Elastic Search Reviews

All my use cases have been based more on observability for IT operations. We deal with it in terms of metrics, logs, transactions, traces, and so on. 

In terms of enterprise, most of the use cases are based on search capacity within the company to find documents and relevant information. That is the main use case.

The most relevant feature for me is the platform capacity. I consider the capacity high-performance with a distributed model that can support it, and recently we are growing. 

Search is really powerful. All the search engines and the rules that complement them allow the users to create different kinds of administration for the platform. YOu can create synonyms or rules to better understand or to better detect partial search criteria. It's like an AI that boosts searchability.  

The platform has a powerful tool to correlate and create rules that understand what people will be searching for. 

All the community support that we have available from different users in the open source community is great. Everyone shares and publishes all of these different use cases. That makes the platform and the platform understanding really powerful for anyone who wants to implement a different case.

It is easy to set up.

The solution scales well. 

They have great integrations on offer. 

Maybe Elastic Search could improve the analytics part of the search so it can be more powerful to the user. It could help provide more understanding of what people are searching for. 

We'd like more user-friendly integrations. It should be easier for non-technical people to understand how to handle them. 

I've used the solution for the last four years or so. 

It's stable. We have on-premise and on-cloud deployments. It's stable on both. I prefer the cloud as I avoid the time it takes to manage the platform. However, both cases are stable.

It is a product that can scale well. It's not a problem. 

We have maybe 200 people on the product right now. 

I have experience working with technical support. They are good at responding to incidents. I have not had too many incidents, however, sometimes for probably technical questions in terms of platform performance, search, cluster distribution, and so on, I might reach out. 

My point of view is that the technical support is awesome. They are very responsive and they have a really high understanding. The team has a lot of people with a lot of technical skills and technical knowledge.

The initial setup is very straightforward. It's not difficult as well. 

As I use the cloud, all of the costs for me are based on customer needs. There is a fascinating calculator published in Elastic. That there is not a specific starting cost. It can move from $10,000 US Dollars per year to any price based on how powerful you need the searches to be and the capacity in terms of storage and process. That said, you can start with a small budget, implement the use cases, and start growing slowly.

I'd rate the solution nine out of ten. 

I'm a customer and end-user. 

Elastic Search is added advantage for us because we normally use it for our uptime monitoring and our log analysis. When we merge it with Splunk, it helps us correlate and do security monitoring. 

Elastic Enterprise Search comes embedded within a solution that we have developed for our clients. It's a payment solution. We've recently shipped it with Elastic Enterprise Search embedded. All the logs and all the internal communications get captured by Elastic Enterprise Search. It makes it easy for the IT teams who are doing uptime monitoring and troubleshooting to have a look at it. We have the security teams develop their own monitoring metrics and logs, if they wish, based on their deployment. 

The beauty of Elastic Enterprise Search is if they also have their own third-party tools, there's the ability to integrate and read off Elastic Enterprise Search and have any third-party tool process the logs as well. It is highly extensible.

The most valuable features of Elastic Enterprise Search are it's cloud-ready and we do a lot of infrastructure as code. By using ELK, we're able to deploy the solution as part of our ISC deployment. 

The extensibility and configurability of the solution are great. Having the ability to mine for anything is useful. It's extensible and useful in terms of digesting any type of information. Since we do a lot of consulting, it means we are able to apply it to diverse environments without having to suffer the overhead of integration.

There is another solution I'm testing which has a 500 record limit when you do a search on Elastic Enterprise Search. That's the only area in which I'm not sure whether it's a limitation on our end in terms of knowledge or a technical limitation from Elastic Enterprise Search. There is another solution we are looking at that rides on Elastic Enterprise Search. And the limit is for any sort of records that you're doing or data analysis you're trying to do, you can only extract 500 records at a time. I know the open-source nature has a lot of limitations, Otherwise, Elastic Enterprise Search is a fantastic solution and I'd recommend it to anyone.

I have been using Elastic Enterprise Search for approximately four years.

I have no complaints in terms of stability. However, you have to make sure you give Elastic Enterprise Search the minimum resources it requires. We have not seen any major issues that we would send back to the vendor or the solution maker. If there was an issue it most likely would be from the environment, depending on how it was deployed and how it was configured.

Elastic Enterprise Search is scalable. In our environment, we deploy it in a containerized environment. For us, we've experienced the scalability of the solution because as we grow and expand, we spin up more containers that are interconnected. I don't see any issues with Elastic Enterprise Search from a scalability perspective. 

