No more typing reviews! Try our Samantha, our new voice AI agent.

Devo vs Elastic Stack comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Devo
Ranking in Log Management
27th
Average Rating
8.4
Reviews Sentiment
6.6
Number of Reviews
25
Ranking in other categories
Security Information and Event Management (SIEM) (27th), IT Operations Analytics (7th), AIOps (19th)
Elastic Stack
Ranking in Log Management
15th
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
18
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Log Management category, the mindshare of Devo is 1.3%, up from 0.6% compared to the previous year. The mindshare of Elastic Stack is 2.0%, down from 5.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Mindshare Distribution
ProductMindshare (%)
Elastic Stack2.0%
Devo1.3%
Other96.7%
Log Management
 

Featured Reviews

FR
Strategic Account Executive at a computer software company with 51-200 employees
Has improved investigative workflows with interactive dashboards and simplified data correlation
The data analytics cloud component focuses on real-time analytics, which is very impressive. The SIEM collects and correlates logs data from different sources and can integrate with ServiceNow, hardware asset management, and software asset management. The security orchestration, automation, and response (SOAR) is another valuable feature. The security data platform serves as the foundation of Devo. Regarding advanced query capabilities, Devo offers several models including query logs, visual query builder, language integrated query, and SQL, with SQL being the most frequently used querying data capability. The single pane of glass that Devo offers is the SOC. The tools in Devo's active ports are for investigating, not just viewing data. They are more interactive than other market solutions. The drill-down reports capabilities allow analysts to click on any element in a widget. When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins. This is particularly important for enterprise companies with numerous endpoints and users. The dynamic filtering of inputs significantly reduces the time cybersecurity analysts spend trying to figure out failed logins and identifying false positives.
LB
Senior Consultant at Skillfield
Offers robust out-of-the-box integrations and streamlines logging processes effortlessly
There are improvements needed for Elastic Stack. It is mostly based on Lucene, and the heart of Elastic Stack is Lucene, which has some limitations. Anything built on top of Lucene often feels an add-on, and that includes vector databases. Elastic Stack can store vector embeddings as well and perform AI and machine learning tasks out of the box without excessive configuration. The main improvements involve increasing speed and compression capabilities; I have seen databases that claim to achieve significantly better compression. While Elastic Stack can manage vast amounts of data, if the mapping is not specified correctly, the indexing time can be slow, especially with many events per second. Improper mapping usually means that every document received gets indexed for all fields, which is not desired. Elastic consultants typically optimize this, but out of the box, as data volume increases, scaling becomes necessary. They are working on these improvements in new versions.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo."
"But from a SaaS standpoint, if not best-in-breed, Devo is certainly in the top-two or top-three."
"One of the immediate improvements that come to mind is the amount of hot, searchable data, as in the SIEM we had before we were only able to search back 90 days of hot, searchable data, whereas here we have 400 days worth, which has definitely improved our threat hunting capabilities."
"The drill-down reports capabilities allow analysts to click on any element in a widget. When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins."
"Because of the way Devo works, our onboarding time has shrunk by 50 percent at least."
"The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution."
"I'm so happy with the platform."
"Overall, Devo is awesome, but it's got some room to grow."
"The biggest strength of Elastic Stack is its brilliant archiving capabilities."
"Prior to the latest updates, data lake management was a standout feature. The hybrid capability for on-premise and cloud integration was also crucial. Now, with Elastic Defense, the agent simplifies security monitoring, making it a key asset."
"The tool is huge, and it performs brilliantly. I tested it for malware, and within two weeks of launching, the product alerted me about a network intrusion. This was a tough test for it, but it performed admirably. The alerting system is excellent, and searching through logs is incredibly efficient. What's impressive is that all three products or options are integrated into one solution. This means I don't need separate logging, monitoring, or antivirus solutions."
"The scripting model in Elastic Stack allows me to query logs and then put the data into Grafana."
"I have experienced a return on investment from the use of the solution."
"The centralized logging capabilities of Elastic Stack have helped me streamline my logging processes significantly because there are many open-source tools available, such as Filebeat and Logstash, to collect the logs."
"It supports various integrations. It's open source and has excellent community support."
"The detection rules in Elastic Stack are the most valuable feature. The search capabilities are excellent and fast. As we collect logs from workstations and devices, the detection rules run on top of the logs and detect any suspicious activity, raising alerts accordingly. Integration with Elastic Stack depends on the specific integration. Elastic provides some bridging integrations that make it easy, but require custom integration. Most integrations are simple, but customization can be challenging because we need to do some parsing. There's something called Elastic Common Schema, and we need to parse the source logs to match this schema, which can be a bit challenging."
 

