There are improvements needed for Elastic Stack. It is mostly based on Lucene, and the heart of Elastic Stack is Lucene, which has some limitations. Anything built on top of Lucene often feels an add-on, and that includes vector databases. Elastic Stack can store vector embeddings as well and perform AI and machine learning tasks out of the box without excessive configuration. The main improvements involve increasing speed and compression capabilities; I have seen databases that claim to achieve significantly better compression. While Elastic Stack can manage vast amounts of data, if the mapping is not specified correctly, the indexing time can be slow, especially with many events per second. Improper mapping usually means that every document received gets indexed for all fields, which is not desired. Elastic consultants typically optimize this, but out of the box, as data volume increases, scaling becomes necessary. They are working on these improvements in new versions.
Elastic Stack should be more simplified with ready-to-use widgets. Also, incorporating AI capabilities is essential as monitoring and observability tools are now adding AI features. Ideally, it should evolve into a full-stack observability tool, similar to AppDynamics or DynaTrace, which offers a solution that includes ISP provider, API monitoring, and infrastructure monitoring.
Security Engineer at a manufacturing company with 11-50 employees
Real User
Top 10
Nov 8, 2024
Elastic Stack needs more features similar to other SIEM tools such as Sentinel or the ability to create automations. Additionally, it should facilitate easier manual integration.
Senior Consultant at HGS - Hinduja Global Solutions
Real User
Top 5
Aug 9, 2024
There could be better documentation. They should improve to capture more data because we have to migrate to another vendor called Wazuh, which provides a full-fledged capability compared to Elastic.
Engineering at a security firm with 10,001+ employees
Real User
Top 20
May 28, 2024
Improving integration capabilities, especially with authentication systems, firewalls, and security controls, is a crucial area for improvement in Elastic Stack. Additionally, enhancing functionality to handle large Yara queries more efficiently would be beneficial, as many EDR solutions can run such queries faster than Elastic Stack's current limitations.
Improvements are needed in the solution in areas like SOAR and TIP, where there are certain shortcomings. When it comes to Elastic Stack, it doesn't matter if the product is mature or professional, like the other vendors in the market who offer TIP tools. Elastic Stack needs to have some features similar to the other tools that offer SOAR and TIP functionalities. From an improvement perspective, Elastic Stack's support team should have more people with expertise, and the response time should be minimized. There are no SOC analysts available at Elastic Stack's support team's end to resolve big or major issues. Small issues in the product can be resolved quickly by going to the availability of an online community from Elastic Stack's end, which is friendly and useful. The product lacks automation capabilities, making it an area where improvements are required. The product should also be able to integrate with multiple tools that offer TIP functionalities.
senior site reliability engineer at a tech vendor with 5,001-10,000 employees
Real User
Top 5
Dec 26, 2023
The main issue related to Elastic Stack is in the area of its licensing. The licenses of the product have changed, and the community-driven open-source fork of Elasticsearch has created a lot of issues in terms of compatibility between the products, which is not nice. The aforementioned areas are to be considered for improvement in the product.
From what I have heard about the solution from other sources, I know that there were some issues with pushing data from other sources to Elastic Stack, making it the solution's only shortcoming that needs improvement. When people try to move the data from another source to Elastic Stack for visualization, they face challenges when connecting to Elastic Stack from such different sources. The aforementioned details can be considered for improvement in the solution.
The implementation of dashboards in the solution needs to be made easier. Last year, I implemented dashboards with the help of Docker's compose file, and I had some issues with the ports and configuration since it was kind of complex to implement with Docker. The product's dashboard and maintenance are two areas that need improvement.
Elastic Stack is a comprehensive tool for log management, observability, indexing, and security, widely adopted for managing logs, alert creation, SIEM, SOC, and threat analysis. It integrates with CloudStrike and Endpoint Security, enhancing search capabilities and Application Performance Monitoring.Elastic Stack offers powerful solutions for logging, data storage, and visualization with Kibana. It allows MSSPs to efficiently manage security and assists companies with data analysis. It's...
There are improvements needed for Elastic Stack. It is mostly based on Lucene, and the heart of Elastic Stack is Lucene, which has some limitations. Anything built on top of Lucene often feels an add-on, and that includes vector databases. Elastic Stack can store vector embeddings as well and perform AI and machine learning tasks out of the box without excessive configuration. The main improvements involve increasing speed and compression capabilities; I have seen databases that claim to achieve significantly better compression. While Elastic Stack can manage vast amounts of data, if the mapping is not specified correctly, the indexing time can be slow, especially with many events per second. Improper mapping usually means that every document received gets indexed for all fields, which is not desired. Elastic consultants typically optimize this, but out of the box, as data volume increases, scaling becomes necessary. They are working on these improvements in new versions.
Elastic Stack should be more simplified with ready-to-use widgets. Also, incorporating AI capabilities is essential as monitoring and observability tools are now adding AI features. Ideally, it should evolve into a full-stack observability tool, similar to AppDynamics or DynaTrace, which offers a solution that includes ISP provider, API monitoring, and infrastructure monitoring.
Elastic Stack needs more features similar to other SIEM tools such as Sentinel or the ability to create automations. Additionally, it should facilitate easier manual integration.
There could be better documentation. They should improve to capture more data because we have to migrate to another vendor called Wazuh, which provides a full-fledged capability compared to Elastic.
Improving integration capabilities, especially with authentication systems, firewalls, and security controls, is a crucial area for improvement in Elastic Stack. Additionally, enhancing functionality to handle large Yara queries more efficiently would be beneficial, as many EDR solutions can run such queries faster than Elastic Stack's current limitations.
The tool's pricing can be improved.
Improvements are needed in the solution in areas like SOAR and TIP, where there are certain shortcomings. When it comes to Elastic Stack, it doesn't matter if the product is mature or professional, like the other vendors in the market who offer TIP tools. Elastic Stack needs to have some features similar to the other tools that offer SOAR and TIP functionalities. From an improvement perspective, Elastic Stack's support team should have more people with expertise, and the response time should be minimized. There are no SOC analysts available at Elastic Stack's support team's end to resolve big or major issues. Small issues in the product can be resolved quickly by going to the availability of an online community from Elastic Stack's end, which is friendly and useful. The product lacks automation capabilities, making it an area where improvements are required. The product should also be able to integrate with multiple tools that offer TIP functionalities.
The main issue related to Elastic Stack is in the area of its licensing. The licenses of the product have changed, and the community-driven open-source fork of Elasticsearch has created a lot of issues in terms of compatibility between the products, which is not nice. The aforementioned areas are to be considered for improvement in the product.
It lacks a clear NDR (Network Detection and Response) feature. If Elastic could enhance this aspect, it would significantly boost its capabilities.
Elastic Stack should work on their dashboards and integration process.
From what I have heard about the solution from other sources, I know that there were some issues with pushing data from other sources to Elastic Stack, making it the solution's only shortcoming that needs improvement. When people try to move the data from another source to Elastic Stack for visualization, they face challenges when connecting to Elastic Stack from such different sources. The aforementioned details can be considered for improvement in the solution.
The implementation of dashboards in the solution needs to be made easier. Last year, I implemented dashboards with the help of Docker's compose file, and I had some issues with the ports and configuration since it was kind of complex to implement with Docker. The product's dashboard and maintenance are two areas that need improvement.