Elastic Search Reviews

We use the solution mainly for logs today. There are other teams that use it for other use cases. We just use it for logging and logging search and these kinds of things.

The search capabilities are the best that we could find. It's great for searching for any text with wild cards inside the logs. It's very good. We have a very good performance, even with billions of registries.

The solution is stable and reliable. 

We have an issue with the volume of data that we can handle. When we have a lot of data, like 30 days of logs, the product becomes slow, and we had to reduce it to seven days. Now, we have only seven days of logging.

Logging and tracing are different and we have a problem when it comes to tracing things. If we could have some feature related to tracing between microservices or between any sort of logging, that would be nice.

We've been using the solution for three or four years. We've used it since 2019.

This is a very stable solution. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.

It's scalable in the sense of pods or quantity or numbers of requests, yet not so scalable when considering persistence. We can't handle too much long-term data.

We have at least 500 people using the solution right now.

As a bank, we have some constraints around using and adding new tools. It's very difficult to change stacks. Therefore, we have no plans to stop using the solution anytime soon. 

I've never directly worked with technical support. We have our own support comprised of our own employees. I do not deal with external support services.

We did no previously use a different solution. 

I can't speak to the initial setup. The infrastructure team handled the setup. I did not implement it directly.

It is my understanding we needed three or four engineers to handle the deployment and maintenance process. 

I do not have any details about the cost or licensing. That said, the cost is public, and likely, someone can search for the approximate costs online. 

We are a customer.

I'm not sure which version we're using. I'm from the development team. The people who are doing the configuring work would know the version.

I'd rate the solution seven out of ten. It is a good solution, yet not quite perfect.

We use the solution to monitor our website and APIs request and response cycle, also for log aggregation. We also used it for APM and searching for slow and database queries. 

It helped a lot in identifying bottlenecks and events happening simultaneously among several services, since we can aggregate the logs into a single repository of data

I am impressed with the product's Logstash. The tool is fast and customizable. You can build beautiful dashboards Kibana using Logstash as data source. It is useful and reliable. 

It was not possible to use authentication three years back. You needed to buy the product's services for authentication. 

I have been working with the product for three years. 

The tool itself is stable but depends on your infrastructure. If you have slow disks, the searches tend to take more time. If you need more data retention, be sure to keep an eye on disk space. Otherwise, the service crashes easily.

The tool's scalability is tied to your infrastructure. You need to have the money and resources to scale your infrastructure. To scale up, you need faster disks and more servers.  My company had 15 users using the product for a small API, and the cost was not so high.

The product's tech support is very helpful and skilled.

Positive

The product's setup is difficult, since you need at least 5 servers in a distributed topology to achieve its full potential: 3 machines for elasticsearch, 1 for logstash and another for kibana

In house

"The tool is an open-source product, but you have to self-host it and you need specialized personnel to maintain it.

If you are self hosting the solution, you need to take care of indexes and understand cluster sharding and distributed systems' election system

We are using the solution for our products. We are keeping some DBs where we are doing pattern searches. On the application side, we are keeping those in Elastic and a huge amount of data for our different product lines.

The way we access it is great.

The scalability that Elastic is providing is quite useful. 

We can do a lot of archiving. 

It is stable. 

The technical support is quite good. 

The cost is too high once you deploy the solution. 

They're making changes in their architecture too frequently. We'd like less frequent updates. 

I've been using the solution for five or six years. 

The solution is quite stable. There are no bugs or glitches. It doesn't crash. It is reliable. 

It's a scalable solution. We can expand it if needed. We have 50 to 60 users on the solution right now. We do not have plans to increase usage at this time. 

We've dealt with technical support in the past and have had very positive experiences. We are satisfied with the level of support we get. 

Positive

The initial setup has a moderate amount of difficulty. It's not simple and not overly complex. 

Since we are paying more for the license, we have not seen a very high ROI. 

The developer and tester licenses are one thing that is not hurting us. However, the deployment license cost is very, very high for Elastic.

We did look at other options five or six years ago. We chose Elastic for multiple reasons in the end. 

I would recommend the solution to others. 

I'd rate the solution nine out of ten. 

Our company uses the solution for centralized logging and monitoring. We have slowly moved our Stackdriver to the solution as a cost-cutting measure. 

We have more than 100 technicians using the solution. 

The observability is the best available because it provides granular insights that identify reasons for defects. The observability is more powerful than Grafana because it is so granular.

