Elastic Search Reviews

We use ELK Elasticsearch for storing application data logs.

Elasticsearch includes a graphical user interface (GUI) called Kibana. The GUI features are extremely beneficial to us.

Elasticsearch includes mechanisms for ingesting data into the cluster. So it would be great if those mechanisms could be simplified.

Improving machine learning capabilities would be beneficial.

I have been working with ELK Elasticsearch for four years.

We are using the latest version.

We have no issues with the stability of ELK Elasticsearch, it's quite reliable.

ELK Elasticsearch is a scalable product

This solution is used by five to ten people in our organization.

ELK Elasticsearch is used on a daily basis.

We have not contacted technical support.

We had a couple of issues that we were able to resolve by looking up the public information that is available on the internet.

There is a lot of community support for this solution.

The initial setup was straightforward and quite simple.

The installation took between six and eight hours to complete.

There is no maintenance required other than regular updates.

We completed the implementation internally.

Although the ELK Elasticsearch software is open-source, we buy the hardware.

The distributed installation is the way to go.

I would rate ELK Elasticsearch a nine out of ten.

Elasticsearch is one of the NoSQL databases available. My application is a microservices application where the data gets published on a Kafka cube. It allows us to connect to Kafka and get this data in a document format very easily. I'm using Elasticsearch as my backend processing database, where I'm building and reporting using Kibana.

I like how it allows us to connect to Kafka and get this data in a document format very easily. Elasticsearch is very fast when you do text-based searches of documents. That area is very good, and the search is very good.

The price could be better. Kibana has some limitations in terms of the tablet to view event logs. I also have a high volume of data. On the initialization part, if you chose Kibana, you'll have some limitations. Kibana was primarily proposed as a log data reviewer to build applications to the viewer log data using Kibana. Then it became a virtualization tool, but it still has limitations from a developer's point of view.

I have been using ELK Elasticsearch over the last two years.

The price could be better.

I would tell potential users that they have to locate the data source and understand the data. They will have to decide on whether they have to go for a NoSQL or a relational database. 

If it's NoSQL, then what kind of data are you seeing? If it's more textual data, then you're going to read more. So, I would recommend Elasticsearch. Otherwise, you have other databases like MongoDB and Cassandra.

On a scale from one to ten, I would give ELK Elasticsearch a seven.

We use this solution for log management. We collect many logs from Windows systems to later analyze them for security checks and audit purposes.

I have found the sort capability of Elastic very useful for allowing us to find the information we need very quickly.

The reports could improve.

I have been using this solution for approximately three years.

The solution is very stable and reliable.

The stability is good but we have only done vertical scaling and not horizontal at this time. We collection approximately 1,000 EPS and have three people using the solution in my organization.

There has been enough support available online for what we have been using the solution for.

The initial setup was easy because we used containers. It can be challenging to implement.

We did the implementation ourselves.

We are using the free open-sourced version of this solution.

I would recommend those wanting to implement this solution use integrators or consultants. However, we did not have any problems with the installation it can be difficult.

I rate ELK Elasticsearchan eight out of ten.

I am using it to get some hands-on experience and learn the product by searching, building use cases, test cases, dashboards, and visualizations.

With hands-on experience, you learn more about the product and how it works.

It should be easier to use. It has been getting better because many functions are pre-defined, but it still needs improvement.

If you have a large enterprise environment, it is costing a lot of money and it's not a full-blown SIEM. It has SIEM features but a lot is missing. You need to involve other products to make a SIEM out of it.

Some of the other products needed were Apache, Kafka, and ticket tools. It was custom made and not what I had expected in the end.

I would like to see them get closer to a full-blown orchestrated SIEM, and create predefined modules to bring you to using it as a SIEM faster, and on the fly instead of having to tweak the Grok filter for weeks.

I would like to see more pre-defined modules.

I have been using Elasticsearch for two weeks.

We are not using the latest version, but not an old version.

It's a stable solution and we have not had any issues.

The scalability is fine.

I have contacted technical support, once or twice. The experience was okay.

The initial setup was okay, not as easy as Splunk but it was manageable.

The pricing model is questionable and needs to be addressed because when you would like to have the security they charge per machine. If you are building any cluster and you are paying €6,000 per machine, that is expensive.

I think that Elasticsearch is a good product and cheaper than Splunk.

I like this solution, but it has too much hands-on time required tweaking to get it up and running.

I have no plans to continue using this product. Currently, I am focused on SIEMonster because I signed a partnership and I would like to sell a total product. It doesn't make sense to spread across multiple products. 

I would like to earn money out of it, so I'm focusing currently on SIEMonster.

I think that Elasticsearch is a good product and cheaper than Splunk.

When I check Gartner, I don't see mention of Elasticsearch, it seems they need to make some improvements.

I would rate this solution a seven out of ten.

I am using this product for a SIM solution.

Their anomaly detection engine is really good for example, compared to SolarWinds. You can ingest different pipelines. You have dashboards, it is visual, there are maps, you can create canvases. It's more visual than anything that I've ever used.

I have not been using the solution for many years to know exactly the improvements needed. However, they could simplify how the YML files have to be structured properly. If you want to ingest certain logs, you need to edit the YML file and connect it to your modules to start ingesting and parsing the end-user logs. Doing this is sometimes difficult and could be streamlined.