There's a lot of material available online. We tend to look online before we reach out for technical support. We have not needed to contact the support and this is a testament to how much information is available online. 

The solution is not expensive because users have the option of choosing the managed or the subscription model. 

Elastic Enterprise Search is a very good solution and they should keep doing good work.

I'm a very satisfied customer because almost everything I need comes out of the book. You already have machine learning, alerts, the ability to search, APIs, inbuilt security, and integration to third-party authentication.

I rate Elastic Enterprise Search a ten out of ten.

We are mainly using it for analytics reports for the data taken from our call center. We are using the entire stack. We are using Kibana and Elasticsearch. Kibana is the front end for dashboards, reports, etc.  

The flexibility and the support for diverse languages that it provides for searching the database are most valuable. We can use different languages to query the database. 

It is hard to learn and understand because it is a very big platform. This is the main reason why we still have nothing in production. We have to learn some things before we get there.

I have reported and had discussions about several bugs at discuss.elastic.co, but that happens with many products. It is not only with this product.

We have been using it for about one year, but it is not yet in our production environment.

It is reliable.

If you use a cloud platform or a cloud environment, it is easy to scale. 

For on-premises, we are using OpenShift. We are using a cluster on OpenShift, and we are facing some issues, but they are not related to Elastic. They are related to our infrastructure of OpenShift because OpenShift is deployed on VMware, and the storage of VMware doesn't allow us to take backup snapshots in a secure way. We are thinking of migrating this cluster of OpenShift to another platform.

Currently, we have a few users of this product because we have been using it only for one year, and we are the first ones in our company. In the future, we will have more people involved with the product.

We have only used their community support from the discuss.elastic.co site.

There is a free version, and there is also a hosted version for which you have to pay.

We're currently using the free version. If things go well, we might go for the paid version.

It is a good choice, but you have to take your time to learn it. Its learning curve can be hard. 

I would rate it an eight out of 10.

Our main use case is to centralize all the logs from the infrastructure environment and the data center.

The most valuable aspect of the solution is the visualization with Kibana. What we have not yet started, yet, we plan to do, is to use machine learning.

The initial setup is very easy for small environments.

There is very little maintenance needed.

The solution is stable.

The scalability is good.

The solution offers good value for the price.

They could simplify the Filebeat and Logstash configuration piece. There are a lot of manual steps on the operating system. It could be simplified in the user interface.

I've been using the solution for about a year at this point.

The stability is really good. We use it in a fully virtualized environment, and that's not a real recommendation from Elastic. However, even with how it's stored, even if it's not a recommendation, for this small environment we have here, it's stable enough. It's working.

We're in the very early stages of usage. We only have maybe 20 people on the solution currently. We are increasing this, however. There will be more.

The solution is easy to scale. You can add new Elasticsearch clusters. It should be noted that you have to separate the different roles from Elasticsearch to other devices, so you need a little bit more knowledge to do it right.

We've been in touch with technical support a little bit as we're still in negotiation. Right now, we are running the basic product which is free of charge. We're in negotiation with the vendor for a license, where we will get proper support. We need it.

I'm also familiar with Splunk, which is more expensive.

In our case, it was a simple installation process. It was just set up in small environments, however, if it's getting larger, it will be more complex as then you have to split all the different roles onto different machines, to get the performance you need.

Therefore, for small environments, it's very easy. If you're doing a big environment, then it's much more complex.

The only maintenance needed is for updating the systems. We're working on it to make it all more or less automatic. All we need to do is to implement the updates when they arrive.

We just handled the initial setup internally. We did not need the assistance of any integrators or consultants. 

It's a bit too expensive, however, it's not as expensive as Splunk, which is a good thing. It's okay. There are cheaper products that we know, however, this is a very rich product, and it's got a very wide functionality, and a wide range of functionalities which I don't see in the other products, especially not in the cheaper ones.

I'm just a customer and an end-user.

Our company is always using the latest updates.

I'd advise new users that you need to do a POC or get a test installation. It's free of charge. It's important to ingest a lot of data so that you get a feeling of scalability and performance. To put something in your lab, for example, is very helpful. It's only when you have data in the system, that you can see the benefits of the Elastic environment.

I would absolutely recommend the solution to others. I'd rate it at a nine out of ten. I've been pleased with its capabilities overall. 

While the solution is slated for making logging positions more centralized, at present we are gearing through it. A fully-fledged deployment of alignments is not yet in place.

We have adjusted the logs into the spec for a couple of our applications.