The UI point of view is not very powerful because it is dependent on Kibana. This can be a struggle because it is not clear where observability features such as logging originate. The UI visualization could be more interesting.

For example, a centralized login for a strike driver only provides two choices for viewing. You can either view the log for an individual system or view the log at the centralized level. A more granular approach with locations, pods, and servers is preferred. 

For comparison, Stackdriver is awesome because it includes all information with respect to the UI point of view. 

I have been using the solution for a few months. 

We are still exploring the solution but find it to be very stable at the enterprise level. It is not a new product, its stability is trusted, and it is well suited for enterprise applications. Extra features are released with no stability issues. 

The solution is definitely scalable and that is one of the reasons we moved from Grafana. We use Spring Boot but the Spring Actuator's micrometer does not scale properly and is very slow. The solution can scale and manage all our monitoring needs in one place. 

Our team is able to solve issues so we do not need technical support. 

I previously used Stackdriver. 

The initial setup is difficult because the solution is an independent product that requires integration with the running system. A one-time configuration is needed for both cloud and on-premises systems. This is common for independent products so is not a big deal for our company. 

For comparison, Stackdriver is already built in the GCP so there is minimal configuration when deploying services in the GCP environment. 

We implemented the solution in-house. 

The solution is less expensive than Stackdriver and Grafana. 

Our company has a relationship with Google so we explored Stackdriver. Its monitoring and logging capabilities are interesting but observability is not that good and it is a bit costly. 

We slowly moved our logging dependencies from Stackdriver. Sometimes we used Splunk but we also used the solution and Grafana because our product is a bit dependent on Spring Boot. 

We found that the solution is more powerful than Grafana with respect to observability and it is more cost effective. 

When using the solution, it is important to understanding indexing concepts and the proper way to search logs from a visualization point of view. These two items work together internally to produce logs that can be filtered to specifications. 

I rate the solution an eight out of ten. 

We use the solution for log gathering, analyzing, and dashboard creation (with Kibana).

For example, several clients require the ability to store and search logs freely without the constrictions that would be in place if a traditional database was used. 

Elasticsearch is perfect for these use cases since it is a non-SQL database with advanced querying capabilities based on the Lucene search engine. 

There is excellent support and a large community that answers possible questions online in detail and very quickly. I was amazed at the help I got several times.

It gave us a tool to perform queries on unstructured data that had no fixed schema/form. This alone was a great asset, especially when dealing with clients that have large datasets from various sources that each follow their own format. 

It gives us the possibility to store and query this data and also do this efficiently and securely and without delays. 

Moreover, its learning curve was not steep. Therefore, no training was required - or at least no significant amount of time was consumed for training activities.

The ability to store unstructured data and perform fast searches that could be customized in detail is quite helpful. This is also a direct request from more and more customers. The Lucene search engine provides the needed speed. In larger projects with multiple nodes, disaster recovery and prevention is an asset (and it is needless to explain why). 

AI and machine learning capabilities have also emerged as a direct result of requests from customers. The addition of these features is useful and also can provide advanced security capabilities (such as tracking unusual behavior detection in logs).

Dashboards could be more flexible, and it would be nice to provide more drill-down capabilities. 

Although the discover function offers exploratory capabilities and one can search for various patterns in logs, the ability to do this from the dashboard function would be very useful. It would make the procedure more simple for the end user, and require less training. It would also be pretty much self-explanatory (drill down and explore specific parts of the diagram/dashboard). 

Also, more predictive analytics would be a nice-to-have feature.

I have been using the product for about two years.

The stability can be impressive.

The scalability is very good.

Technical support is excellent!

Positive

I have used Prometheus and Grafana. They do not offer the capabilities of ELK and their focus is different.

The setup is straightforward - although Logstash needed extra care in Windows VM installations.

We handled the setup in-house.

We have seen an ROI of 50% at least.

I'd advise people to involve a team with people from different departments in order to predict the correct scale.

Loki seems to be an alternative with fewer capabilities.

Logstash seems to have a very small capability to report errors, and that makes it difficult to troubleshoot. It would be nice to get some indication so as to save time.

It's a cloud-based service. At that time, we were using AWS, so we could get the same Elasticsearch capabilities from AWS. It was mostly a PaaS service that we could access. We had the Elasticsearch specific server and database hosted on an AWS instance, and then we fed the data to it and tried to fine-tune the algorithm to give the necessary search intelligence that we needed.

We're not using the latest version. We're using a version that was released one year ago.

