Elastic Observability Reviews

A typical use case for Elastic Observability is a centralized logging system. That's what it does.

My relationship with Elastic is as a reseller and implementer.

In my opinion, the best features of Elastic Observability are their flexibility to integrate with other existing systems and the ability to build a unified monitoring tool that can integrate with existing ones and end-to-end user journeys which require a lot of customizations. The greatest feature in Elastic is the ability to customize.

This is similar to my comments about customizable dashboards in Elastic because it's visible to the analyst. However, it's very great. Customizing these dashboards can meet the customer's specific use cases and specific stories that they have in their environment, their special environment that doesn't look like other environments. The dashboarding in Elastic is highly customizable to the level of logos. If the customer wants his company logo in the dashboard, it can be done.

Out-of-the-box use cases have room for improvement in Elastic Observability. They don't invest a lot in building out-of-the-box observable use cases, and they are more focusing on giving a very flexible environment for customization. Some areas such as AI Ops still require data scientists to understand machine learning and AI, and it doesn't have a quick win with no-brainer use cases.

I have worked with Elastic Observability for eight years.

Elastic Observability is a stable solution, depending on what stability you refer to. If we talk about the solution as software, it is very solid, very stable. Elastic continuously upgrades the software. There are some bugs that come with each release, but they are keen always to build major versions and minor versions on time, including the CVE vulnerabilities to fix it. They have been publishing all of this online. They are not hiding it; they are an open-source company. So from this point of view, it is very stable. However, if you consider the stability of keeping to customize Elastic to cope with a dynamic environment at the customer, it needs constant resource efforts.

If I compare Elastic Observability today in 2025 to eight years earlier, it is much easier today in deployment than earlier. Elastic Observability would be easy in deployment in general for small scale, but when you deploy it at a really large scale, the complexity comes with the customizations.

I rate technical support from Elastic at a six out of 10. They are very responsive in support, but they are not always meeting customer expectations when it comes to finding the root cause of their problems. Elastic Observability requires a lot of information about any incident raised, and many of the incidents could be related to non-Elastic components. Elastic support really struggles in complex situations to resolve issues. Sometimes, tickets take long to be resolved because of the complexity of incidents. I witnessed this with many customers, and it's still consistently happening, and hopefully will be improved later.

Neutral

The problem is their licensing model, which is a bit confusing. Many customers struggle to understand their total cost of ownership because Elastic licensing is not dependent on easy, quantifiable metrics such as number of users or amount of data. Their licensing model is based on something called Elastic Search memory, which is a bit complex formula. On top of this, there are always dependencies. Once you get the right sizing of Elastic, you need additional infrastructure. You need appropriate infrastructure size that will accommodate Elastic sizing in terms of CPU, memory, and storage. This is a part of the hidden cost that the customer understands.

I think Elastic Observability is very cost-effective compared to its top competitors, such as Dynatrace and Splunk. It is well known that when it comes to price, they can provide the best prices among their competitors.

I have been through many changes in my position and company. I have experienced some tough times there.

That's my daily job working with other Elastic tools. I have experience with Elastic Observability.

I rate Elastic Observability an eight out of ten. They are a very strong solution, very powerful, very fruitful for many customers, but they are not definitely the best because of the lack of many out-of-the-box solutions that the customers are asking for, and still Elastic is not developing them.

My company today is called QualityKiosk. I am now the Assistant Vice President, not the Regional Sales Manager.

My use case for Elastic Observability is observability, as we upload our customers' data, including logs, and when there is an issue, we can analyze what went wrong.

The best features of Elastic Observability include the ability to easily make graphs and dashboards focused on a certain aspect of data, and I also appreciate that we can dig into the real data where the graphs are coming from with discovery, allowing us to look at the actual data inside the database.

The customizable dashboards in Elastic Observability allow us to group relevant data to specific aspects of our solution, giving us around 20 interlinked dashboards which provide an overview, and if one aspect shows weird behavior, we can focus on that specific aspect of our software with a dedicated dashboard.

The near-time insights provided by Elastic Observability influence our operational efficiency significantly, as we generate a lot of data uploaded in near real-time, making it much easier for us to search more sophisticatedly than we can with our own system, following developing issues very easily.