We consider all of the features to be valuable. With respect to 12B Kibana, all of the components fit in very well. Logsearch gives us certain log filtering capabilities and we can vet what we push into our database. This allows us only to log and ship limited items. Essentially, Logsearch plays a big role although not the most important one. 

The solution itself needs improvement. There is an index issue in which the data starts to crash as it increases.

This leads to an impact on the solution's stability.

The index and part of the solution's stage have weak points.

In the next release, I would like to see better plugins when integrating with, say, Microsoft Teams.

The Kibana dashboard is quite user-friendly and we have had no issues involving our technical team. However, some technical knowledge is required, especially if one wishes to create dashboards and as it relates to index management.

I have been Vusing ELK Elasticsearch for plus or minus two years.

ELK Elasticsearch is definitely a stable solution. It is the spec that surprises most of the other logging solutions in the market.

The solution is quite scalable and this is one of its advantages. We are trying to add or plug on to Elasticsearch at present.

We have been open to solutions and haven't really had a need to rely on technical support. We've relied mostly on support forums.

This said, I would rate the support well, as we initially interacted with the support team and made use of Google.

The initial setup had a bit of a learning curve for us while we acclimated ourselves to the use of the solution. However, after a while, it became quite easy. 

I would not say there was much complexity even at the outset, as we have an understanding of how to troubleshoot and do the installation.

There is more than enough documentation of the solution online. It is useful and you can find what you're looking for. There are also forums that can be of assistance. 

While I cannot say for sure, as our organization is structured so that we work in silos with everyone looking after his own infrastructure, I would estimate that we have approximately 200 employees making use of the solution.

My advice to others who are considering implementing the solution is that they first make a plan to figure out how they wish to cluster the solution and the amount of data that must be ingested. Much planning would be involved. It would be wise to start with the open-source solution, which comes with many advantages, and to move on to the Enterprise version if there should be a need for dedicated support. 

I cannot posit whether management will wish to take this route, although this is definitely worth considering, as we are talking about a fully robust infinite solution across the board. 

I rate ELK Elasticsearch an eight out of ten.

We are primarily using it for monitoring. It is used for server monitoring.

I really like the visualization that you can do within it. That's really handy. Product-wise, it is a very good and stable product.

They should improve its documentation. Their official documentation is not very informative. They can also improve their technical support. They don't help you much with the customized stuff.

They also need to add more visuals. Currently, they have line charts, bar charts, and things like that, and they can add more types of visuals. 

They should also improve the alerts. They are not very simple to use and are a bit complex. They could add more options to the alerting system.

I have been using this solution for one year.

Stability-wise, it is very good. Once the data starts coming in, it is very stable. I didn't find any big glitches in it.

We contacted their technical support once. I didn't find them very good. They are there just to provide documentation and stuff. They don't help you much with the customized stuff. They could improve that. I would rate them a two out of five.

It is complex because it is not Windows-based. It is Linux-based, so one must know Linux to deploy it properly. It is not a product that you can install with just multiple clicks. You need to understand it.

It seems good in terms of return on investment. It is a monitoring solution, and it triggers alerts before something happens. For example, it triggers an alert when the space in Windows reaches an 80% limit. I would say it is a good investment. We are able to fix things before they go wrong. If we didn't have Elasticsearch, things would go wrong, and we would be spending more time fixing them later on.

I would advise others to first know Linux because it would most probably be on Linux. If you're good at Linux, you will be good at this as well.

I would rate ELK Elasticsearch an eight out of ten.

We are developing a SIEM application that is similar to QRadar, ArcSight, or Splunk. This application uses Elasticsearch as its search engine because we want to retrieve information fast. We are just using the basic search engine part of Elasticsearch. We have developed lots of things on top of Elasticsearch, such as security, correlation, reporting, etc.

The search speed is most valuable and important.

Its licensing needs to be improved. They don't offer a perpetual license. They want to know how many nodes you will be using, and they ask for an annual subscription. Otherwise, they don't give you permission to use it. Our customers are generally military or police departments or customers without connection to the internet. Therefore, this model is not suitable for us. This subscription-based model is not the best for OEM vendors. 

Another annoying thing about Elasticsearch is its roadmap. We are developing something, and then they say, "Okay. We have removed that feature in this release," and when we are adapting to that release, they say, "Okay. We have removed that one as well." We don't know what they will remove in the next version. They are not looking for backward compatibility from the customers' perspective. They just remove a feature and say, "Okay. We've removed this one."