The whole organization has about half a million users, but at any point of time, a hundred users might be using it.

The AI-based attribute tagging is a valuable feature. It passes through text data and identifies the tag-words and keywords and connects them to various attributes in the whole system. The system was supposed to run through a lot of existing data in terms of which tag-words would reflect which keywords. There was a model built on top of that. We were building a machine-learning model, which passed through all of the data and did the necessary attribute tagging. We couldn't find attribute tagging in other services.

We initially tried to do it in-house, but we couldn't get the accuracy that we wanted. Elasticsearch was quite efficient in terms of getting accuracy with the limited amount of data that we had. We had 10,000 to 20,000 records. Based on that, we had a good amount of accuracy, which we were happy with. There's a lot we can do with customization.

The documentation regarding customization could be better. Other than that, Elasticsearch has very good documentation. We can get a lot of information from forums.

I have worked with this solution for six months. 

The solution is stable.

As far as what we could accomplish, it was scalable, but we didn't have a lot of data that needed to be processed. We had 10,000 records and it was scalable.

We have reached out to tech support when we have had queries, and they respond in time. We didn't have an escalation process, but we had a lot of queries.

We chose Elasticsearch because we could build a model in a short amount of time. It allows us to build a whole setup in one month and get 93% accuracy. Even if you look at the complex AI-based features that we built within a shorter span, we could build that model with high accuracy, which wasn't possible with other search enterprise vendors that we used.

Setup was a little complex, but we had in-house expertise.

The solution needs regular fine-tuning in terms of the data model. As we get more and more data into the system, the predictability and accuracy of the output keeps changing. On the application and DB side, it was fine. Not a lot of maintenance was required.

Deployment was done in-house.

The solution is affordable. Previously, we wasted a lot of time by building our own system, which we could have avoided by moving to Elasticsearch earlier.

I would rate Elasticsearch as eight out of ten. 

Elasticsearch provides a lot of possibilities. You need to understand your requirements and how Elasticsearch can fulfill them. Somebody might be looking at a simple keyword service or attribute tagging. If you don't understand exactly what you're looking for, you'll get lost in their options and waste a lot of time.

The solution satisfies our business needs.

The most valuable feature of Elastic Enterprise Search is user behavior analysis.

Elastic Enterprise Search could improve the report templates.

I have been using Elastic Enterprise Search for a while.

Elastic Enterprise Search is stable.

The scalability of Elastic Enterprise Search is good.

I have not contacted the support from the vendor.

Elastic Enterprise Search is of a moderate range of difficulty, it is not difficult and not easy.

We are paying $1,500 a month to use the solution. If you want to have endpoint protection you need to pay more.

I rate the price of Elastic Enterprise Search a three out of five.

My advice to others is for them to make sure this solution satisfies their business needs because there are many solutions and providers, with a lot of options. There are solutions that have a lot of features that the business might not need and it is not good for the business to waste money on features not used. It was recommended by many peers not to seek many options in a solution that you are not going to use, and to concentrate on what is needed.

I rate Elastic Enterprise Search a seven out of ten.

I am an end user, and we use Elasticsearch for our logs. Specifically, we use it for security logs for our enterprise, including machines, networks, and endpoints, as part of our IT infrastructure.

We have been able to collect our live logs, which helps us run security operations more effectively. It has enabled us to identify false positives and detect real-time malicious activities in the network.

The security portion of Elasticsearch is particularly beneficial, allowing me to view and analyze security alerts. It serves as a query engine for the database, enabling us to analyze logs for potential threats.

An improvement would be to have an interface that allows easier navigation and tracing of logs. The current system requires manually inputting dates to verify alerts. A visual timeline that pinpoints possible anomalies would be beneficial.

I have been using Elasticsearch for approximately one year.

I would rate the stability of the solution as nine out of ten. It is very robust.

I would rate the scalability as either nine out of ten. It's a very robust solution.

I do not interface directly with technical support from Elastic. Another colleague manages that aspect.

Positive

We did not use any different solution before Elasticsearch.

I was not involved in the setup process. Our architects and technical officer managed it.

I am not directly involved with pricing or setup costs. While I know a portion is open-source, a paid version might be necessary.

It was not my duty to evaluate other options. The architects and chief technical officer handled those decisions.

For someone wanting to be a security analyst, Elasticsearch is a valuable tool. It helps organizations collect large amounts of logs from various platforms like Windows, Ubuntu, and Palo Alto Networks.

I'd rate the solution eight out of ten.