Cons

"I would like to have the ability to create more complex dashboards."
"Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented."
"However, the incident and threat detection is not what we had hoped for."
"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring."
"The tools in Devo's active ports need enhancement in their investigative capabilities."
"Devo has a lot of cloud connectors, but they need to do a little bit of work there."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
"AI-enablement would be a big improvement in Elastic Stack...If there is room for an ML model in Elastic Stack, then it would be good."
"While Elastic Stack can manage vast amounts of data, if the mapping is not specified correctly, the indexing time can be slow, especially with many events per second."
"It lacks a clear NDR (Network Detection and Response) feature. If Elastic could enhance this aspect, it would significantly boost its capabilities."
"Elastic Stack should work on their dashboards and integration process."
"Improving integration capabilities, especially with authentication systems, firewalls, and security controls, is a crucial area for improvement in Elastic Stack. Additionally, enhancing functionality to handle large Yara queries more efficiently would be beneficial, as many EDR solutions can run such queries faster than Elastic Stack's current limitations."
"The main issue related to Elastic Stack is in the area of its licensing."
"It should facilitate easier manual integration."
"Agent deployment is a little tough in the on-premise version."
 

Pricing and Cost Advice

"[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
"Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
"Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
"Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
"Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
"It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less."
"It's very competitive. That was also a primary draw for us. Some of the licensing models with solutions like Splunk and Sentinel were attractive upfront, but there were so many micro-charges and services we would've had to add on to make them what we wanted. We had to include things like SOAR and extended capabilities, whereas all those capabilities are completely included with the Devo platform. I haven't seen any additional fee."
"I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
"I used the open-source version of Elastic Stack, because of which I did not have to pay anything."
"The pricing is reasonable."
"Ultimately, the pricing depends upon the capacity planning that the enterprise architect does."
"If I compare Elastic Stack to the other products in the market, I would say that the tool is available at a competitive price."
"The product is expensive."
"I rate the solution's pricing a six out of ten."
"It depends on the specifics, but generally, Elastic is economical for certain use cases."
"We are using the open-source community version of the product."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
8%
Computer Software Company
7%
Financial Services Firm
10%
Computer Software Company
9%
Government
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise12
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise3
Large Enterprise7
 

Questions from the Community

What is your experience regarding pricing and costs for Devo?
Pricing generally depends on the scale, data ingestion requirements, and integrations for what the enterprise monitoring needs. I have not been part of the procurement process, so I am not aware of...
What needs improvement with Devo?
One improvement area for Devo could be simplifying some configuration and improving the onboarding for new analysts because it is quite complex for fresher or new analysts who are handling Devo.UI ...
What is your primary use case for Devo?
Devo serves as our centralized log monitoring, threat investigation, alert monitoring, and security analytics platform. We use it to collect logs from multiple systems so we can correlate the event...
What is your experience regarding pricing and costs for Elastic Stack?
My experience with Elastic Stack pricing indicates that it is node-based. While I do not have complete pricing details, they are available online. If I choose Elastic Cloud, it includes licensing a...
What needs improvement with Elastic Stack?
I would like to improve Elastic Stack by addressing the current big problem we face with importing logs and log files, such as syslogs. To import these log files, we need to design the ingest pipel...
What is your primary use case for Elastic Stack?
Elastic Stack is primarily used for everything related to security, including security systems, checking the security system, and also servers and networks.
 

Comparisons

 

Overview

 

Sample Customers

United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Information Not Available
Find out what your peers are saying about Devo vs. Elastic Stack and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.