solution has great scalability. We started with one node, then went to three nodes, as recommended by Elastic. We then found ourselves with seven nodes, and eventually 11 nodes. Then we said, "Wait a minute, this is not going well because we keep adding data and running out of storage." That's when we decided to start dropping data after three months. 

I've seen a lot of improvement over the last five years. Five years ago, there was a little bit of tech support but it was not great. Recently, I opened some cases and the team gave me answers that included exactly what to do to resolve the problems. This shows that the support team has knowledge. It's not just someone who is sitting in the office and try to figure out the problem. When you give them a problem, they know exactly what's wrong and they'll offer the precise solution that will solve the problem. We have seen a lot of improvements in the last six months. I would rate the technical support as a four out of five because they are very knowledgeable. 

Positive

I would rate the initial setup process as a five out of five because it's the easiest product I've ever dealt with. When it needs to be upgraded, you just tell it to upgrade and the solution does it for you. 

We started with the open-source version and the price increases as you add nodes because it's node-based. The price kept increasing, so we decided to buy a license to get all the features and manage the clusters more efficiently. The price of Elastic Enterprise is very, very competitive. I think it was around $700. It was very cheap for our budget. We have other solutions from other vendors that are way more expensive.

The beauty of Elastic Search is that it's based on an open-source solution, so even if you don't want to keep your license, you can just switch it off and go back to the open-source version. You'll lose some of the features, but your data will still be there, and you'll still be able to manipulate it.

You can scale the pricing up and down, which is great flexibility for us because we are a government organization. When it comes to invoicing and payment, the government is a little slow. For example, we found that our license expired on December 31st, but the vendor still hadn't been paid, so they would not issue us a new license. We switched our license off and went back to open source mode until we were able to get our license again and switch back to Enterprise.

One time, we had a remote customer who was complaining about response time, and we couldn't figure out where the problem was located. We created a small setup, just one node of Elastic Search, and we started using it to ingest the network traffic that was going from that customer to our main site. Once we started ingesting the network traffic, we saw exactly what the problem was. We were able to solve the problem, and it only took us an hour.

What sets this solution apart from its competitors is the innovation. For example, look at the number of releases they're doing. About every three to six months, you have a new release with new features, and it's great. The good thing is that even if you don't like the innovation, you still follow an upgrade line, which means you don't lose anything from the past. You just keep getting new stuff pumped into Elastic Search. As a result, it's becoming more like an overall operational solution, when before, it was just a place where you dumped your logs.

My advice to new users of this solution is to start with a specific use case that's a simple or complicated problem that you want to address. Start with that use case, address it straight away, and keep expanding. For example, we started with a network traffic use case, then expanded into Syslog management of a network device. Next, we expanded to an event management server, and then we went into application management. Now we are in security logs, and it keeps expanding.

I would rate this solution as a seven out of ten because there is still a lot missing regarding network management. Also, machine learning is still not clear to me. A lot of the things in machine learning can be addressed straight away with other features, like a watcher or alerting. At this point, I don't see the benefit of machine learning when it comes to IT infrastructure.

We try to detect malicious files by the logs. The logs are all centralized including all our PCs, our callers, our servers, Linux, windows, Polaris names. We scan everything. Then we have pre-defined specific use cases that allow us to identify if there is an attack on the machine or indirectly by the endpoint. On top of that, we can check with users as we're not directly dealing with the configuration, so we can follow up on the alerts we receive. On top of that, we have the systems in place that allow us to detect if certain inexcusable items are on the system, such as malicious files. We can do this because we also retrieve the log files of the identifiers.

The fact that you can dump any type of format in the database without any specific reformatting is fantastic. It makes it very flexible in collecting information and that saves us a lot of time because otherwise, we would really need to define specifically what we're looking for and reformat everything. With this solution, that's not necessary. We can directly, and in a really standard raw format, dump the data into the database. Only afterwards do we need to define what specifically we're looking for, however, at that point, it's not a big deal to actually add an additional log and to collect additional information. 

The solution is very scalable. 

There's lots of processing power. You can actually just add machines to get more performance if you need to. It's pretty flexible and very easy to add another log. It's not like 'oh, no, it's going to be so much extra data'. That's not a problem for the machine. It can handle it.

The solution has quite a steep learning curve. The usability and general user-friendliness could be improved. However, that is kind of typical with products that have a lot of flexibility, or a lot of capabilities. Sometimes having more choices makes things more complex. It makes it difficult to configure it, though. It's kind of a bitter pill that you have to swallow in the beginning and you really have to get through it. 

