Try our new research platform with insights from 80,000+ expert users
System Administrator and DevOps Engineer at a tech services company with 10,001+ employees
Real User
Has a good UI with good performance although deployment requires multiple applications
Pros and Cons
  • "The UI is very nice, and performance wise it's quite good too."
  • "The different applications need to be individually deployed."

What is our primary use case?

Our primary use case of this solution is for monitoring our logs and infrastructure. We are customers of ELK and I'm a system administrator. 

What is most valuable?

A positive feature of ELK is that it directly interacts with Elasticsearch. The UI is very nice, and performance wise it's quite good too. A key feature is that this is a reasonably priced monitoring solution.

What needs improvement?

We run this solution on multiple servers. ELK has three lanes which comprise a single package made up of Elasticsearch, Logstash, and Kibana. To my mind, this is not efficient because we have to individually deploy the different applications. In contrast, we're able to deploy Splunk with a singe application. Implementing the dashboards is also quite difficult. With Splunk and Nagios it's much easier to directly interact with Elasticsearch. I'd like to see some additional features in the front end which currently make it a bit difficult to implement and it should be simplified.

For how long have I used the solution?

I've been using this solution for six months. 

Buyer's Guide
Elastic Search
December 2024
Learn what your peers think about Elastic Search. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,052 professionals have used our research since 2012.

What do I think about the stability of the solution?

This solution is stable. 

What do I think about the scalability of the solution?

This is a scalable solution, we have eight to 10 users. We had initially planned to expand use of ELK because of its cheap price and the services that are included, but given the difficulty with implementation we've decided to go with Nagios instead. 

How are customer service and support?

The technical support people are very knowledgeable but the response time is quite slow which is not very good. 

How was the initial setup?

The initial setup of ELK is more difficult than the setup of other monitoring applications. I was able to carry out the deployment alone. 

What other advice do I have?

For anyone looking to implement a monitoring product with almost no cost or at a cheaper price, I would suggest the ELK stack. However, it does require a high skill set because of the difficulty with implementation. 

I would rate this solution a six out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
IT Infrastructure Analyst at AG Group
Real User
Powerful, graphical, good customer support and full featured
Pros and Cons
  • "You have dashboards, it is visual, there are maps, you can create canvases. It's more visual than anything that I've ever used."
  • "I have not been using the solution for many years to know exactly the improvements needed. However, they could simplify how the YML files have to be structured properly."

What is our primary use case?

I am using this product for a SIM solution.

What is most valuable?

Their anomaly detection engine is really good for example, compared to SolarWinds. You can ingest different pipelines. You have dashboards, it is visual, there are maps, you can create canvases. It's more visual than anything that I've ever used.

What needs improvement?

I have not been using the solution for many years to know exactly the improvements needed. However, they could simplify how the YML files have to be structured properly. If you want to ingest certain logs, you need to edit the YML file and connect it to your modules to start ingesting and parsing the end-user logs. Doing this is sometimes difficult and could be streamlined.

For how long have I used the solution?

I have been using the product for approximately three months.

How are customer service and technical support?

The customer service is very good.

Which solution did I use previously and why did I switch?

I have used SolarWinds in the past.

What other advice do I have?

The solution has a lot of features. They have machine learning jobs they can implement, I'm not there yet, but I can use anomaly detection to see there are various processes that can find users that aren't supposed to log onto certain machines. All of these features are visual and graphical. I can show it as a bar chart, a pie chart, I can Instagram, or I can split chart. The power to see everything on the front end is so much more powerful.

I rate ELK Elasticsearch a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Elastic Search
December 2024
Learn what your peers think about Elastic Search. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,052 professionals have used our research since 2012.
it_user963378 - PeerSpot reviewer
System Analyst at S7
Real User
Provides enterprise landscape support for different areas of the company
Pros and Cons
  • "We had many reasons to implement Elasticsearch for search term solutions. Elasticsearch products provide enterprise landscape support for different areas of the company."
  • "We see the need for some improvements with Elasticsearch. We would like the Elasticsearch package to include training lessons for our staff."

What is our primary use case?

In my project, Elasticsearch is used to query terms for search and to provide data boards for our project team.

How has it helped my organization?

We have some important IT systems which provide support for our business processes. Money is a big issue. If something happens to the IT systems, we lose some money. 

We built Elasticsearch solutions to help us to search more quickly. After that, we can calculate how much money we can save by implementing Elasticsearch as a solution.

What is most valuable?

We had many reasons to implement Elasticsearch for search term solutions. Elasticsearch products provide enterprise landscape support for different areas of the company.

What needs improvement?

Elasticsearch is useful for different business processes, but there are some problems. We discuss these problems with the vendor and with our in-house team. We see the need for some improvements with Elasticsearch. 