In terms of new features, it should have an ODBC driver so that you can search and integrate this product with existing BI tools and reporting tools. Currently, you need to go for third parties, such as CData, in order to achieve this. ODBC driver is the most important feature required. 

Its Community Edition does not have security features. For example, you cannot authenticate with a username and password. It should have security features. They might have put it in the latest release.

I have been using this solution since version 1.0.

For a one-node installation, it is easy. You can do it and retrieve information fast, but when you are trying to scale up, everything becomes complicated. If you want to deal with several terabytes of data, you should read whitepapers or case studies or get proper consultancy from Elasticsearch. Otherwise, you will lose data. I know many customers who lost their data and could not recover it. It is not like you store everything and search for everything, and it is just instant. It is not like that. You should do your homework very intensively. It looks easy, but when you scale up, it gets complicated.

We got 60 days of development consultancy with them. Until we sign the agreement, they were quick and prompt. After the signature it changed. Overall experience, we are not satisfied with the development consultancy.

We switched from SQL Server to Elasticsearch. For our application, we wanted the information very fast without locking everything. In SQL Server or Oracle, that would not have been possible. Deleting is also very difficult in SQL Server.

Its initial setup is straightforward. There were no problems.

We are using the Community Edition because Elasticsearch's licensing model is not flexible or suitable for us. They ask for an annual subscription. We also got the development consultancy from Elasticsearch for 60 days or something like that, but they were just trying to do the same trick. That's why we didn't purchase it. We are just using the Community Edition.

We evaluated other products and chose Elasticsearch because the data that we are collecting is unstructured. Every log has a different structure.

The most important thing to keep in mind is that it is not as they advertise on their site. If you want to scale up and are looking for a big deployment, you must read everything. You also need support from the company itself. 

I would rate ELK Elasticsearch a seven out of ten.

I'm involved in architecting and implementing Elasticsearch-based solutions, catering to various use cases including IIoT, cybersecurity, IT Ops, and general logging and monitoring.

The intention of this article is not to compare AWS Elasticsearch with Elastic ELK Elasticsearch and at the end declare the winner. Elasticsearch by itself is one of the coolest and versatile Big Data stacks out there. If you are planning to use it in your organization or trying to evaluate if it is the right stack for your product/ solution, this article offers some insights from an architect's perspective.

I'm not the right person to answer this question as I'm the service provider. My clients are the right people to answer.

The Spaces feature in Kibana is really useful. I can ingest all data and then offer multi-tenancy on a single stack to various departments (internal) or customers (external). This feature isn't available in AWS Elasticsearch, and Machine Learning isn't available either.

Other useful features such as Canvas (used to create live infographics) and Lens (used to explore and create visualisations using a drag-and-drop feature) are available only in Elastic's ELK Elasticsearch.

In the last 18 months Elastic has really caught up and also gone way beyond AWS by putting together all the missing components that make ELK Elasticsearch the most comprehensive stack in the entire Big Data ecosystem. Comprehensive because one stack addresses all of the three essential technical components of an end-to-end system: collect, store and visualise terabytes (and even petabytes) of structured or semi-structured data at ease.

Enhance the Spaces feature to make it fully multi-tenant by enabling role-based access control (RBAC) at a Space level rather than overall Kibana or stack level like it is currently.

Elastic needs to work on their Machine Learning offering because currently they have been trying to make it a black box which doesn't work for a serious user (a Data Scientist) as it doesn't give any control over the underlying algorithm. It's like a point-and-click camera vs a DSLR. The offering started with a single/ univariate anomaly detection on time-series data. Now, they have a multivariate which is good, but beyond this, we cannot build any other Machine Learning models, like traditional supervised models. Anomaly detection uses mostly unsupervised algorithms and also it is a very broad problem space for a black box to solve it fully.

Make index’s metadata searchable (or referenceable in search queries).

5 years

Elastic ELK Elasticsearch is one of the most stable Big Data engines and the simplest to maintain and scale. Redundancy is built into the design so there is no single point of failure. We can configure a DR easily and if something goes wrong, we can restore the system into a brand new cluster in hours.

Elasticsearch by itself is 100% scalable as scalability is built into the design like any Big Data system. We just have to add more nodes, and it scales horizontally and then redistributes the data into the new nodes, and the cluster becomes faster and agile automatically. Cross-cluster replication comes with a Platinum license. But this feature is highly exceptional and not a common need.

I have worked with all the flavours of Elasticsearch viz. Elastic.co's ELK which is popularly known as the ELK stack (pronounced as 'yelk'), AWS Elasticsearch and Open Distro plugins for Elasticsearch.

