Elastic Search Reviews

Our company uses the solution for centralized logging and monitoring. We have slowly moved our Stackdriver to the solution as a cost-cutting measure. 

We have more than 100 technicians using the solution. 

The observability is the best available because it provides granular insights that identify reasons for defects. The observability is more powerful than Grafana because it is so granular.

The UI point of view is not very powerful because it is dependent on Kibana. This can be a struggle because it is not clear where observability features such as logging originate. The UI visualization could be more interesting.

For example, a centralized login for a strike driver only provides two choices for viewing. You can either view the log for an individual system or view the log at the centralized level. A more granular approach with locations, pods, and servers is preferred. 

For comparison, Stackdriver is awesome because it includes all information with respect to the UI point of view. 

I have been using the solution for a few months. 

We are still exploring the solution but find it to be very stable at the enterprise level. It is not a new product, its stability is trusted, and it is well suited for enterprise applications. Extra features are released with no stability issues. 

The solution is definitely scalable and that is one of the reasons we moved from Grafana. We use Spring Boot but the Spring Actuator's micrometer does not scale properly and is very slow. The solution can scale and manage all our monitoring needs in one place. 

Our team is able to solve issues so we do not need technical support. 

I previously used Stackdriver. 

The initial setup is difficult because the solution is an independent product that requires integration with the running system. A one-time configuration is needed for both cloud and on-premises systems. This is common for independent products so is not a big deal for our company. 

For comparison, Stackdriver is already built in the GCP so there is minimal configuration when deploying services in the GCP environment. 

We implemented the solution in-house. 

The solution is less expensive than Stackdriver and Grafana. 

Our company has a relationship with Google so we explored Stackdriver. Its monitoring and logging capabilities are interesting but observability is not that good and it is a bit costly. 

We slowly moved our logging dependencies from Stackdriver. Sometimes we used Splunk but we also used the solution and Grafana because our product is a bit dependent on Spring Boot. 

We found that the solution is more powerful than Grafana with respect to observability and it is more cost effective. 

When using the solution, it is important to understanding indexing concepts and the proper way to search logs from a visualization point of view. These two items work together internally to produce logs that can be filtered to specifications. 

I rate the solution an eight out of ten. 

Elastic Enterprise Search is the repository for time series and data from the onsite instrument that monitors variables in our mining infrastructure called tailing dams. We monitor the tailing dams' physical stability and take the information from the sales force and manual data introduced by the operators. The system captures the information in the Elastic Enterprise Searchtime series, and we make calculations and trigger events and alerts based on those calculations. We save them as well as the events and alert times.

Elastic Enterprise Search is a nonstructured database that can manage large amounts of nonstructured data. We also use a structured SQL database. I am unsure why our technical people selected Elastic Enterprise Search. The people that started the project selected open-source software and recommended the ETC component required in the system architecture. The Elastic Enterprise Search has been defined from the beginning of the project and fulfills the project's requirements. However, there is a lack of technical people to develop, implement and optimize equipment operation and web queries. This may be a problem with the provider, and they currently lack the resource to optimize the performance of the database.

Finding skilled people to work with Elastic Enterprise Search in the project team has been difficult. This may be because the development team has not considered it. It is important to improve the database performance because there is a large amount of data and the optimization of the queries and the system's performance are very important.

We also use three other databases, MinIO, PostgreSQL and PostgreSQL. We have a very skilled person on our team that knows how to use all these products. However, he's not responsible for optimization because it's the responsibility of the Indian provider that has to develop the application.

It is fairly stable.

It is a scalable solution. 70 people are working with this solution in the project, 35 on the development team and 20 backend people. We are working on the development, but it's part of the service that the Indian company has to provide. There are about 50 people on their development team who deal with all the development, infrastructure implementation, architecture definition and implementation of the software stack. We are the counterpart of that company.

Since it is open-source, we don't pay licensing fees. In the development and QA environment, we don't pay anything. We, however, have to pay for all the software, subscription, pre-protection and protection.

I rate this solution a seven out of ten. Because it is open-source, there is no technical support provided by the vendor, so we are moving to enterprise subscriptions for each of these products. We are allowed free licenses and implement enterprise or commercial licenses and the production of protections.

An original criterion selects the software stack because they have to be good tools, but they all have to be open-source. Nobody considers it because the original team that started the project worked in an investigation organization and was closer to open-source software.

They are not clear regarding the support of their solution when they go into production. That's why we are updating the licenses to interpret license subscriptions and assume their support for each software component.

We are using Elastic Enterprise Search for monitoring and alerting. It will look for any kind of possible error that is on the infrastructure side and give notifications.

The most valuable feature of Elastic Enterprise Search is the opportunity to search behind and between different logs.

Elastic Enterprise Search can improve by adding some kind of search that can be used out of the box without too much struggle with configuration. With every kind of search engine, there is some kind of special function that you need to do. A simple out-of-the-box search would be useful.

In the next release, they could improve on the scheduling and alert features.