We would like the Elasticsearch package to include training lessons for our staff.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Elasticsearch is stable. We have a normal relationship with the vendor and we have enough support.

What do I think about the scalability of the solution?

Elasticsearch is very scalable. This was one of the most important points of our decision. We use Elasticsearch with about 1000 users. Now have two sets of solutions:

  • One set works with the dashboard from the project team's site.
  • A second set works with the enterprise department involved with two roles. 

As for the staff, we have an infrastructure team dedicated to Search. I can't answer quickly how many people we use for that. For maintenance, we employ about three to five experts.

We are planning to increase our Elasticsearch usage. We have the plan because some Elasticsearch systems integrate with other products and we must grow.

How are customer service and technical support?

If we discuss technical support from the vendor, it's the first line of support and we don't need very quick response times in the first support line. 

If we discuss the second line of support, it must be conducted very quickly. About technical support from the vendor, it's not fast. It's normal.

Which solution did I use previously and why did I switch?

I previously provided some activities with Splunk solutions. My colleague in another department also used Splunk.

How was the initial setup?

We did not have difficult trouble installing and configuring Elasticsearch. The setup is straightforward.

What about the implementation team?

The implementation depends on what part of the solution. In some areas and for some Elasticsearch installation tasks, we wanted third-party consultation support.

What was our ROI?

We don't integrate Elasticsearch on enough systems to complete the estimate of ROI.

What's my experience with pricing, setup cost, and licensing?

For the next project, we might buy the license, but we don't use it now. I don't know exactly what the license fee for Elasticsearch is currently.

Which other solutions did I evaluate?

This is a difficult question because we had a specific reason for choosing Elasticsearch. Different solutions provide different benefits. We compare these and choose one solution over another. 

Overall, it depends on the manufacturers. We compared Elasticsearch with other products like Riverbed, for example.

What other advice do I have?

In general, we have many advantages from the features of Elasticsearch, but there are questions mostly about money, not about technical features, that are of concern.

I would rate Elasticsearch eight/nine out of ten. We have enough possibilities and features with Elasticsearch for our business requirements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Works at Sincrobox SAC
User
Simple solution that provides valuable analytics
Pros and Cons
  • "The most valuable feature for us is the analytics that we can configure and view using Kibana."
  • "This product could be improved with additional security, and the addition of support for machine learning devices."

What is our primary use case?

Our primary use case for this solution is to operate an integration platform for a warehouse management system.

How has it helped my organization?

This has improved our organization because we articulated Kubernetes, Docker, and GitHub with amazing simplicity in the scaling up of our service.

What is most valuable?

The most valuable feature for us is the analytics that we can configure and view using Kibana.

What needs improvement?

This product could be improved with additional security, and the addition of support for machine learning devices.

For how long have I used the solution?

Still implementing.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Programmer at a tech services company
Real User
Allows us to store data in key value pairs and produce visualisations in Kibana, but lack of email notification is problematic
Pros and Cons
  • "Helps us to store the data in key value pairs and, based on that, we can produce visualisations in Kibana."
  • "It helps us to analyse the logs based on the location, user, and other log parameters."
  • "It needs email notification, similar to what Logentries has. Because of the notification issue, we moved to Logentries, as it provides a simple way to receive notification whenever a server encounters an error or unexpected conditions (which we have defined using RegEx​)."

What is most valuable?

Elasticsearch helps us to store the data in key value pairs and, based on that, we can produce visualisations in Kibana. It helps us to analyse the logs based on the location, user, and other log parameters.

What needs improvement?

It needs email notification, similar to what Logentries has. Because of the notification issue, we moved to Logentries, as it provides a simple way to receive notification whenever a server encounters an error or unexpected conditions (which we have defined using RegEx).

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

Not really any scalability issues, but we have set up a cron job to delete old logs so that we don’t hit the disk space issues. It would be helpful if such a feature were added to the UI, where old logs could be deleted automatically. (Don’t know if this feature is already there).

How are customer service and technical support?

ELK documentation is very good, so we have never needed to contact technical support.

Which solution did I use previously and why did I switch?

We used Logentries. Because of open source we moved to ELK, considering it as part of a cost-cutting strategy and evaluation. But due to the lack of a notification feature, we again moved to Logentries.

How was the initial setup?

Slightly complex, especially when you are configuring a machine which is on a separate IP, rather than on a single machine. In my case, Elasticsearch, Kibana and Logstash were on different machines. Along with that, we added a proxy server (nginx) ahead of the Kibana server. We used the proxy server for user authentication so that only known users would be able to access the Kibana dashboard. ELK's free version doesn't have user authentication, and this forced us to go with this alternative. We have four machines in total.

When we were using the Amazon Elasticsearch Service we had one cluster of Elasticsearch which, by default, gave us the Kibana dashboard. We just added a proxy server for user authentication.

Which other solutions did I evaluate?