Once you begin to understand the concepts and how to actually look for data it's a very pleasant solution, but the learning curve is very steep in the beginning, to the point that they could improve it to make it a bit less intimidating to start. There needs to be a bit more intuition behind the architecture and the data search.

This solution has been used for at least five years at the company.

It's very stable. The only thing that might happen is that sometimes when you do a search it will stress the machine a bit too much. If that happens, then it's a matter of, if you do it the wrong way, the machine gets stressed and then it slows down. However, it will not crash. It almost never crashes. You'll simply figure out that the machine is overwhelmed and take the stress off. 

The problem, occasionally, is that it may become unresponsive, but it isn't really unresponsive, it's just that the system is overloaded. That can only happen if you do your database search in the wrong way. That's why, especially when you have a lot of data and are really concentrating a lot of data on a few machines, you have to be careful of what you're doing. 

It's a very nice tool but you have to be a bit aware of how to deal with this, especially when you have a lot of data and you have limited processing capacity. If you have unlimited processing capacity you can do whatever you want with it. I personally can say that I've never seen a machine crash.

The scalability of the product is good. It's our key system that generates alerts and does surveillance on a security level. This product is extensively used in our organization.

We have people of course, from the server team that makes sure that the logs get collected. And then we have the people that actually deal with the configuration of the ELK as well. That is a team of five or six people that we use now. Then, of course, we have all the teams that follow up on the alerts, and there, I would say, we have two or three different teams, which is between 10 and 20 people. That's just part of the people that work with the solution.

I work on part of the team that deals with technical support issues. There's a good community around the solution. This is because the product is actually open-source. With a lot of typical issues, you can simply Google questions and you will find the answer. Of course, we do have a support contract with the company. I don't deal directly with that, however. We contact them directly if we really need to and we have maintenance contracts with them. Unfortunately, I can't really speak to how good or bad they are because I've never called them myself.

Before we switched over to this, we used it in combination with an end product called QRadar, but both of them together were time-consuming. 

It's easy to install the servers, that's not really the problem. The difficulty is afterward. Users need to understand how to explore the data.

The server setup is the easy part. Even, let's say, moving the log into the machine or into the database is no problem. However, then you have all this data and you will really struggle to understand the information. That is sometimes not always obvious at the outset. In order to do that in an effective way, it requires a little bit of manipulating.

To install the servers, a minimum installation takes me a day or more. It's for the most part usually pretty fast.

I myself have already had quite a lot of experience with the product. Therefore, I can set it up myself.  Most customers or most IT departments will struggle to set it up due to the difficult learning curve in the beginning. 

I would definitely recommend most users or companies, at least for the beginning, to get help troubleshooting problems. It will help them understand a little bit more about the steep learning curve. It really makes things much easier, and much more effective. 

I have used different products myself due to the nature of my work. I'm a security consultant. I have been working with different customers who use different solutions, which means that I have used other things and can evaluate and compare them for clients.

I've worked with Splunk, for example. Splunk, for instance, on the level of data mining and inquiring, might be easier. It's a bit more intuitive. The downside of it is as soon as you start collecting a lot of data, it becomes extremely expensive to use Splunk. It's a very good product. However, typically, with the need to collect as many logs and as much data as possible, Splunk becomes expensive, and you can't put it in a budget easily. It's simply out of budget for many as soon as they start clicking. Also, the purpose of a security system is not the same.

With Splunk, some will not add additional logs because they don't often have the budget, especially when it immediately means that you're going to need to increase your costs enormously. That's not the purpose of a security system. For the system to be effective you must be able to have good surveillance and that means that you should not hesitate in adding your logs. Still, when the costs double, people hesitate and if they don't have the budget and cut the logs, things can get through. Fortunately, with ELK, you don't have that issue. With ELK you don't pay for gigabytes, or terabytes or the data that you use. That's the main advantage compared to Splunk. But Splunk, it has a less steep learning curve.

I'm just using it as a customer

We tend to use the latest versions of the solution. We try to upgrade it on a regular basis.

I'd advise other companies considering implementing the solution to get a team in that knows the product and try to take advantage of their knowledge. It will help reduce the pain of the learning curve.

I'd rate the solution eight out of ten.

I would not give it a ten because of the steep learning curve. I know what the product is, but many do not, and for them it will be quite difficult to get started without becoming very frustrated in the process. 

Elastic Search is added advantage for us because we normally use it for our uptime monitoring and our log analysis. When we merge it with Splunk, it helps us correlate and do security monitoring. 

Elastic Enterprise Search comes embedded within a solution that we have developed for our clients. It's a payment solution. We've recently shipped it with Elastic Enterprise Search embedded. All the logs and all the internal communications get captured by Elastic Enterprise Search. It makes it easy for the IT teams who are doing uptime monitoring and troubleshooting to have a look at it. We have the security teams develop their own monitoring metrics and logs, if they wish, based on their deployment. 