After careful consideration about areas for improvement in Elastic Observability, aspects such as pricing, customization, implementation, and scalability could be improved. As a user of the system, I know what it costs but am not directly involved in cost-benefit evaluations or maintenance, which is handled by another team. I develop the visual representation of the data and frankly, I don't see major gaps in my application or anything I would really miss; I appreciate the fast pace of the developments that have occurred in the last couple of years.

Regarding room for improvement in Elastic Observability, I would have preferred built-in tools to manage the indexes on deployment for better visual representation, as the initial feedback regarding system performance and data storage was fairly primitive and lacking.

I have been using Elastic Observability for four years.

I would rate the stability of Elastic Observability as a ten, as we don't experience any issues.

I rate the scalability of Elastic Observability as a ten, as we have never seen issues even with a lot of data coming in from more customers, provided we have the appropriate configuration.

I would rate the vendor support from Elastic Observability as a nine, since we don't use them often as I try to fix issues myself; their excellent documentation typically helps me solve any issues I encounter.

Positive

In terms of maintenance of Elastic Observability, from what I've heard, I find the setup easy with REST calls for the mappings and configuration of data streams and indexes, although there could be a better visual indication for maintaining built-in data to examine the indexes generated. There have been recent developments in that area, although I am not involved directly in that department, but I have done the setup and found it fairly easy because of my programming background.

The deployment of Elastic Observability has had its challenges; I constructed the first approach which didn't scale properly, leading to too many indexes, but after restructuring, the changeover was fairly easy with the help from Elastic diagnosing the issues we faced, making the experience from then on fluent.

It took us a couple of months to deploy Elastic Observability, as we started with Logstash and then switched to bulk uploading all the raw data ourselves without using any other tools, going directly into Elastic.

Elastic Observability has saved us time as it's much easier to find relevant pieces across the system in one screen compared to our own software, and it has saved resources too since the same resources can use less time. It is essential to our company because with our cloud system, Elastic Observability is the best way to visualize what's going on and how the system is behaving; we don't have another tool to do that, so even if it costs money and may not be the best cost performance wise, we really need it.

We are just an end user of Elastic Observability and do not resell it.

We have used the alerting mechanism in Elastic Observability, and it requires fine-tuning so that we don't get too many alerts while still receiving the important ones. We have established alerts for certain indications, typically using it actively to monitor the performance of our system. We have a cloud solution that reports data, and it allows us to go back in time to look at specific issues and analyze what went wrong and what we could do about it.

Regarding the machine learning algorithms in Elastic Observability, while we are not using them for every minimal operation, we do upload logs as they happen and specific end result parameters, but we haven't found a good use case for them yet; for example, they can summarize an issue, but that has turned out not to be very relevant to us.

Approximately 10 to 15 users work with Elastic Observability.

Our environment with Elastic Observability is global, as all our support can look at the data, covering the US and Europe, while the maintenance and development are local, based in Ghent, Belgium.

I would recommend Elastic Observability to other users because it is performant, very well documented, flexible, and highly usable. I rate Elastic Observability ten out of ten.

My experience with Elastic Observability is quite extensive, as that is how everything started for me. Initially, Elastic started with logs, but then observability came, followed by security on top of the basic features. The whole thing that ties everything together is that they used to have a lot of tools that are very lightweight; for example, you can deploy an agent and get logs from any platform, whether Windows, Linux, or others.

Yet, there was one thing missing with those kinds of tools, and that is central management. Previously, if you wanted to change the path of a file or the port where you wanted to listen for logs, someone had to log in or SSH into the box to make those changes. However, with the Elastic agent, all the configurations are maintained within Elastic. All you need to do is buy a dummy agent, and you can control the policies, deciding which rules you want to push to, say, a group of Linux nodes. All the Linux nodes should have these listeners to read the log messages, whatever they are. Everything comes out of the box, and there's a great UI displaying all the agents in tabs with many filters to control them.

APM works similarly; it uses the same agent but includes instrumentation files for various languages. For C++, they have certain modules and JAR files for Java, so you just need to instrument your code to see the function calls, APIs, and more on the screen.