I have been using Elastic Enterprise Search for a couple of years.

Elastic Enterprise Search is stable.

Everything is managed by Amazon AWS, making Elastic Enterprise Search highly scalable.

We have approximately eight engineers using this solution in my company.

I have not contacted support.

The initial setup of Elastic Enterprise Search was straightforward.

We did the implementation of Elastic Enterprise Search in-house with one person and it was up and running within a couple of days. There is detailed documentation that helped us.

There is fine-tuning needed, but that's never-ending because every time you add a new server, features, or tools inside you have to tune it a little bit better for the alerts.

Elastic Enterprise Search is an open-source solution.

I rate Elastic Enterprise Search a ten out of ten.

I am using Elastic Enterprise Search for the visualization of logs.

The most valuable feature of Elastic Enterprise Search is the Discovery option for the visualization of logs on a GPU instead of on the server.

Elastic Enterprise Search could improve its SSL integration easier. We should not need to go to the back-end servers to do configuration, we should be able to do it on the GUI. 

I have been using Elastic Enterprise Search for two years.

Elastic Enterprise Search has been a stable solution for me for the whole time I have been using it.

I am using Elastic Enterprise Search on-premise and it cannot scale. However, they do have a cloud option.

We have approximately 100 people using this solution in my organization. We use it on a daily basis.

I have not used other similar solutions to Elastic Enterprise Search.

The setup of Elastic Enterprise Search is not normally easy but I was running it on top of Docker which made it easy.

I rate the initial setup of Elastic Enterprise Search a three out of five.

I have configured the solution myself and it has provided me with what I want. I do maintenance of the solution once every other week.

The version of Elastic Enterprise Search I am using is open source which is free. The pricing model should improve for the enterprise version because it is very expensive.

We chose Elastic Enterprise Search over other solutions because the interface was easy to use.

I rate Elastic Enterprise Search a nine out of ten.

I am an end user, and we use Elasticsearch for our logs. Specifically, we use it for security logs for our enterprise, including machines, networks, and endpoints, as part of our IT infrastructure.

We have been able to collect our live logs, which helps us run security operations more effectively. It has enabled us to identify false positives and detect real-time malicious activities in the network.

The security portion of Elasticsearch is particularly beneficial, allowing me to view and analyze security alerts. It serves as a query engine for the database, enabling us to analyze logs for potential threats.

An improvement would be to have an interface that allows easier navigation and tracing of logs. The current system requires manually inputting dates to verify alerts. A visual timeline that pinpoints possible anomalies would be beneficial.

I have been using Elasticsearch for approximately one year.

I would rate the stability of the solution as nine out of ten. It is very robust.

I would rate the scalability as either nine out of ten. It's a very robust solution.

I do not interface directly with technical support from Elastic. Another colleague manages that aspect.

Positive

We did not use any different solution before Elasticsearch.

I was not involved in the setup process. Our architects and technical officer managed it.

I am not directly involved with pricing or setup costs. While I know a portion is open-source, a paid version might be necessary.

It was not my duty to evaluate other options. The architects and chief technical officer handled those decisions.

For someone wanting to be a security analyst, Elasticsearch is a valuable tool. It helps organizations collect large amounts of logs from various platforms like Windows, Ubuntu, and Palo Alto Networks.

I'd rate the solution eight out of ten.

The solution is a dashboarding tool that's useful for DevOps engineers for monitoring. The solution is like a log database. You can ingest into it anything you want and then find the value of the things you ingest. The solution can also be used to make reports.

The most valuable feature of the solution is its utility and usefulness. I use the solution to see the logs better or the error explained. The solution allows us to be more on top of the alerts for the logs. The solution makes passing of the logs easier and faster.

I would like to see more integration for the solution with different platforms. Sometimes, it's hard to understand what you need to send to Elastic Search.

I have been using the solution for two to three years.

Elastic Search is a stable solution.

More than 50 users are using the solution in our organization.

We use the solution's live data analysis for operations purposes. The solution also has a monitoring aspect. ElasticSearch is like a middleman between the PRTG and ITSM tools. It is easier to pass the information about the metrics or the full logs of the cloud platform you are ingesting in the solution instead of giving the output to PRTG.

The solution is deployed on the cloud in our organization. Elastic Search is something that comes after the projects are done. After implementing the project, we use the solution to have that project monitored. I would recommend the solution to other users.

Overall, I rate the solution an eight out of ten.

We have data in different databases. One is a relational database, and another is NoSQL. They are different services. They host document-like data. We used Elastic to convert the data structurally. We used Elastic as a multi-service search engine. It is a good solution. It is too powerful.

I would advise anyone to use the product. It is good. Data indexing of historical data is the most beneficial feature of the product.

The solution must provide AI integrations. I could direct my data flow to my AI tools if I use Elastic for IoT data.

I have been using the solution since 2007.

I rate the stability an eight out of ten.

The solution provides powerful scalability. I rate the scalability a ten out of ten. Our clients are medium-sized businesses.

