Elastic Search Reviews

We are internal integrators. We are in the bigger group as of now, but other groups, our clients, are affiliates from our group. They are our internal clients. 

The solution is currently on-premises.

I was mostly responsible for the SOC team, and I helped them create the detection rules for the production. I wanted to know how it could be implemented in different kinds of products, like Sentinel.

The most valuable features are the detection and correlation features.

Something that could be improved is better integrations with Cortex and QRadar, for example. 

I have been using this solution for no more than one year. 

Not really, because I'm not the engineer and so most problems appear during the installations or maintenance and I'm not in developing infrastructure operations.

The price of Elasticsearch is fair. It is a more expensive solution, like QRadar. The price for Elasticsearch is not much more than other solutions we have.

I would say that Elasticsearch is better than all the other solutions. QRadar is getting better, but it is still behind Elasticsearch in my opinion.

I would rate this solution 8 out of 10.

I would recommend Elasticsearch if you don't have bigger budget limitations to use other enterprise solutions or if you want to avoid the vendor lock-in.

Various purposes, mainly log analysis.

This product has notably improved the way we store and use logs, from having a more user-friendly, centralized solution (for those who just needed a quick glance, without being masters of sed and awk) to implementing various mechanisms for machine-learning from our logs, and sending alerts for anomalies.

The three major features which won us over to Elasticsearch were:

• The well written documentation
• The already available integrations with multiple other tools related to our needs (like Logstash, Kibana)
• The easy with which scalability was achieved.

There are some areas in which Elasticsearch could improve: 

By honoring Unix environmental variables and not relying only on those provided by Java (e.g. installing plugins over the Unix http proxy). 

Performance improvement could come from skipping background refresh on search idle shards (which is already being addressed in the upcoming seventh version).

Until now, we have not run into any issues running Elasticsearch that were not based on bad capacity planning based by us.

Elasticsearch is a very easy to scale product, compared to other similar technologies.

To date, we haven't had the chance to use Elasticsearch's technical support.

We cannot disclose the previous solution, but we are much happier with Elasticsearch.

Our initial setup was very easy to do.

We evaluated HBase and Cassadnra.

We use ELK Elasticsearch for storing application data logs.

Elasticsearch includes a graphical user interface (GUI) called Kibana. The GUI features are extremely beneficial to us.

Elasticsearch includes mechanisms for ingesting data into the cluster. So it would be great if those mechanisms could be simplified.

Improving machine learning capabilities would be beneficial.

I have been working with ELK Elasticsearch for four years.

We are using the latest version.

We have no issues with the stability of ELK Elasticsearch, it's quite reliable.

ELK Elasticsearch is a scalable product

This solution is used by five to ten people in our organization.

ELK Elasticsearch is used on a daily basis.

We have not contacted technical support.

We had a couple of issues that we were able to resolve by looking up the public information that is available on the internet.

There is a lot of community support for this solution.

The initial setup was straightforward and quite simple.

The installation took between six and eight hours to complete.

There is no maintenance required other than regular updates.

We completed the implementation internally.

Although the ELK Elasticsearch software is open-source, we buy the hardware.

The distributed installation is the way to go.

I would rate ELK Elasticsearch a nine out of ten.

The primary use case of this solution is for text indexing and aggregating logs from different microservices.

-Scalability and resiliency

-Clustering and high availability

-Automatic node recovery

Kibana should be more friendly, especially when building dashboards.

Stability needs improvement.

I would like to see the Kibana operating more smoothly, as Grafana does. Also, I would like to see some improvements with the machine learning capability, so that we can rely on it more. It's in the early phases but this would be a great way to start using it.

When it comes to aggregation and calculations, I would like to have to have advanced options in the dashboards to be used in a simplified way, such as building formulas and queries between different fields and indexes.

Alerting feature should be more flexible with advanced options.

I have been using Elasticsearch for approximately five years.

This solution is stable, but at times the stack will freeze and you have to remove and recreate the cluster. It may be an issue related to AWS.

We have not had any issues with the scalability.

We have not had any issues with technical support.

Datadog, it's expensive when it comes for a big infrastructure and cannot be self hosted when it comes to specific sensitive cases.

The initial setup was fast. We have the provisioning, which made it fast and easy.

It can be expensive. When managed by AWS you have different options and features that are locked and not available to you on the Kibana and security levels.

You cannot use the full X-Pack feature set when you go through AWS.

We have some devices that are managed by AWS and we have our own information with switches that are self-hosted.

ELK Elasticsearch is a product that I recommend.

I would rate this solution a seven out of ten.

We use this solution to collect log data and analyze it. We have an on-premises deployment.

The special text processing features in this solution are very important for me.