They offer hundreds of connectors, allowing you to send messages to Teams, Slack, SQS, or do a webhook. Every integration, whether for Windows or Linux or even Palo Alto or Fortinet, installs the out-of-the-box dashboards along with it, making it easy to parse incoming data meaningfully and immediately start viewing dashboards to see what's happening in the platform.

The Elastic agent provides a real-time feed of logs and important telemetry such as metrics. They have out-of-the-box rules, so if someone wants to create a high CPU usage rule, it's just one click away, creating the rule behind the scenes. The UI displays all the agents in tabs with many filters to control them. Furthermore, it provides a streamlined way to deploy on Kubernetes including the entire manifest file.

I think they are working on the AI-based features, which are currently in technical preview. The only challenging aspect for new users is often writing the query language. Basic searching is very easy, but creating graphs or writing custom aggregations or histograms for daily averages requires some familiarity. There is currently no out-of-the-box integration for these tasks, and someone usually needs to write a simple query.

Recently, I tested their AI feature that connects to OpenAPI and anonymizes your data. You just ask a question, and it writes a query for you. For instance, if you have many error logs and want to create a rule with a custom query, such as triggering an alert for five errors in the last hour, all you need to do is open the AI bot, type this question, and it generates an Elastic query for you to use in your alert rules. Overall, they are going beyond just what the tool can do by incorporating features akin to Copilot functionalities.

Regarding the value of Elastic Observability integration with cloud service providers and various data sources, I think they have covered everything that most customers use. They offer cloud service integrations for Azure, AWS, and Google Cloud, and I believe there are connectors for Alibaba Cloud as well.

Before using Elastic Observability, I worked with Splunk and some out-of-the-box tools such as Datadog. That's just based on my own experience, but I did use quite a few tools.

They had some advantages over Elastic Observability back in the day, particularly in their central management features. Whenever I needed to onboard a machine, someone had to go to the machine to deploy tools such as Beats to collect logs and configure them. However, Elastic's central management now surpasses those other tools. There's no longer a need for a large operations team to handle configuration changes because all you need is one agent deployed when bootstrapping an image on a machine, and they also have Kubernetes configurations.

You can deploy the Elastic agent on Kubernetes, and the UI provides the entire manifest file to copy, paste, and simply use with `kubectl apply`. These functionalities weren't present in the past, which made us look into other tools, but Elastic has been implementing these features for some time and has matured in that space regarding central management of all agents.

The license for Elastic Observability is the same as for other uses; you pay for Elastic, and you can use it for various cases. Observability is actually cheaper compared to logs because you're not indexing huge blobs of text and trying to parse those. Instead, it's mostly about numerics, such as CPU percentage at any given time. Elastic is excellent with Time Series data, so even if you have five years' worth of data in the system, you can pinpoint a particular date, and it loads instantly.

I think Elastic Observability is already in very good shape. It has all the necessary connectors, and in terms of security, it has many cloud security posture management features enabled as well.

Most of the cloud sources I deal with are Azure, where everything can be configured to send logs to an Event Hub simply by setting the credentials. You don't even need to parse it, as Elastic's integration with all these cloud sources parses everything automatically and displays the results in graphs.

On a scale of one to ten, I would rate Elastic Observability a nine.

We have our workload in the cloud, and we take the data from the workload, put it in a data lake, and then analyze it. We keep track, build down anomalies, and so on.

The possibility to customize it has been quite useful. Whatever the other departments want to dream up, we implement. Whatever they want to monitor, the granularity of it, the changes in the threshold, and the anomalies that they want reported all require some development. So far, every single request has been fulfilled.

All the features that we use, such as monitoring, dashboarding, reporting, the possibility of alerting, and the way we index the data, are important.

One example is the inability to monitor very old databases with the newest version. Also, when opening tickets, we cannot use our team mailbox. It would be easier if tickets could be opened with the team mailbox.

We have been using the solution for a year and a half.

It is very stable, and I would rate it ten out of ten based on my interaction with it.

What is not scalable for us is not on Elastic's side. It's due to the way we built the automation and pipelines. We upgrade department by department, which is a limitation on our side.

The support is really prompt, and we don't have anything to complain about. We have probably only opened five tickets in a year.

