Information Security Analyst at a financial services firm with 1,001-5,000 employees
Real User
2022-02-06T07:24:04Z
Feb 6, 2022
We are a partner. I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it. I would rate the solution at a five out of ten.
It is complex, but you just need to have patience and personnel to develop it. Unless you explore a technology, you won't know what are the pros and cons. I have not seen any cons as of now, but it has miles to go in terms of being equal to Splunk. It is a community-driven technology. So, it will get there. I would rate this solution a seven out of 10.
AVP, Site Reliability Engineer at a financial services firm with 10,001+ employees
Real User
2021-06-15T14:50:34Z
Jun 15, 2021
I would recommend this solution for an organization that doesn't require a highly secured environment, because they'll have to deal with the issues of VM upgrades and installations. If it's a highly secured environment like a bank, then I suggest ELK cloud instead of on-prem. I rate this solution a seven out of 10.
Devops/SRE tech lead at a transportation company with 201-500 employees
Real User
2021-05-07T15:17:51Z
May 7, 2021
We are a customer and an end-user. We do not have a business relationship with ELK. The solution is deployed on Kubernetes in Azure. I would advise other companies and users not to mix monitoring and logging. It's not the same purpose. Many people do monitoring by scanning logs. It's not a good idea. The good idea is to monitor separately. In case of incidents, you have to monitor metrics and logins for the root cause. It's important to separate this, and not treat them as the same thing. I'd rate the solution at an eight out of ten.
We're just customers and end-users. We don't have a business relationship with the company. We're using the latest version of the solution. The product in general has come very far. It's gotten a lot better over the years. I'd recommend the solution to other organizations. I'd advise anyone to try it out. Overall, I would rate it at an eight out of ten. We've largely been very pleased with the product.
Associate Director - Solutions at a comms service provider with 1,001-5,000 employees
Real User
2021-02-24T19:44:00Z
Feb 24, 2021
My advice is that this is a good product to use if you are financially contained, and you want to start with something small. Later, if you need to scale then you can look at other options. I would rate this solution an eight out of ten.
Senior Tech Engineer at a tech services company with 1,001-5,000 employees
Real User
2021-02-24T07:05:01Z
Feb 24, 2021
We are just customers and end-users. I would advise others to use this solution. It's relatively low cost and the implementation is quick, giving you results faster. I would rate the solution at an eight out of ten overall.
Senior DevOps Engineer at a financial services firm with 10,001+ employees
Real User
2020-12-07T15:14:00Z
Dec 7, 2020
Do a POC first. They should compare solutions and also look at different log formats they're trying to ingest. See how it really fits with the use case. This goes for ELK and Graylog. You can trial the enterprise version. In terms of lessons learned it does need some time and resources. It also needs adequate planning. You need to follow the documentation clearly and properly. I would give this solution 8 out of 10.
Founder & Chief Executive Officer at a consultancy with 11-50 employees
Real User
2020-08-09T07:19:00Z
Aug 9, 2020
You should know this solution pretty well. You need to be clear beforehand for what you are going to use this product. This is not something that you can use generally for anything and everything. You should be really clear in terms of your requirements. I would rate ELK Logstash a nine out of ten.
We're ELK customers. Mostly I'm a specialist on the infrastructure of the solution. The solution is perfect as long as you are using it for forensics. In terms of threat detection, it could be better. There could be another product that is more appropriate for that aspect. I'd rate the solution eight out of ten.
When my colleague set up this application, it was configured such that every seven days, the data is archived into long-term storage. When I needed something from the archived logs, it was easy to retrieve and I could look through them again. This is something that I would suggest doing. My suggestion for anybody who is implementing ELK Logstash is to make sure that the entire team knows how to use it. If only one person knows it and takes care of it, then it is not a very productive experience. On the other hand, if everybody is familiar with it, the experience will be much better. This is definitely a product that I recommend using. I would rate this solution an eight out of ten.
Think carefully about how you will build the solution so that it is a high-availability solution. That is the trick when using Elastic Stack. Examine what your needs are. I would rate Logstash at eight out of 10. I think the solution is really complete, with the components it has. It is a good solution.
Associate Delivery Lead at a tech services company with 1,001-5,000 employees
Real User
2020-03-04T08:49:00Z
Mar 4, 2020
Based on my experience, it's quite easy and manageable with small scale implementations, and the time to market is quite fast. I can have good monitoring with a couple of use cases set up in less than four weeks. In terms of other advice, it depends what I am looking for. Am I looking at this as a platform or for a specific use case? If I see it as a platform, I would definitely say it's a good platform to work on. In that case, I would rate it an eight on a scale of one to ten.
My advice for anybody who is implementing this system is to set it up so that you can manage it remotely. Overall, this product does what it is supposed to do, although there is always room for improvement. I would rate this solution a nine out of ten.
