We used this solution for gathering our application logs and analyzing application behavior.
Security Operation Center Analyst at Sadad
Helps us with application behavioral analysis and tuning
Pros and Cons
- "It is the best open-source product for people working in SO, managing and analyzing logs."
- "If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
What is our primary use case?
How has it helped my organization?
This solution assists in tuning our applications.
What is most valuable?
This is one of the best open-source log management and log analyzer tools in the world.
What needs improvement?
The documentation for this solution is very important, and more needs to be developed. It was not as good as we expected, and because of that, we prefer to work on commercial solutions such as Splunk or ArcSight. If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution.
As you gather more and more data, and the data continues to grow, I think it is difficult to handle, administer, and perform declustering.
I would like to see support for machine learning, where it can make predictions based on the data that it has learned from our environment.
Buyer's Guide
Elastic Security
April 2025

Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
For how long have I used the solution?
We have been using this solution for six or seven months.
What do I think about the stability of the solution?
In terms of stability, we have had many problems when dealing with big data.
What do I think about the scalability of the solution?
There are six people who use this solution in our company.
How are customer service and support?
I do not use the commercial version so I cannot comment on technical support. The open-source community is very important for this solution.
Which solution did I use previously and why did I switch?
We used Splunk in parallel with this solution.
In my role as a Security Operations Center Analyst, I think that Splunk is more useful for me. This is because I do not work on analyzing application behavior. However, I help my colleagues with this task, using ELK Logstash, based on my experience with Splunk.
How was the initial setup?
The initial setup of this solution was complex.
We have an enterprise structure and we cannot just install this solution, Logstash, and Kibana (the data visualization plugin for this solution), to have a good experience. For example, we had to set up the SQL database.
We now have nine Elasticsearch nodes in the company that all work together in a cluster. It is not simple, but rather, an enterprise structure.
What's my experience with pricing, setup cost, and licensing?
We use the open-source version, so there is no charge for this solution.
Which other solutions did I evaluate?
The solution does not work as well as Splunk.
What other advice do I have?
Our company uses Logstash for gathering the data, and Kibana for searching. The two are used together.
This is a solution that I recommend. It is the best open-source product for people working in SO, managing and analyzing logs.
I would rate this solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Devops/SRE tech lead at a transportation company with 201-500 employees
Scalable with good logging functionality and good stability
Pros and Cons
- "The solution is quite stable. The performance has been good."
- "The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
What is our primary use case?
We do not use monitoring due to the fact that we use Prometheus for monitoring. We don't use APM and so on. We use ELK only for logging.
What is most valuable?
The solution has very good logging functionality.
The aggregation capability is quite useful.
The solution is quite stable. The performance has been good.
The solution scales well.
The solution has gotten easier to deploy since the 2019 version.
What needs improvement?
Using ELK the first time there was a lack of security. We had to buy the paid version due to the fact that we needed to secure access to Kubernetes.
The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes. In fact, you have to monitor the stack and it's very, very difficult. Sometimes we lose indexes or we have nothing on the dashboard.
For how long have I used the solution?
I've been using the solution for about two years at this point. It hasn't been an extremely long amount of time.
What do I think about the stability of the solution?
The solution is stable. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
The solution can scale. If a company needs to expand it, it can do so pretty easily.
We use the solution for quite a small team. Ten people work on it.
How are customer service and technical support?
Due to the fact that we have a paid version of the product, technical support has been fine. We've been satisfied with the level of service provided to us. They are quite helpful and responsive.
Which solution did I use previously and why did I switch?
Previously, we were on Datadog, Kubernetes Logs. It was not very easy to debug incidents and so on. If I had to compare, I'd say that Datadog is very easy to implement and it's such a fast solution.
How was the initial setup?
The first time, it was very hard to deploy on Kubernetes. However, as we reached version seven, they are now an operator. Now it's very easy to deploy. We no longer have any issues.