Positive

The benefits are not with us but with the departments using it. We keep the platform alive and do the lifecycle, but we don't calculate the profit or loss.

The license is reasonably priced, however, the VMs where we host the solution are extremely expensive, making the overall cost in the public cloud high.

I am looking into solutions like Check Point and considering costs, environments, and features.

They should compare different observability solutions in a similar setup, take into account storage, traffic calculations, and list pros and cons. Also, consider the team's familiarity and comfort with the solution as this is equally important.

I'd rate the solution ten out of ten.

Elastic Observability correlates different sources and teams to provide a single, unified, achievable goal for businesses. We offer Elastic Observation and security as part of our managed services to our customers.

Elastic Observability has helped in breaking the silos within our customers' environments, allowing different teams to work together rather than being in separate silos. It offers a single platform for role-based access administration, improving the recoverability time and issue resolution.

The most valuable feature is the integrated platform that allows customers to start from observability and expand into other areas like security, EDR solutions, etc. It is scalable and supports multitenancy, which is beneficial for MSPs.

Elastic Observability could improve asset discovery as the current requirement to push the agent is not ideal. Simplifying the parsing of logs and manual efforts would also be beneficial.

We have been using Elastic Observability for about one year.

Elastic Observability is really stable. I rate its stability as very high, eight out of ten.

The scalability part is yet to be fully evaluated in my experience. We have not yet tested scaling up, but Elastic Observability seems to have a good scale-out capability.

Customer service and support are good, though we haven't needed to reach out significantly as it has been stable.

Positive

I have experience with other solutions like VMware products, however, Elastic Observability's openness across various environments makes it stand out.

The initial setup with Elastic Observability is very straightforward and not complex.

Our team is small but skilled, consisting of five people who are familiar with deploying and managing Elastic Observability. We are hiring more staff as we grow.

Elastic Observability is cost-efficient and provides all features in the enterprise license without asset-based licensing. However, sizing and licensing information could be clearer.

I have worked with VMware solutions like CloudHealth and not hands-on experience with solutions like QRadar or Dynatrace, but Elastic’s broad ecosystem gives it an advantage.

I recommend Elastic Observability for its completeness of vision and wide ecosystem. It reduces the need for multiple products by offering a comprehensive solution.

I'd rate the solution ten out of ten.

I use Elastic more for monitoring integration. For instance, I have OpenShift tools implemented in my company, and I have some workloads to integrate, expose APIs, and perform transformations from a source to the target application. I am using Elastic to monitor integration capabilities and track messages.

With Elastic Observability, we have avoided some breakdowns in our applications and integrations that could have had a business impact. These tools help us monitor and prevent applications from breaking.

Elastic provides built-in features for queries and report generation. It's a very good tool for monitoring integration capabilities.

I don't know how Elastic can improve. The integration feature I am using is very easy to implement.

I have used Elastic for about one year.

The solution is very stable and has been working very well for us.

We don't use Elastic customer service. However, the documentation available is very good.

Positive

Setting up Elastic was not so easy; it requires some manual processes.

We use around twenty people, including integration engineers and software engineers specializing in integration.

Elastic has provided a return on investment by helping us avoid application and integration breakdowns, which can be critical for our business. The exact amount of value is difficult to quantify but avoiding downtime is very important to us.

Elastic Observability is cheaper in terms of pricing.

I am familiar with Azure Monitor, which I find more user-friendly compared to Elastic, which is a very technical tool.

I would recommend Elastic Observability to others.

Elastic Observability didn't help our organization because it was simpler for us to configure other tools, including Dynatrace and Grafana.

The most valuable feature of Elastic Observability is the text search.

Elastic Observability needs to improve the retrieval of logs and metrics from all the instances. In an on-premise environment, the solution's data scrappers should be more flexible and simple to configure.

I would love to have the stack trace of the requests. For example, I want to track a request across all the environments and all the services we have.

I have been using Elastic Observability for one year.

Elastic Observability is a really stable solution, and we have not faced any issues with its stability.

I rate Elastic Observability an eight out of ten for stability.

I rate Elastic Observability a seven out of ten for scalability.

