We performed a comparison between Datadog and Elastic Security (formerly ELK Logstash) based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Datadog and Elastic Security have a similar user rating for ease of deployment, and users of both felt that the solutions were expensive. Users felt Elastic Security took too long to respond when it came to service and support. In terms of features, reviewers of Datadog had a problem with stability and felt there wasn’t enough monitoring through their dashboard. Reviewers of Elastic Security said they had difficulty retrieving data and felt the solution should offer predictive maintenance.
"The dashboards and the performance of the software have been great."
"Datadog's seamless integration with Slack and PagerDuty helped us to receive alerts right to the most common notification methods we use (our mobile devices and Slack)."
"Datadog has a lot of features to be able to drill down deep into the swath of logs that our platforms generate."
"Datadog has clear dashboards and good documentation."
"It has provided visibility with ease of implementation and allowed multiple teams to quickly onboard it."
"The network map is crucial in identifying bottlenecks and determining what needs more attention."
"The infrastructure monitoring capabilities are really valuable. You can just log on and see everything that is happening within an IT environment."
"We have way more observability than what we had before - on the application and the overall system."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"Elastic Security is very easy to adapt."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"Elastic is straightforward, easy to integrate, and highly customizable."
"It is scalable."
"We need a lot of modules since we collect all data logs from all operating systems."
"I sometimes log in and see items changed, either in the UI or a feature enabled. To see it for the first time without proper communication can sometimes come as a shock."
"They need to implement template variables into the message response body."
"The ease of implementation needs improvement."
"Ingesting data from various sources to monitor the log metrics of the system can always improve so that, if something goes wrong, the right teams are alerted."
"Once Datadog has gained wide adoption, it can often be overwhelming to both know and understand where to go to find answers to questions."
"Graph filters for logs need to be set manually which works well for JSON but not for unstructured logs."
"It is very difficult to make the solutions fit perfectly for large organizations, especially in terms of high cardinality objects and multi-tenancy, where the data needs to be rolled up to a summarized level while maintaining its individual data granularity and identifiers."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"Technical support could respond faster."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"It could use maybe a little more on the Linux side."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"We'd like better premium support."
"The tool should improve its scalability."
Datadog is ranked 2nd in Log Management with 101 reviews while Elastic Security is ranked 5th in Log Management with 24 reviews. Datadog is rated 8.6, while Elastic Security is rated 7.6. The top reviewer of Datadog writes "Easy to set up and good UI but needs better customization capabilities". On the other hand, the top reviewer of Elastic Security writes "A highly flexible and customizable tool that needs to improve automation and integration". Datadog is most compared with Dynatrace, Azure Monitor, New Relic and Splunk Enterprise Security, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint and CrowdStrike Falcon. See our Datadog vs. Elastic Security report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
It depends on your requirement. If you are looking for a SIEM/log management solution ELK would be a better option.
But if you are looking for more of a monitoring solution Datadog would be better. Also, Datadog provides out-of-the-box integrations with a lot of cloud applications. ELK could be cost-effective but a bit challenging to configure & finetune.
Datadog: Unify logs, metrics, and traces from across your distributed infrastructure. Datadog is the leading service for cloud-scale monitoring. It is used by IT, operations, and development teams who build and operate applications that run on dynamic or hybrid cloud infrastructure. Start monitoring in minutes with Datadog!
Datadog features offered are:
200+ turn-key integrations for data aggregation
Clean graphs of StatsD and other integrations
Elasticsearch: Open Source, Distributed, RESTful Search Engine. Elasticsearch is a distributed, RESTful search and analytics engine capable of storing data and searching it in near real time. Elasticsearch, Kibana, Beats and Logstash are the Elastic Stack (sometimes called the ELK Stack).
Elasticsearch provides the following key features:
Distributed and Highly Available Search Engine.
Multi Tenant with Multi Types.
Various set of APIs including RESTful
Dear,
Unfortunately, I can't say much about Datadog but I have used ELK for a short period.
And I can tell you not everything works the way it should. For example, I noticed heavy CPU usage for a Windows client on MS AD servers. I advise you to consider this if it's important to you.
Good luck!
Where do you want to spend your money, on people or licenses?
ELK requires a long-term investment in engineering resources to manage the system and to provide the capability.
Datadog provides capabilities for you so you only need some administrators. What are the capabilities? Some critical ones include availability, scalability, consuming log files, platform upgrades, ...
If you are consuming smaller data sets (100's of GB) with shorter retention, the size and scaling are much easier making ELK easier.
Do you have admins or engineers? If your team doesn't have dedicated time & skills to spend developing solutions like elastic-alert you should look for a vendor to provide capabilities.
I expect some capabilities in Datadog you will not be able to replicate in ELK.... so that answer makes this obvious.
We are going to evaluate the same for our org. We do about 10 TB a day consumption in ELK and are looking to see if we can shift $$$ from engineers and infra to SaaS.
I have used both ELK and Datadog, and there are lots of variables to consider here. The three important points that I looked at are:
- Cost. In addition to service costs, you have to consider egress and ingress costs as well.
- Real-time observability that you need during development vs long-term Observability. Keep in mind, when you export data over the internet, it comes with the same reliability issues as any other service on the internet. Regardless of how Datadog classifies its service as real-time, it is not real-time, IMO. It very much depends on your definition of real-time.
- Deployment and maintenance complexity. When your ELK cluster grows it has some pain points you need to be aware of.
My general approach is to deploy ELK for development, tune the data, and then pivot toward commercial solutions if I need to. This gives you insight into your data and what you should be preserving and that way you are not paying high costs, when or if you do decide to take advantage of a commercial solution.
Can you tell me what you actually want to do so that I can help you?