As a system, it is easy to use.

This is not a robust system, so in terms of resilience, they have to make some improvements. From time to time the system goes down and we have to start again, after adjusting some configuration parameters.

Technical support can be improved.

The interface would be improved with the inclusion of dashboards to assist in analyzing problems because it is very difficult. Better dashboards or a better configuration system would be very good.

This is not exactly a stable solution, which is why we are considering another compatible tool, and whether we go on with Elasticsearch or change it.

I follow their forum and blogs, and I have also asked questions directly to their technical department. I would say that support is moderate. It is not very good or very bad, but in between.

We did not use another solution prior to this one.

The initial setup of this solution is easy and straightforward.

The deployment is both easy and quick.

We have an in-house team that handles deployment.

Two people are enough for deployment and maintenance.

We did not evaluate other options before choosing this solution, but due to issues with stability, I'm now trying out PostgreSQL for comparison.

My advice for anybody considering this solution is that it is an easy to use tool, but for work that is not complex. If on the other hand, the work is more complex, with more data and perhaps a clustering environment, then they may have to consider something more stable and more robust.

I would rate this solution a seven out of ten.

What we use this ELK (Elasticsearch, Logstash, and Kibana) solution is mostly for keeping firewall logs and collecting traffic flow information.

The scalability of this product is something that is very impressive and the performance is also very good.

I think the GUI part of the solution has the most room for improvement. Actually, we are using the free version. We do not use the plug-ins so we have to do some additional development ourselves to have the necessary access to the controls.

We are not a heavy user, we just keep the logs and track data in the system. We use it and there is no problem for our current purposes and level of use.

We have been working with the solution for just over a year.

Up until this point, there have been a few times that we did have some issues and we did not know what went wrong. But we have a guy who is dedicated to managing the system now and it is running pretty well. At this point, we do not have to spend much time in administration and maintenance paying a lot of attention to it. I would say it is pretty stable, overall.

We have around five people involved in using the solution.

The scalability is very impressive. We can do a lot of things with the product and have not explored all the possibilities as it is something we use somewhat lightly compared to its potential.

We do not yet currently use a full technical support plan. We are not really using the product extensively enough to warrant that expenditure. Up until now, our use has been light and the product is not heavily burdened. It has been performing as expected. When we upscale usage we will probably engage with a paid support plan.

The initial setup is not that problematic. It is obviously manageable as we are doing it by ourselves, so it is okay and fairly straightforward. We didn't need any assistance from integrators or consultants for the deployment.

Before choosing to go in this direction, we actually checked with some of the database options like the JSON option and Mango. The Elasticsearch product was referred to us by a friend at another company as a better solution for our particular need. They are using the system. After some tests and reviews of the products, we thought it would fit our needs, so we decided to go with it.

The advice I would give to others considering this solution is that you have to have someone knowledgeable managing the system. You have to know the needs, know how to manage queries, and understand the visualization. You have to have someone working on it and dedicated to it so that you can manage it. It is not just plug-and-play. If you decide to run with it, the performance and the result can be very satisfactory. We did not have any issues with achieving what we tried to do. When we need certain data, we always find it.

On a scale from one to ten where one is the worst and ten is the best, I would rate ELK Elasticsearch as an eight out of ten. What would make it a ten for us is something I wouldn't know at this point. Until we use it more heavily in production then we'll see how it performs under a full load and we'll have a better idea of what needs to be improved.

We use this solution for log management. We collect many logs from Windows systems to later analyze them for security checks and audit purposes.

I have found the sort capability of Elastic very useful for allowing us to find the information we need very quickly.

The reports could improve.

I have been using this solution for approximately three years.

The solution is very stable and reliable.

The stability is good but we have only done vertical scaling and not horizontal at this time. We collection approximately 1,000 EPS and have three people using the solution in my organization.

There has been enough support available online for what we have been using the solution for.

The initial setup was easy because we used containers. It can be challenging to implement.

We did the implementation ourselves.

We are using the free open-sourced version of this solution.

I would recommend those wanting to implement this solution use integrators or consultants. However, we did not have any problems with the installation it can be difficult.

I rate ELK Elasticsearchan eight out of ten.

We are using ELK Elasticsearch in a database. We use both Logstash and Kibana. Kibana is used for monitoring where the data is coming from.

The solution has good security features. I have been happy with the dashboards and interface.

There are some features lacking in ELK Elasticsearch.

I have been using ELK Elasticsearch for approximately two years.

We had some stability issues where we could not access the application.

We have approximately five people in my organization using ELK Elasticsearch.

All the installations were directly set up on the local servers.

The solution is free.

Elasticsearch is open source.

I rate ELK Elasticsearch an eight out of ten.