What's my experience with pricing, setup cost, and licensing?
The solution is a bit expensive. I don't know the pricing of Datadog, which is what we used to use, however, it's my understanding that it is very expensive also.
What other advice do I have?
We are a customer and an end-user. We do not have a business relationship with ELK.
The solution is deployed on Kubernetes in Azure.
I would advise other companies and users not to mix monitoring and logging. It's not the same purpose. Many people do monitoring by scanning logs. It's not a good idea. The good idea is to monitor separately. In case of incidents, you have to monitor metrics and logins for the root cause. It's important to separate this, and not treat them as the same thing.
I'd rate the solution at an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Elastic Security
April 2025

Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
IT Consultant at a tech services company with 51-200 employees
A cloud-native compatible solution that has challenges with scaling and upgrading
Pros and Cons
- "The solution is compatible with the cloud-native environment and they can adapt to it faster."
- "Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
What is most valuable?
The solution is compatible with the cloud-native environment and they can adapt to it faster.
What needs improvement?
Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks.
For how long have I used the solution?
I have been working with the solution for four years.
What do I think about the stability of the solution?
The product is stable.
How was the initial setup?
The product's initial setup is straightforward but experts need to do it.
What's my experience with pricing, setup cost, and licensing?
The base product is open-source but if you need advanced security features then you need to pay for the subscription. Elastic Security's price is reasonable in some cases and in other cases it's not.
What other advice do I have?
I would rate the tool a seven out of ten. The solution has a very active community with troubleshooting cases. You need to consider the growth rate and environmental complexity when buying the product. If you need to use a multi-node or cluster version, then install it during initiation itself. So that you don't need to do the same procedure in the next three to six months.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Engineer at a tech services company with 501-1,000 employees
Integrates into the overall ELK Stack, scans for vulnerabilities well and offers good performance
Pros and Cons
- "We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
- "It could use maybe a little more on the Linux side."
What is most valuable?
We really like that it integrates into the overall ELK Stack, and we're using that as our theme. We were looking for a product compatible with that. We like the detailed investigation features of the platform as you're able to get a lot of detail as to what's going on on the host when you do investigations. We like the quarantine feature.
We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive. We have a lot of satellite communications, and it's not as intensive since we don't require updates to calm down on a regular basis for updated DAT files for hashes on a regular basis. We only have to update quarterly against the new malware model. It's also a lot less impactful from a performance perspective on a machine.
What needs improvement?
It's a pretty solid product. It's pretty easy to use as it's not a full endpoint protection suite. We're actually dependent on using Windows Defender for a firewall and traditional antivirus when it's required. It could use maybe a little more on the Linux side. Now that the product line is getting picked up by Elastic, they're going to continue to build out and make the Linux feature set more robust. However, I would say that right now the Linux feature set is a little limited.
For how long have I used the solution?
I've been using the solution for about a year.
What do I think about the stability of the solution?
Stability is very good. It's a very stable product. We haven't had any issues with stability at all.
What do I think about the scalability of the solution?
For what we use it for, scalability has been great. Our environments tend to be smaller. We're only talking about 200 to 1,000 systems. Therefore, I don't know that I could speak to a real large scale since that's not our implementation level.
We are kind of in an interesting use case as we're not actually using it on a day-to-day basis. We are a production house, and we shift suites out to customers to use. As far as what the user feedback is on a regular basis, we don't really see a ton of that unless we kind of go out and hunt for it.
Which solution did I use previously and why did I switch?
We're using the Microsoft Defender product. It's just what's embedded inside of the operating system. It's not the full Defender for Endpoint. It's just Windows and antivirus.
How was the initial setup?
The Endgame itself is extremely straightforward to set up and you just filled out the ISO and you follow a couple of wizards you're done. It's very easy. I would say the ELK Stack is a little more complicated, however, that's due to the way we implement PKI in our environment. The product in itself is fairly straightforward to implement. It's our choice of certificate implementation that's making it a little more complicated.