The beauty of Elastic Enterprise Search is if they also have their own third-party tools, there's the ability to integrate and read off Elastic Enterprise Search and have any third-party tool process the logs as well. It is highly extensible.

The most valuable features of Elastic Enterprise Search are it's cloud-ready and we do a lot of infrastructure as code. By using ELK, we're able to deploy the solution as part of our ISC deployment. 

The extensibility and configurability of the solution are great. Having the ability to mine for anything is useful. It's extensible and useful in terms of digesting any type of information. Since we do a lot of consulting, it means we are able to apply it to diverse environments without having to suffer the overhead of integration.

There is another solution I'm testing which has a 500 record limit when you do a search on Elastic Enterprise Search. That's the only area in which I'm not sure whether it's a limitation on our end in terms of knowledge or a technical limitation from Elastic Enterprise Search. There is another solution we are looking at that rides on Elastic Enterprise Search. And the limit is for any sort of records that you're doing or data analysis you're trying to do, you can only extract 500 records at a time. I know the open-source nature has a lot of limitations, Otherwise, Elastic Enterprise Search is a fantastic solution and I'd recommend it to anyone.

I have been using Elastic Enterprise Search for approximately four years.

I have no complaints in terms of stability. However, you have to make sure you give Elastic Enterprise Search the minimum resources it requires. We have not seen any major issues that we would send back to the vendor or the solution maker. If there was an issue it most likely would be from the environment, depending on how it was deployed and how it was configured.

Elastic Enterprise Search is scalable. In our environment, we deploy it in a containerized environment. For us, we've experienced the scalability of the solution because as we grow and expand, we spin up more containers that are interconnected. I don't see any issues with Elastic Enterprise Search from a scalability perspective. 

There's a lot of material available online. We tend to look online before we reach out for technical support. We have not needed to contact the support and this is a testament to how much information is available online. 

The solution is not expensive because users have the option of choosing the managed or the subscription model. 

Elastic Enterprise Search is a very good solution and they should keep doing good work.

I'm a very satisfied customer because almost everything I need comes out of the book. You already have machine learning, alerts, the ability to search, APIs, inbuilt security, and integration to third-party authentication.

I rate Elastic Enterprise Search a ten out of ten.

While the solution is slated for making logging positions more centralized, at present we are gearing through it. A fully-fledged deployment of alignments is not yet in place.

We have adjusted the logs into the spec for a couple of our applications.

We consider all of the features to be valuable. With respect to 12B Kibana, all of the components fit in very well. Logsearch gives us certain log filtering capabilities and we can vet what we push into our database. This allows us only to log and ship limited items. Essentially, Logsearch plays a big role although not the most important one. 

The solution itself needs improvement. There is an index issue in which the data starts to crash as it increases.

This leads to an impact on the solution's stability.

The index and part of the solution's stage have weak points.

In the next release, I would like to see better plugins when integrating with, say, Microsoft Teams.

The Kibana dashboard is quite user-friendly and we have had no issues involving our technical team. However, some technical knowledge is required, especially if one wishes to create dashboards and as it relates to index management.

I have been Vusing ELK Elasticsearch for plus or minus two years.

ELK Elasticsearch is definitely a stable solution. It is the spec that surprises most of the other logging solutions in the market.

The solution is quite scalable and this is one of its advantages. We are trying to add or plug on to Elasticsearch at present.

We have been open to solutions and haven't really had a need to rely on technical support. We've relied mostly on support forums.

This said, I would rate the support well, as we initially interacted with the support team and made use of Google.

The initial setup had a bit of a learning curve for us while we acclimated ourselves to the use of the solution. However, after a while, it became quite easy. 

I would not say there was much complexity even at the outset, as we have an understanding of how to troubleshoot and do the installation.

There is more than enough documentation of the solution online. It is useful and you can find what you're looking for. There are also forums that can be of assistance. 

While I cannot say for sure, as our organization is structured so that we work in silos with everyone looking after his own infrastructure, I would estimate that we have approximately 200 employees making use of the solution.

My advice to others who are considering implementing the solution is that they first make a plan to figure out how they wish to cluster the solution and the amount of data that must be ingested. Much planning would be involved. It would be wise to start with the open-source solution, which comes with many advantages, and to move on to the Enterprise version if there should be a need for dedicated support. 

I cannot posit whether management will wish to take this route, although this is definitely worth considering, as we are talking about a fully robust infinite solution across the board. 

I rate ELK Elasticsearch an eight out of ten.