Graylog, Fluentd.

What other advice do I have?

I give it a seven out of 10. They don't provide user authentication and authorisation (shield) as a part of their open source version.

Nice to implement, they have nicely written documentation.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1629525 - PeerSpot reviewer
IT Secuirty Architect at a insurance company with 10,001+ employees
Real User
Valuable detection and correlation features
Pros and Cons
  • "The most valuable features are the detection and correlation features."
  • "Something that could be improved is better integrations with Cortex and QRadar, for example."

What is our primary use case?

We are internal integrators. We are in the bigger group as of now, but other groups, our clients, are affiliates from our group. They are our internal clients. 

The solution is currently on-premises.

I was mostly responsible for the SOC team, and I helped them create the detection rules for the production. I wanted to know how it could be implemented in different kinds of products, like Sentinel.

What is most valuable?

The most valuable features are the detection and correlation features.

What needs improvement?

Something that could be improved is better integrations with Cortex and QRadar, for example. 

For how long have I used the solution?

I have been using this solution for no more than one year. 

How are customer service and support?

Not really, because I'm not the engineer and so most problems appear during the installations or maintenance and I'm not in developing infrastructure operations.

What's my experience with pricing, setup cost, and licensing?

The price of Elasticsearch is fair. It is a more expensive solution, like QRadar. The price for Elasticsearch is not much more than other solutions we have.

Which other solutions did I evaluate?

I would say that Elasticsearch is better than all the other solutions. QRadar is getting better, but it is still behind Elasticsearch in my opinion.

What other advice do I have?

I would rate this solution 8 out of 10.

I would recommend Elasticsearch if you don't have bigger budget limitations to use other enterprise solutions or if you want to avoid the vendor lock-in.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1636542 - PeerSpot reviewer
Associate - Projects at a computer software company with 10,001+ employees
Real User
Secure, good dashboards, and open source
Pros and Cons
  • "The solution has good security features. I have been happy with the dashboards and interface."
  • "There are some features lacking in ELK Elasticsearch."

What is our primary use case?

We are using ELK Elasticsearch in a database. We use both Logstash and Kibana. Kibana is used for monitoring where the data is coming from.

What is most valuable?

The solution has good security features. I have been happy with the dashboards and interface.

What needs improvement?

There are some features lacking in ELK Elasticsearch.

For how long have I used the solution?

I have been using ELK Elasticsearch for approximately two years.

What do I think about the stability of the solution?

We had some stability issues where we could not access the application.

What do I think about the scalability of the solution?

We have approximately five people in my organization using ELK Elasticsearch.

How was the initial setup?

All the installations were directly set up on the local servers.

What's my experience with pricing, setup cost, and licensing?

The solution is free.

What other advice do I have?

Elasticsearch is open source.

I rate ELK Elasticsearch an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
DevOps/System Administrator at a consultancy with 1,001-5,000 employees
Real User
Allows us to implement machine-learning from our logs, and alerts for anomalies
Pros and Cons
  • "Gives us a more user-friendly, centralized solution (for those who just needed a quick glance, without being masters of sed and awk) as well as the ability to implement various mechanisms for machine-learning from our logs, and sending alerts for anomalies."
  • "Elasticsearch could improve by honoring Unix environmental variables and not relying only on those provided by Java (e.g. installing plugins over the Unix http proxy)."
  • "Performance improvement could come from skipping background refresh on search idle shards (which is already being addressed in the upcoming seventh version)."

What is our primary use case?

Various purposes, mainly log analysis.

How has it helped my organization?

This product has notably improved the way we store and use logs, from having a more user-friendly, centralized solution (for those who just needed a quick glance, without being masters of sed and awk) to implementing various mechanisms for machine-learning from our logs, and sending alerts for anomalies.

What is most valuable?

The three major features which won us over to Elasticsearch were:

  • The well written documentation
  • The already available integrations with multiple other tools related to our needs (like Logstash, Kibana)
  • The easy with which scalability was achieved.

What needs improvement?

There are some areas in which Elasticsearch could improve: 

By honoring Unix environmental variables and not relying only on those provided by Java (e.g. installing plugins over the Unix http proxy). 

Performance improvement could come from skipping background refresh on search idle shards (which is already being addressed in the upcoming seventh version).

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Until now, we have not run into any issues running Elasticsearch that were not based on bad capacity planning based by us.

What do I think about the scalability of the solution?

Elasticsearch is a very easy to scale product, compared to other similar technologies.

How are customer service and technical support?

To date, we haven't had the chance to use Elasticsearch's technical support.

Which solution did I use previously and why did I switch?

We cannot disclose the previous solution, but we are much happier with Elasticsearch.

How was the initial setup?

Our initial setup was very easy to do.

Which other solutions did I evaluate?

We evaluated HBase and Cassadnra.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user