We targeted it to be able to be maintained by one person. In a lot of cases, our scenario is that we only have one person available to maintain the product. It's very easy to maintain. There's not a ton going on. In a scene, you always have to have somebody watching the log of traffic if you want it to be effective. However, outside of that, there's no extreme maintenance associated with the product.
What's my experience with pricing, setup cost, and licensing?
I do not know approximately how much it costs per month or per year. I'm not the one who makes the purchases.
What other advice do I have?
We are just customers.
I'd rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Junior System Engineer at Efficom-lille
Enables us to retrieve data from various servers and sources so we can detect errors
Pros and Cons
- "I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
- "One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
What is our primary use case?
We use Logstash to retrieve data from our servers, from different sources, to our Elastic Stack. There, Elastic Search allows us to search it, and we can visualize the data with Kibana.
What is most valuable?
I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash.
What needs improvement?
Our system architect has noticed a slowdown of the solution, but I don't see a slowdown.
One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty.
For how long have I used the solution?
We have been using Elastic Stack for about three years.
What do I think about the stability of the solution?
The solution is stable. We also monitor the Elastic Stack health and it's been a while since we have had an issue. The stability doesn't cause any problems. It's good. We haven't had any major issues.
What do I think about the scalability of the solution?
For now, we haven't had any problems. I'm just a user. I'm not the one responsible for the total solution. I use Kibana for the dashboard to detect any errors in our servers.
But for the future, perhaps we will need to scale our solution because we deploy new components and we implement new servers on Azure.
How are customer service and technical support?
The solution is maintained by dedicated architects who provide us with a solid platform. There is no direct support from Elastic Stack. We don't have any issue or any problem which requires support.
How was the initial setup?
I'm a system engineer. The architects who set up these solutions did it before I worked here.
I learned how to use it by doing searches and finding information about it. I learned to use it very quickly. The documentation is very simple to use, as long as you have some technical background in computers.
What's my experience with pricing, setup cost, and licensing?
Elastic Stack is an open-source tool. You don't have to pay anything for the components.
What other advice do I have?
Think carefully about how you will build the solution so that it is a high-availability solution. That is the trick when using Elastic Stack. Examine what your needs are.
I would rate Logstash at eight out of 10. I think the solution is really complete, with the components it has. It is a good solution.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cloud Engineer at GARR
A stable solution for collecting authentication information from service providers
Pros and Cons
- "The most valuable feature is the ability to collect authentication information from service providers."
- "Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
What is our primary use case?
The primary use of this solution is to gather authentication information and use it to determine which identity provider is breaking on which service provider. We store it as anonymized session information for each user.
What is most valuable?
The most valuable feature is the ability to collect authentication information from service providers.
What needs improvement?
Configuring the server is difficult and can be improved.
I would like to have a high availability set up that is easy to configure. Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution.
For how long have I used the solution?
I had been using Logstash for about three years. I am no longer using it but the people that I used to work with are.
What do I think about the stability of the solution?
We did not have any issues in terms of stability or performance.
What do I think about the scalability of the solution?
Scalability was not a problem for us.
How are customer service and technical support?
We did not have to contact technical support.
How was the initial setup?
The initial setup is pretty straightforward.
Our deployment took quite some time but it was not because of Logstash issues. It was a more complex situation because we didn't have access to all of the nodes that we wanted to forward. So, it took between 10 and 15 months to deploy, although it was for administrative reasons as opposed to technical ones.
What about the implementation team?
I had my own team for working with this solution but it was not for a single company. Our team was associated with a European partner and it was distributed around European cities.
What other advice do I have?
My advice for anybody who is implementing this system is to set it up so that you can manage it remotely.
Overall, this product does what it is supposed to do, although there is always room for improvement.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Co-Founder at a tech vendor with 51-200 employees
It's a scalable REST API-based solution
Pros and Cons
- "We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
- "I would like more ways to manage permissions and restrict access to certain users."