We use different tools and compare between free and paid tools. We already use different tools like Dynatrace, Grafana, Datadog, and New Relic. I usually compare different solutions and try to use the tool that helps me more. Right now, we are facing more issues while configuring and setting up Elastic Observability compared to other tools we have. So that's why we are now focusing on Dynatrace and some other tools.

Elastic Observability is a little bit complex to configure.

We have not seen a return on investment with Elastic Observability.

Since we are a huge company, Elastic Observability is an affordable solution for us. However, a startup may face some issues with the solution's pricing.

Elastic Observability is deployed on-cloud in our organization.

To use Elastic Observability, you will need to have some tech lead with experience in APM.

Overall, I rate Elastic Observability a seven out of ten.

The first time I encountered Elk was sometime around 2018. During that period, I was involved with a customer who had a very strict requirement. They had their own data center and a cloud data center, and they wanted to ensure comprehensive monitoring. This included not only applications from an application perspective but also network, code-level analysis, end-user experience, and more. 

This was why the customer considered Elk as an observability solution, which one of their consultants proposed. They requested a proof of concept from both vendors, and I was the consultant who conducted a POC while also evaluating Elk. 

The customer selected both solutions, choosing Riverbed for monitoring network infrastructure and end-user experience and Elastic for log analytics and their cloud services. I continued extensive analysis in healthcare and recently collaborated on a project with a bank in South Africa involving both Elk and Riverbed.

From my experience with several major customers, the most valued feature of Elastic is its log analytics capabilities. 

I found Elk to be excellent for log analytics, security analytics, application code-level analytics, collaboration with DevOps teams, CI/CD, microservices, and Kubernetes, specifically cloud-native or cloud-specific tasks.

Of course, maintenance is necessary, as with any software, requiring updates with the latest features and security enhancements.

It lacked some capabilities when handling on-prem devices, like network observability, package flow analysis, and device performance data on the infrastructure side.

I first encountered Elk around 2018. I continued to work extensively, including a significant analysis in healthcare. Recently, I was involved in a project with a bank in South Africa, which was a collaborative effort with Elk and Riverbed.

As far as I know, there is a solution architect, and a professional services team is involved in understanding the requirement and starting the deployment. Generally, two or more people are needed due to the multiple moving parts.

As a user, I notice many competitors, like those from Elastic, Dynatrace, and VIAVI, trying to gain insights into the competition. Peercyte is one such competitor, possibly related to CMA or Forrester.

The overall product rating is six out of ten. 

The call's initial expectations were unclear, as questions about Elastic's competition from an employee in a competitive company seemed inappropriate. 

We use Elastic Observability for APM, basically. Right now, it is used only for application performance monitoring. In short, it is only the APM module that Observability is looked upon for by all our customers.

In the solution, search, observability, and SIEM are equally important. It is like Red Hat started convincing the people between open source while subscription was difficult. I believe Elastic is going to be the same thing. However, large enterprise customers who understand and who have applications that are nice with proper logs can get a better advantage.

Right now, I don't have any comments on what needs to be improved because I handle the delivery unit at a CEO's level. So, it's my team who works hands-on and on a day-to-day basis. Hence, they may be the right people to comment on this.

The price of the solution can make a 100 percent difference. I think the licensing model may not have major issues because it's only a node-based one or something. However, the customers should first consume the existing features completely because quite a few customers do not use the complete capacity of Elastic's enterprise version. So that's how things are in India right now.

The price is the only issue in the solution. It can be made better and cheaper.

I have been working with Elastic Observability for more than two years. With Elastic, my company has had a partnership for the last eight months, and the actual traction has been there for the last two months.

Most of the solutions I am looking for are not for our internal consumption. Rather it is based on my end customers' requirements. We propose solutions.

It has always been a stable solution. We didn't find any issues because, as a community administrator, we use it in quite a few places, like, across all customers, and it is one of the popular ELK stack tools.

It is scalable, but that works when it comes to cloud models. So, it should be much more.

Our company's interaction is only with three to four customers because we just started three months back. As a community edition, almost all enterprise customers do have it as an ELK or EFK stack, which may not be the enterprise version.

About the technical support, I would say that so far it has been good.