Senior Manager Analytics at a financial services firm with 501-1,000 employees
Real User
2020-03-03T08:47:40Z
Mar 3, 2020
Anyone who wants to do IT log monitoring, realtime and who wants to do the anomaly detection, should go with this solution. So far from what we have seen, I would rate this solution a nine out of ten.
Works at a comms service provider with 51-200 employees
Real User
2019-09-10T10:06:00Z
Sep 10, 2019
We are interested in learning more about plugins for specific firewalls or other products. The only problem with this solution is the development part, where we have to do it manually. I would rate this solution a six out of ten.
Our company uses Logstash for gathering the data, and Kibana for searching. The two are used together. This is a solution that I recommend. It is the best open-source product for people working in SO, managing and analyzing logs. I would rate this solution an eight out of ten.
Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from...
We are a partner. I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it. I would rate the solution at a five out of ten.
I would rate this solution eight out of ten.
It is complex, but you just need to have patience and personnel to develop it. Unless you explore a technology, you won't know what are the pros and cons. I have not seen any cons as of now, but it has miles to go in terms of being equal to Splunk. It is a community-driven technology. So, it will get there. I would rate this solution a seven out of 10.
I would recommend this solution for an organization that doesn't require a highly secured environment, because they'll have to deal with the issues of VM upgrades and installations. If it's a highly secured environment like a bank, then I suggest ELK cloud instead of on-prem. I rate this solution a seven out of 10.
We are a customer and an end-user. We do not have a business relationship with ELK. The solution is deployed on Kubernetes in Azure. I would advise other companies and users not to mix monitoring and logging. It's not the same purpose. Many people do monitoring by scanning logs. It's not a good idea. The good idea is to monitor separately. In case of incidents, you have to monitor metrics and logins for the root cause. It's important to separate this, and not treat them as the same thing. I'd rate the solution at an eight out of ten.
I would not recommend this solution. I rate ELK Logstash a five out of ten.
We're just customers and end-users. We don't have a business relationship with the company. We're using the latest version of the solution. The product in general has come very far. It's gotten a lot better over the years. I'd recommend the solution to other organizations. I'd advise anyone to try it out. Overall, I would rate it at an eight out of ten. We've largely been very pleased with the product.
My advice is that this is a good product to use if you are financially contained, and you want to start with something small. Later, if you need to scale then you can look at other options. I would rate this solution an eight out of ten.
We are just customers and end-users. I would advise others to use this solution. It's relatively low cost and the implementation is quick, giving you results faster. I would rate the solution at an eight out of ten overall.
Do a POC first. They should compare solutions and also look at different log formats they're trying to ingest. See how it really fits with the use case. This goes for ELK and Graylog. You can trial the enterprise version. In terms of lessons learned it does need some time and resources. It also needs adequate planning. You need to follow the documentation clearly and properly. I would give this solution 8 out of 10.
You should know this solution pretty well. You need to be clear beforehand for what you are going to use this product. This is not something that you can use generally for anything and everything. You should be really clear in terms of your requirements. I would rate ELK Logstash a nine out of ten.
We're ELK customers. Mostly I'm a specialist on the infrastructure of the solution. The solution is perfect as long as you are using it for forensics. In terms of threat detection, it could be better. There could be another product that is more appropriate for that aspect. I'd rate the solution eight out of ten.
When my colleague set up this application, it was configured such that every seven days, the data is archived into long-term storage. When I needed something from the archived logs, it was easy to retrieve and I could look through them again. This is something that I would suggest doing. My suggestion for anybody who is implementing ELK Logstash is to make sure that the entire team knows how to use it. If only one person knows it and takes care of it, then it is not a very productive experience. On the other hand, if everybody is familiar with it, the experience will be much better. This is definitely a product that I recommend using. I would rate this solution an eight out of ten.
Think carefully about how you will build the solution so that it is a high-availability solution. That is the trick when using Elastic Stack. Examine what your needs are. I would rate Logstash at eight out of 10. I think the solution is really complete, with the components it has. It is a good solution.
Based on my experience, it's quite easy and manageable with small scale implementations, and the time to market is quite fast. I can have good monitoring with a couple of use cases set up in less than four weeks. In terms of other advice, it depends what I am looking for. Am I looking at this as a platform or for a specific use case? If I see it as a platform, I would definitely say it's a good platform to work on. In that case, I would rate it an eight on a scale of one to ten.
My advice for anybody who is implementing this system is to set it up so that you can manage it remotely. Overall, this product does what it is supposed to do, although there is always room for improvement. I would rate this solution a nine out of ten.
Anyone who wants to do IT log monitoring, realtime and who wants to do the anomaly detection, should go with this solution. So far from what we have seen, I would rate this solution a nine out of ten.
We are interested in learning more about plugins for specific firewalls or other products. The only problem with this solution is the development part, where we have to do it manually. I would rate this solution a six out of ten.
Our company uses Logstash for gathering the data, and Kibana for searching. The two are used together. This is a solution that I recommend. It is the best open-source product for people working in SO, managing and analyzing logs. I would rate this solution an eight out of ten.