I do not need technical support because the product works well.

The initial setup was very easy. I rate the ease of setup an eight out of ten. The setup can be done within minutes.

I use the community version. The premium license is expensive. I rate the tool’s pricing an eight out of ten.

With the power of Kibana, we can easily and dynamically analyze and summarize our log data. The internet has information about all the technical solutions. I bought some courses from Udemy for Elastic Search. I also got some documents from Elastic Search. The documentation for Java is very good. It was sufficient to learn as a developer.

I could integrate my products to Elastic Search easily. I use the default index for my solution, and it works very well. Elastic’s indexing policies are very good. I do not need any indexed operations for my solution. Overall, I rate the tool a nine out of ten.

There are a lot of good things about this solution. First, it is an extremely fast search. We have quite an extensive number of logs, and we can search through billions of documents in just a few minutes, and get the results we're looking for.

The second is easy indexing. We can index almost anything that comes from a log. Anything produced in the system can be ingested in Elastic Search.

I want the solution to improve the graph feature because it is a little bit poor. Both the graph feature and the reporting feature are a little bit lacking. The alerting also needs to be improved.

As for new features, I would like to see more on the network monitoring side. I can see that a lot has been done in server management, security, and application. However, I would love to see the same attention given to network management. If we could go and harvest the network information and bring it into Elastic Search, it would be the perfect solution for achieving a NOC and SOC environment.

I have been using this solution for five years.

We haven't had any stability issues at all. You just have to make sure that you are ingesting the right amount of data and maintaining your cluster by clearing up all of the data regularly. We input some script that tells the solution to drop any data it sees that is older than three months. It's as simple as that, and we're very happy with it. 

If you size your nodes properly, and a node drops or there is a problem, the product will still function. Last night, one of the nodes in my cluster crashed. I went in to check it and restarted the node, and the data appeared and everything was fine. I cannot say the same for a lot of other solutions.

The solution has great scalability. We started with one node, then went to three nodes, as recommended by Elastic. We then found ourselves with seven nodes, and eventually 11 nodes. Then we said, "Wait a minute, this is not going well because we keep adding data and running out of storage." That's when we decided to start dropping data after three months. 

I've seen a lot of improvement over the last five years. Five years ago, there was a little bit of tech support but it was not great. Recently, I opened some cases and the team gave me answers that included exactly what to do to resolve the problems. This shows that the support team has knowledge. It's not just someone who is sitting in the office and try to figure out the problem. When you give them a problem, they know exactly what's wrong and they'll offer the precise solution that will solve the problem. We have seen a lot of improvements in the last six months. I would rate the technical support as a four out of five because they are very knowledgeable. 

Positive

I would rate the initial setup process as a five out of five because it's the easiest product I've ever dealt with. When it needs to be upgraded, you just tell it to upgrade and the solution does it for you. 

We started with the open-source version and the price increases as you add nodes because it's node-based. The price kept increasing, so we decided to buy a license to get all the features and manage the clusters more efficiently. The price of Elastic Enterprise is very, very competitive. I think it was around $700. It was very cheap for our budget. We have other solutions from other vendors that are way more expensive.

The beauty of Elastic Search is that it's based on an open-source solution, so even if you don't want to keep your license, you can just switch it off and go back to the open-source version. You'll lose some of the features, but your data will still be there, and you'll still be able to manipulate it.

You can scale the pricing up and down, which is great flexibility for us because we are a government organization. When it comes to invoicing and payment, the government is a little slow. For example, we found that our license expired on December 31st, but the vendor still hadn't been paid, so they would not issue us a new license. We switched our license off and went back to open source mode until we were able to get our license again and switch back to Enterprise.

One time, we had a remote customer who was complaining about response time, and we couldn't figure out where the problem was located. We created a small setup, just one node of Elastic Search, and we started using it to ingest the network traffic that was going from that customer to our main site. Once we started ingesting the network traffic, we saw exactly what the problem was. We were able to solve the problem, and it only took us an hour.

What sets this solution apart from its competitors is the innovation. For example, look at the number of releases they're doing. About every three to six months, you have a new release with new features, and it's great. The good thing is that even if you don't like the innovation, you still follow an upgrade line, which means you don't lose anything from the past. You just keep getting new stuff pumped into Elastic Search. As a result, it's becoming more like an overall operational solution, when before, it was just a place where you dumped your logs.

My advice to new users of this solution is to start with a specific use case that's a simple or complicated problem that you want to address. Start with that use case, address it straight away, and keep expanding. For example, we started with a network traffic use case, then expanded into Syslog management of a network device. Next, we expanded to an event management server, and then we went into application management. Now we are in security logs, and it keeps expanding.

I would rate this solution as a seven out of ten because there is still a lot missing regarding network management. Also, machine learning is still not clear to me. A lot of the things in machine learning can be addressed straight away with other features, like a watcher or alerting. At this point, I don't see the benefit of machine learning when it comes to IT infrastructure.