We performed a comparison between Datadog and Elastic Security (formerly ELK Logstash) based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Datadog and Elastic Security have a similar user rating for ease of deployment, and users of both felt that the solutions were expensive. Users felt Elastic Security took too long to respond when it came to service and support. In terms of features, reviewers of Datadog had a problem with stability and felt there wasn’t enough monitoring through their dashboard. Reviewers of Elastic Security said they had difficulty retrieving data and felt the solution should offer predictive maintenance.
"The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution."
"The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before."
"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."
"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."
"The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."
"The most valuable feature is the dashboards that are provided out of the box, as well as ones we were able to configure."
"Having a wealth of information has helped us investigate outages, and having historical data helps us tune our system."
"The most valuable features are the dashboards and the reporting."
"The application performance monitoring is pretty good."
"Its logs are most valuable."
"They have a very good foundation in capturing metrics, logs, and traces. It's a very nice tool for that and it allows you to apply these monitoring tools in almost any technology."
"Sometimes it's more user friendly for development teams. There are some parts of Datadog that are more understandable for development teams. For example, the APM in Datadog works more manually and works like the tools in New Relic or Grafana, or Elastic. It is easier to understand for software development teams."
"The most valuable features are logging, the extensive set of integrations, and easy jumpstart."
"The solution is quite stable. The performance has been good."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"We've found the initial setup to be quite straightforward."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"Enables monitoring of application performance and the ability to predict behaviors."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts."
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"Technical support could be better."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space."
"I'd like to see better pricing and more integration in the next release."
"The setup was a bit complex."
"It could use some additional features when working with metrics like Grafana or like New Relic has. Datadog does not use library technologies like Dynatrace does. Datadog has machine learning too, but it does not have this option in all layers of monitoring like infrastructure service process in applications."
"I found the solution to be stable, I did not experience any bugs or glitches. However, some of the managing team did."
"In the past two years, there have been a couple of outages."
"Datadog has a lot of features kind of cramped into one dashboard. It's quite hard to get around what feature does exactly what. There was a steep learning curve, trying to navigate through menus."
"We have recently had a number of issues with stability and delays on logging, monitoring, metric evaluation, and alerts."
"Lacks some flexibility in the customization."
"The training that is offered for Elastic is in need of improvement because there is no depth to it."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."
"We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
Datadog is ranked 2nd in Log Management with 30 reviews while Elastic Security is ranked 7th in Log Management with 18 reviews. Datadog is rated 8.4, while Elastic Security is rated 7.6. The top reviewer of Datadog writes "Provides insightful analytics and good visibility that assist with making architectural decisions". On the other hand, the top reviewer of Elastic Security writes "It is quite comprehensive and you're able to do a lot of tasks". Datadog is most compared with Dynatrace, New Relic APM, Azure Monitor, Splunk and Amazon CloudWatch, whereas Elastic Security is most compared with Splunk, Graylog, Wazuh, IBM QRadar and syslog-ng. See our Datadog vs. Elastic Security report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.