All (including Solr that comes with Hadoop) are built on a common underlying technology, Apache Lucene. The difference is the added features that I call 'batteries included'. To be precise, Elastic's ELK Elasticsearch, unlike others, comes with free enterprise-grade apps (called plugins in Kibana) and a bunch of cool and useful Kibana features. It also features a good deal of engineering automation conveniences built into the stack.

Did you know that the original founders of Elasticsearch are the folks at Elastic.co, the company that has recently transitioned to an open-core philosophy by design. But since AWS took the initial lead and started offering the stack as AWS Elasticsearch service it became more popular and a preferred option for the uninformed. Elastic, on the other hand, was busy innovating and adding more muscle to the stack that it is no more limited to being just the fastest search engine on the planet. In fact, the keyword ‘search’ in Elasticsearch is not relevant anymore and, moreover, it is misleading.

Initial setup is indeed straightforward and fast because it will mostly be a single-node cluster. But as the data volume grows and we start seeing a performance lag, the stack requires scaling (by adding more nodes) and a professional intervention for doing the right capacity design and configuration fine tuning.

It is always a good idea to engage a professional vendor to implement it right the first time and save yourself a lot of time in experimenting and trying to figure out the optimisation hacks and how-to’s all by yourself.

A stack like Elasticsearch that enables heavy lifting of the data effortlessly comes with its intrinsic yet obvious ROI. If one is not able to realise the ROI it means either the data is bad (garbage in, garbage out) or the stack is not implemented properly.

The basic license is free, and it comes with a lot of features that aren't supposed to be free! With a Gold license, we get Alerting (called Watcher) and some modest enterprise features. Note that if alerting is a must feature for you, you can install open-source alerting plugins like Open Distro Alerting or ElastAlert and avoid the Gold license cost. Active Directory integration, SAML, SSO, Machine Learning etc. come with Platinum license. The licensing is per-node and per-annum basis for an on-premise installation and for Cloud Elastic-managed service the cost is baked into the hourly pay-as-you-go fee. Kibana does not have a license, so it's free.

If you don't want alerting, Active Directory or LDAP integration and are good with native authentication, the basic license will suffice. The basic license also comes with many internal stack features, which are free. For example, data segregation into hot and warm storage, automatic configuration, and rolling over the index after achieving a certain size limit. 

SIEM (Security Information and Event Management) app is free. Also is another cool app called Uptime that helps us monitor the uptime of servers and web services. We can do this without any third-party licensing cost. Just turn on the apps, ingest data using Beats and the apps will start thriving. Over time they become mission critical to your business.

For example, the SIEM app will automatically populate the dashboards and allow us to monitor network traffic, successful logins, unsuccessful login attempts, and anomalous security events. All that comes off the shelf and is free. You'll pay a lot, on the other hand, for a traditional SIEM like ArcSight or LogRhythm.

Another free app called Infrastructure (formerly known as Metrics) helps monitor the server infrastructure by configuring light-weight data collectors called MetricBeats (for Windows systems) and AuditBeats (for Linux systems). The Beats will start pumping in all the system performance metrics into the stack and help monitor the memory, CPU and disk utilization.

I have worked with all the flavours of Elasticsearch viz. Elastic.co's ELK which is popularly known as the ELK stack (pronounced as 'yelk'), AWS Elasticsearch and Open Distro plugins for Elasticsearch.

All (including Solr that comes with Hadoop) are built on a common underlying technology- Apache Lucene. The difference is the added features that I call 'batteries included'. To be precise, Elastic's ELK, unlike the others, comes with free enterprise-grade apps (called plugins in Kibana), a bunch of cool and useful Kibana features, and a good deal of engineering automation built into the stack.

Moreover, the original founders of Elasticsearch are the folks at Elastic.co, the company that's built on open-core philosophy. But AWS took the initial lead and offered the stack as AWS Elasticsearch service catering mostly to search-engine use cases. But ELK, with all its goodness, is much more than a search engine! In fact, the keyword search in Elasticsearch is very misleading.

You can spin up Elastic ELK Elasticsearch fully-managed service either on AWS, GCP, or Azure, or have your own on-premises installation and dockerize it. Whereas the AWS Elasticsearch is available only on AWS. That's the hosting difference.

Elastic ELK Elasticsearch comes with a support-only subscription, and there are a lot of updates happening. Kibana is constantly improved and there’s a new release every two weeks.