I have been using the product for approximately three months.

The customer service is very good.

I have used SolarWinds in the past.

The solution has a lot of features. They have machine learning jobs they can implement, I'm not there yet, but I can use anomaly detection to see there are various processes that can find users that aren't supposed to log onto certain machines. All of these features are visual and graphical. I can show it as a bar chart, a pie chart, I can Instagram, or I can split chart. The power to see everything on the front end is so much more powerful.

I rate ELK Elasticsearch a ten out of ten.

I run the function to review the usage for the team and for the organization itself.

We use this product internally and then some of our business relationships with the other businesses that we have, they get their data from our data. It's more for collaborative data reporting that we have with them.

The most valuable feature is the out of the box Kibana. You plug it in and start the basic analysis on the data out of the box. This also gives a quick way to check the data and the models to figure out what fits the needs.

There are a few things that did not work for us. 

When doing a search in a bigger setup, with a huge amount of data where there are several things coming in, it has to be on top of the index that we search. 

There could be a way to do a more distributed kind of search. For example, if I have multiple indexes across my applications and if I want to do a correlation between the searches, it is very difficult. From a usage perspective, this is the primary challenge.

I would like to be able to do correlations between multiple indexes. There is a limit on the number of indexes that I can query or do. I can do an all-index search, but it's not theoretically okay on practical terms we cannot do that.

In the next release, I would like to have a correlation between multiple indexes and to be able to save the memory to the disk once we have built the index and it's running.

Once the system is up, it will start building that in memory.

We need to be able to distribute it across or save it to have a faster load time.

We don't make many changes to the data that we are creating, but we would like archived reports and to be able to retrieve those reports to see what is going on. That would be helpful.

Also, if you provide a customer with a report or some archived queries, that the customer is looking at when they are creating, at first it will be slow while putting up their data or subsequently doing it. I want it to be up and running efficiently. 

If the memory could be saved and put back into memory as it is, then starts working it would reduce the load time then it will be more efficient from a cost perspective and it will optimize resource usage.

I have been familiar with this product for approximately four years.

ELK Elasticsearch is stable.

It's scalable, but there are some limitations.

If you are scaling a bit too quickly, you tend to break the applications into different indexes. 

The limitations come in when getting the correlation between the applications or the logs.

It is difficult to get the correlations once the indexes have been split.

We are using the open-source version, that is installed on-premises.

We have not worried about technical support, but the community is good.

Before ELK, we used another solution for internal usage, and also, we used Splunk for different use cases in a different organization altogether.

It wasn't a switch per se, it was a different organization with a different use case.

The initial setup is simple, not too difficult. 

Getting the index, doing your models, and putting the data in, correctly, is done more on a trial and error basis. You have to start early and plan it well to get it right.

We are using the open-source version. 

We are not looking into the subscription because it's on-premises in-house.

For anyone who is looking into implementing this solution, the only tip is to get your models for the type of actual use that you are looking at upfront in order to have a good run.

I would rate ELK Elasticsearch a seven out of ten.

My organization works in the healthcare industry and we use this product as our database.

When we have questions about our data then we use Elasticsearch to make queries.

The most valuable feature is that I can push data to Elasticsearch using Logstash.

Technical support should be faster.

I have been using Elasticsearch for about one year.

This is a stable product.

Elasticsearch is scalable, although we only have about five users and they are not constant. We do plan to increase our usage in the future.

The initial installation and setup were straightforward. It will take a few minutes to deploy.

Our in-house team was responsible for the deployment.

This product is open-source and can be used free of charge.

I also use Kibana, which is integrated with Elasticsearch. Kibana is for visualization and we can also customize Elasticsearch using Kibana.

In summary, Elasticsearch is a very useful product that I can quickly recommend.

I would rate this solution an eight out of ten.

The primary use case of this solution is for text indexing and aggregating logs from different microservices.

-Scalability and resiliency

-Clustering and high availability

-Automatic node recovery

Kibana should be more friendly, especially when building dashboards.

Stability needs improvement.

I would like to see the Kibana operating more smoothly, as Grafana does. Also, I would like to see some improvements with the machine learning capability, so that we can rely on it more. It's in the early phases but this would be a great way to start using it.

When it comes to aggregation and calculations, I would like to have to have advanced options in the dashboards to be used in a simplified way, such as building formulas and queries between different fields and indexes.

Alerting feature should be more flexible with advanced options.

I have been using Elasticsearch for approximately five years.

This solution is stable, but at times the stack will freeze and you have to remove and recreate the cluster. It may be an issue related to AWS.

We have not had any issues with the scalability.

We have not had any issues with technical support.

Datadog, it's expensive when it comes for a big infrastructure and cannot be self hosted when it comes to specific sensitive cases.

The initial setup was fast. We have the provisioning, which made it fast and easy.

It can be expensive. When managed by AWS you have different options and features that are locked and not available to you on the Kibana and security levels.

You cannot use the full X-Pack feature set when you go through AWS.

We have some devices that are managed by AWS and we have our own information with switches that are self-hosted.

ELK Elasticsearch is a product that I recommend.

I would rate this solution a seven out of ten.