No more typing reviews! Try our Samantha, our new voice AI agent.

Elastic Observability vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Elastic Observability
Ranking in Log Management
16th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
29
Ranking in other categories
Application Performance Monitoring (APM) and Observability (11th), IT Infrastructure Monitoring (15th), Container Monitoring (5th), Cloud Monitoring Software (11th)
NetWitness Platform
Ranking in Log Management
38th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Security Information and Event Management (SIEM) (36th)
 

Mindshare comparison

As of July 2026, in the Log Management category, the mindshare of Elastic Observability is 1.2%, down from 1.4% compared to the previous year. The mindshare of NetWitness Platform is 1.1%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Mindshare Distribution
ProductMindshare (%)
Elastic Observability1.2%
NetWitness Platform1.1%
Other97.7%
Log Management
 

Featured Reviews

Mohammed-Abdelalim - PeerSpot reviewer
Assistant Vice President at QualityKiosk Technologies Pvt. Ltd.
Has provided powerful customization for unique monitoring needs but needs more out-of-the-box capabilities
In my opinion, the best features of Elastic Observability are their flexibility to integrate with other existing systems and the ability to build a unified monitoring tool that can integrate with existing ones and end-to-end user journeys which require a lot of customizations. The greatest feature in Elastic is the ability to customize. This is similar to my comments about customizable dashboards in Elastic because it's visible to the analyst. However, it's very great. Customizing these dashboards can meet the customer's specific use cases and specific stories that they have in their environment, their special environment that doesn't look like other environments. The dashboarding in Elastic is highly customizable to the level of logos. If the customer wants his company logo in the dashboard, it can be done.
reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Machine learning is the most valuable feature of this solution."
"The ability to ensure that the data is searchable and maintainable is highly valuable for our purposes."
"The solution has been stable in our usage."
"We can view and connect different sources to the dashboard using it."
"In addition to the fact that we are more proactive in the detection of incident before they occur, we can on one click see the request path from the customer to the backend."
"Elastic Observability is highly stable; we ingested nearly 170 million records in the system and we have tested it, and you get your reports and dashboards within a few seconds, so it doesn't take much time."
"I recommend Elastic Observability for its completeness of vision and wide ecosystem."
"It is very stable, and I would rate it ten out of ten based on my interaction with it."
"Over time, NetWitness Logs and Packets has matured from a boxed solution with multiple parts to the current, more streamlined version for which we only need the software license to put it up on our own cloud and deliver it to multiple clients."
"Integration is exceedingly minimal, since its project development is much easier than that of LogRythm or IBM."
"Overall, I feel that the product is very good and my biggest complaint is about their support."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"NetWitness Platform offers flexibility for deployment and robust integration capabilities."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The most valuable feature is the ability to write rules and triggers for network communication and then being able to investigate based on that, where you can see the payload and deconstruct the packets."
 

Cons

"With Elastic, you need to code and program more things compared to Dynatrace."
"If we had some pre-defined templates for observability that we could start using right away after deploying it – instead of having to build or to change some of the dashboards – that would be helpful."
"Improving code insight related to infrastructure and network, particularly focusing on aspects such as firewalls, switches, routers, and testing would be beneficial."
"Elastic APM's visualization is not that great compared to other tools. It's number of metrics is very low."
"Elastic Observability is an excellent product for monitoring and visibility, but it lacks predictive analytics. Most solutions are aligned with the AIOps requirements, but this piece is missing in Elastic and should be included."
"I am familiar with Azure Monitor, which I find more user-friendly compared to Elastic, which is a very technical tool."
"In the future, Elastic APM needs a portfolio iTool. They can provide an easy way to develop the custom UI for Kibana."
"One example is the inability to monitor very old databases with the newest version."
"The solution should have more integration capabilities with different platforms."
"Security needs improvement."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"I am not happy with the RSA support. Sometimes they can be really annoying because it takes so long to get the support that you need."
"Security needs improvement. We would still like to know how the traffic is entering the organization."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The log system is a bit complex and has room for improvement."
 

Pricing and Cost Advice

"Elastic Observability's pricing could be better for small-scale users."
"There are two types: cloud and SaaS. They charge based on data ingestion, ingest rate, hard retention, and warm retention. I believe it costs around $25,000 annually to ingest 30GB of data daily. That is the SaaS version. There is also a self-managed license where the customer manages their own infrastructure on-prem. In such cases, there are three license tiers that respectively cost $5,000 annually per node, $7,000 per node, and $12,500 per node."
"We will buy a premium license after POC."
"The product is not that cheap."
"Elastic Observability is cheaper than other similar solutions, such as Dynatrace. Its license calculation is based on various factors like data volume and physical infrastructure, particularly related to RAM capacity."
"The product’s pricing needs improvement."
"Users have to pay for some features, like the alerts on different channels, because they are unavailable in different source versions."
"The price of Elastic Observability is expensive."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"It is cheap."
"The product is expensive."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
"Our license is for one year."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"The licenses are good but the cost is very expensive."
"Compared to the competition, the is price is not that high."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
11%
Government
7%
Manufacturing Company
7%
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise16
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

What is your experience regarding pricing and costs for Elastic Observability?
The problem is their licensing model, which is a bit confusing. Many customers struggle to understand their total cost of ownership because Elastic licensing is not dependent on easy, quantifiable ...
What needs improvement with Elastic Observability?
After careful consideration about areas for improvement in Elastic Observability, aspects such as pricing, customization, implementation, and scalability could be improved. As a user of the system,...
What is your primary use case for Elastic Observability?
My use case for Elastic Observability is observability, as we upload our customers' data, including logs, and when there is an issue, we can analyze what went wrong.
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
 

Also Known As

No data available
RSA Security Analytics
 

Overview

 

Sample Customers

PSCU, Entel, VITAS, Mimecast, Barrett Steel, Butterfield Bank
Los Angeles World Airports, Reply
Find out what your peers are saying about Elastic Observability vs. NetWitness Platform and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.