No more typing reviews! Try our Samantha, our new voice AI agent.

Elastic Security vs Logstash comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Elastic Security
Ranking in Log Management
11th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
66
Ranking in other categories
Security Information and Event Management (SIEM) (7th), Endpoint Detection and Response (EDR) (15th), Security Orchestration Automation and Response (SOAR) (10th), Extended Detection and Response (XDR) (12th)
Logstash
Ranking in Log Management
30th
Average Rating
9.0
Reviews Sentiment
5.6
Number of Reviews
5
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Log Management category, the mindshare of Elastic Security is 3.4%, up from 3.0% compared to the previous year. The mindshare of Logstash is 0.8%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Mindshare Distribution
ProductMindshare (%)
Elastic Security3.4%
Logstash0.8%
Other95.8%
Log Management
 

Featured Reviews

Laurentiu Popescu - PeerSpot reviewer
Chief Product Officer at ClusterPower
Has improved threat detection with deep log analysis and streamlined investigation workflows
The most useful features I find in Elastic Security are the forensic ones that allow us to carry deeper analysis into the logs for in-depth investigations, and the dashboards, with the reporting dashboard being quite user-friendly. Elastic Security is quite good at identifying threats, as it is part of the deep investigation tool that I mentioned before. Unless we need to look further into a certain log, we can carry out a deeper analysis and forensics on those particular logs. I can assess the impact of Elastic Security's real-time data analysis on our threat response efficiency as working pretty good. We are looking for real-time analysis because we have a continuous inflow of logs from different sources: from our cloud, from Active Directory, from our network. So it works pretty well.
reviewer2727468 - PeerSpot reviewer
Senior Application Engineer at a comms service provider with 11-50 employees
Transforms logs for real-time insights and seamless reporting
Logstash is used for transforming logs, and you can use many plugins in Logstash. Logstash works with configuration files that contain three main parts: an input part, a filter part, and an output part. In the input part, we can take logs from many sources such as Beats, files, or Kafka. The filter part is used to filter the logs that are shipped from Beats. From my understanding and experience with Logstash, it is usually used for processing logic, meaning I can control what fields should be transferred to Elastic and what fields shouldn't be transferred. This is the main function I use Logstash for. Elastic is a famous open-source searching engine that helps operation teams speed up the investigation process and provides real-time insights for performance reporting.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The performance is good and it is faster than IBM QRadar."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"Elastic Security offers advanced features such as machine learning and integration with ChatGPT."
"The stability of the solution is good."
"The most valuable feature is the speed, as it responds in a very short time."
"Elastic Security helps improve the security posture of Pakistan through centralized visibility and real-time processing."
"Elastic Security is applied within my cyber defense strategy by utilizing many modules such as EDR, GenAI, SOAR module and combines with the SIEM module."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"Logstash has numerous plugins for inputs and outputs, allowing it to work well in environments that do not contain other Elastic components."
"We have three or four Logstash servers for high availability."
"Everything aligns well with improving our organization."
"I can collect logs from various data sources, including hardware."
"The functionality of Logstash is quite easy to implement and the plugin ecosystem of Logstash is great, with plugins for shell script monitoring and SQL monitoring working well with the tool."
"The transformation means we ship the logs in the way that we want them to be presented in Kibana, which is the main function we use Logstash for."
 

Cons

"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"We find that solutions such as Dynatrace and Datadog offer much more functionality, perhaps due to the fact that they are more mature."
"Continuous upgrades can be quite inconvenient. My security testing team continuously reports vulnerabilities, and we have to fix and update the versions frequently."
"Configuring the server is difficult and can be improved."
"The solution does not have a UI and this is one of the reasons we are looking for another solution."
"Their visuals and graphs need to be better."
"The solution's basic setup takes time, and a lot of effort is required from the beginning to make it actually work."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"Elastic does not provide proper support for Logstash worldwide, and I rate their technical support as one out of ten."
"There can be a UI to implement with Logstash. Currently, I have to work with config files and everything."
"An enhancement we could implement is the ability to cluster Logstash to exist in more than one node."
"Almost all the research can be very bad. We still have a problem with importing the log system."
"The product needs to improve its compatibility."
 

Pricing and Cost Advice

"There is no charge for using the open-source version."
"The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."
"Elastic Stack is an open-source tool. You don't have to pay anything for the components."
"The product offers an amazing pricing structure. Price-wise, the product is very competitive."
"We use the open-source version, so there is no charge for this solution."
"The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000."
"I can say that the product is cheaply priced."
"This is an open-source product, so there are no costs."
Information not available
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Comms Service Provider
9%
Financial Services Firm
9%
Government
8%
Manufacturing Company
8%
Financial Services Firm
17%
Manufacturing Company
8%
Comms Service Provider
7%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business40
Midsize Enterprise12
Large Enterprise15
No data available
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What is your experience regarding pricing and costs for Elastic Security?
I am satisfied with the pricing, setup cost, and licensing cost. It is a pure 10.
What needs improvement with Elastic Security?
I do not have any specific recommendations for improvements in Elastic Security, but I feel that the AI module should get more mature. These machine learning algorithms become better with time; as ...
What needs improvement with Logstash?
Customization can be automated with Logstash, but it is at the developer's disposal. The developer has to do it, not the tool as such. There is scope for optimization, but that is all outside the t...
What is your primary use case for Logstash?
The purposes for which I am using Logstash largely include log aggregation and application monitoring.
What advice do you have for others considering Logstash?
I am using Logstash for log management and also implement it. Logstash can be deployed both on-cloud and on-premises. On a scale of 1-10, I rate Logstash an 8.
 

Comparisons

 

Also Known As

Elastic SIEM, ELK Logstash
No data available
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Information Not Available
Find out what your peers are saying about Elastic Security vs. Logstash and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.