What is our primary use case?
We use Elastic Security to manage logs and time series data. More recently, we have used it for NetFlow data.
What is most valuable?
We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it.
What needs improvement?
I would like more ways to manage permissions and restrict access to certain users.
For how long have I used the solution?
We started using Elastic Security four years ago.
How was the initial setup?
The setup is comparable to similar products. It isn't too easy or hard. We deployed it in-house.
Which other solutions did I evaluate?
We tried Graylog and a few other things, but I found Elastic Security is easier to understand. There's a lot of documentation available, and their forums are great. Another advantage is greater scalability.
What other advice do I have?
I rate Elastic Security nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Solutions Consultant at a tech services company with 5,001-10,000 employees
Easy to use and set up with good documentation
Pros and Cons
- "It's very stable and reliable."
- "Their visuals and graphs need to be better."
What is our primary use case?
We are using the solution for log management. We use it for monitoring and observing.
What is most valuable?
Its search engine is great, and it is really quick. In the beginning, we wanted to search through terabytes of log data, and after that, we decided to search using the solution.
The initial setup is very easy.
It can scale well.
It's very stable and reliable.
We use it as an open-source product and do not have to pay for licensing.
There is a lot of good documentation online if you need to troubleshoot. Everything is clear and easy to follow.
What needs improvement?
The solution wasn't designed for monitoring at first. It was for search and stack logs and for working with solutions like Kibana. Therefore, they are a bit weak when compared to traditional monitoring tools.
They should work to improve their integration and graphical interfaces. Their visuals and graphs need to be better. They need better charts. These already exist in Kibana and should be in this solution as well.
For how long have I used the solution?
I've been using the solution for two years.
What do I think about the stability of the solution?
The solution is very stable. There are no bugs or glitches, and it doesn't crash or freeze. it is reliable, and the performance is good. It'd rate the general stability ten out of ten.
What do I think about the scalability of the solution?
We can easily scale up, according to our needs. It's easy to expand.
I'd rate the overall ability to scale up eight out of ten.
How are customer service and support?
They do not have technical support. They have community support and documentation to help with troubleshooting. We've been happy with the amount of detail we can find online if we need assistance.
Which solution did I use previously and why did I switch?
I have not used any other products that are the same. I only use Micro Focus Ops Bridge and SiteScope, which are traditional monitoring tools, so I can't categorize them. They are slow yet they can handle big networks.
How was the initial setup?
The solution is straightforward to set up. They have documentation on their site that shows how to do everything step by step. Everything is very clear and easy to understand. I'd rate the overall ease of implementation nine out of ten.
The deployment is fast and only takes hours, not days.
What about the implementation team?
One person helped me deploy the solution. However, we did not need outside assistance. We did it ourselves.
What's my experience with pricing, setup cost, and licensing?
The solution is open-source and, therefore, free to use.
What other advice do I have?
I'm a partner.
I'd advise others to take advantage of the documentation of the solution in order to get the most out of the product.
In general, I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Buyer's Guide
Download our free Elastic Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2025
Product Categories
Log Management Security Information and Event Management (SIEM) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR) Extended Detection and Response (XDR)Popular Comparisons
Datadog
Splunk Enterprise Security
IBM Security QRadar
Elastic Observability
Graylog
Security Onion
LogRhythm SIEM
Elastic Stack
syslog-ng
Fortinet FortiAnalyzer
Sumo Logic Security
Google Cloud's operations suite (formerly Stackdriver)
SolarWinds Kiwi Syslog Server
ManageEngine Log360
Buyer's Guide
Download our free Elastic Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- What are the advantages of ELK over Splunk?
- What would you choose for observability: Grafana observability platform or ELK stack?
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Which Windows event log monitoring tool do you recommend?
- What is the difference between log management and SIEM?
- Splunk vs. Elastic Stack
- How can Cloudtrail logs be used effectively to improve log monitoring?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?