We are not just working only with Elastic. We have four different business units, and this particular competency of Elastic is with one of the units as one of the areas.

The initial setup looks straightforward. My technical team implements it on a day-to-day basis. They will be the right people to comment on these things.

The solution is deployed on the cloud and on-premises. Right now, the use cases we are working on are on the cloud models, and I think that recently they came out with an agent. So we need to see how the agent is because the agent has a lot of advantages. There are some things that we are not able to get on the cloud model that we can achieve through an agent, but we need to see the end customers' adaptability.

One needs to pay for the licenses, and it is an annual subscription model right now. We have not gone much deeper into the pricing part right now, but I can speak on this maybe after the quarter, maybe the end of September.

I would definitely recommend the solution to those planning to use it.

Being an organization into services, our key role in becoming a technology partner with Elastic was to be able to accomplish the purpose of recommending it to others.

Overall, I rate the solution an eight and a half to nine out of ten.

Elastic Observability can address multiple use cases, including monitoring, visibility, and reporting. It is integrated with a visualization product called Kibana. It's called ELK, which stands for Elasticsearch, Logstash and Kibana. Kibana provides visualization, and the others are security modules. SIEM module is there. 

We use it extensively for reporting, pulling metrics, logs, traces, events, etc. from different systems. Everything is aggregated in Elastic and visualized in Kibana. We use Logstash for ETL — extract, transform and load. We extract the data from the source, transform it—data massaging, data mixing, filters, etc. —and send it to Elasticsearch in the format we need.

The Elastic User Interface framework lets us do custom development when needed. You need to have some Javascript knowledge. We need that knowledge to develop new custom tests.

Elastic Observability is an excellent product for monitoring and visibility, but it lacks predictive analytics. Most solutions are aligned with the AIOps requirements, but this piece is missing in Elastic and should be included.

I've used Elastic Observability for two years.

Elastic Observability is highly stable. There is no problem. We tested performance, including load testing. We ingested nearly 170 million records in the system and we have tested it. It's great performance-wise. You get your reports and dashboards within a few seconds. So it doesn't take much time. Yeah. 

Elastic Observability is scalable. You can attach additional nodes as your data size grows. It's a simple process. In a three-node cluster, you already have two replicas of your data.

Okay. From a technical support perspective, yes, it is good. I have mostly, since I'm basically from the engineering and R&D. So I'm leading the engineering and R&D services basically. So we maximum for our development purpose. So we use Elastic open source. So in the platinum and the enterprise versions of Elastic, the support technical support is good. That's what I have seen.

So Elastic is basically clusters, right? Basically three, we can go with the basic cluster is a three note cluster. So the implementation is quite simple. It's not very complex. So we have to architect the solution in such a way that we have the right number of replicas and right number of charts and all those to hold the data. So basically we have to architect based on the data ingestion, how much data we are going to ingest in the cluster. So this setup is pretty simple, but we have to have the right inputs, right decisions in place before we even implement it.

We have used multiple APM solutions, which we evaluate using the metric MTTR or so meantime-to-resolution. We also have the detect-to-correct lifecycle implemented where Elastic is used to monitor multiple services and automate fixes for any issues. We reduced the number of incidents because you already have automated runbooks that run and fix the issues.

And second thing is we are monitoring an observability, which provides you the complete visibility, and it helps you to figure out the root cause quickly. So these are some of the return on investments that we can see. And also, in terms of reducing the number of incidents, reducing the number of overheads, right? So all those kind of things. And also from a data perspective, you can compress the data very easily and you can manage the data very easily. You have hot, cold retention policies, which allow you to manage your data very well. You can also ensure that your cluster is not getting full. So a lot of good returns are there, some are directly related to, I mean, dollar and some are not.

There are two types: cloud and SaaS. They charge based on data ingestion, ingest rate, hard retention, and warm retention. I believe it costs around $25,000 annually to ingest 30GB of data daily. That is the SaaS version. 

There is also a self-managed license where the customer manages their own infrastructure on-prem. In such cases, there are three license tiers that respectively cost $5,000 annually per node, $7,000 per node, and $12,500 per node.

I rate Elastic Observability eight out of 10. I deduct a couple of points because it lacks predictive analytics and root cause analysis.