IT Central Station is now PeerSpot: Here's why

Elastic Security OverviewUNIXBusinessApplication

Elastic Security is #5 ranked solution in top Security Information and Event Management (SIEM) tools, #7 ranked solution in Log Management Software, and #9 ranked solution in EDR tools. PeerSpot users give Elastic Security an average rating of 8 out of 10. Elastic Security is most commonly compared to Splunk: Elastic Security vs Splunk. Elastic Security is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 26% of all views.
What is Elastic Security?
Unify SIEM, endpoint security, and cloud security
Elastic Security modernizes security operations — enabling analytics across years of data, automating key processes, and bringing native endpoint security to every host.
Elastic Security equips teams to prevent, detect, and respond to threats at cloud speed and scale — securing business operations with a unified, open platform.

Elastic Security was previously known as Elastic SIEM, ELK Logstash.

Elastic Security Buyer's Guide

Download the Elastic Security Buyer's Guide including reviews and more. Updated: May 2022

Elastic Security Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care

Elastic Security Video

Elastic Security Pricing Advice

What users are saying about Elastic Security pricing:
  • "It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."
  • "Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year. I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement."
  • Elastic Security Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    CharlesNetshivhera - PeerSpot reviewer
    Senior DevOps Engineer at a financial services firm with 10,001+ employees
    Real User
    Top 5
    It is quite comprehensive and you're able to do a lot of tasks
    Pros and Cons
    • "The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
    • "We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."

    What is our primary use case?

    It is currently deployed as a single instance, but we are currently looking at clusters. We are using it for a logging solution. I'm a developer and act as a server engineer for DevOps Engineers. It's used by developers and mobile developers. It could be used by quite a few different teams.

    How has it helped my organization?

    It is quite comprehensive, and you're able to do a lot of tasks. It has dashboards and we're able to create a lot of search queries. It is not easy to use, but once you get the hang of it, then it provides good graphs and visuals such as these. The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash.

    What is most valuable?

    In terms of query resolution, error searching finding and production issues, we're able to find issues quicker. We don't need to manually obtain the logging reports. All bugs in code are quickly identified in the logs as they are in one centralized logging location.

    What needs improvement?

    We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised. We are planning to go into the production to use the enterprise edition, we just wanted to check how this one works first.  I think maybe on the last exercise part, I think the index rotation can be improved. It's something that they need to work on. It can be complex on how the index, all the logs that have been ingested, the index rotation can be challenging, so if they can work on that. In terms of ingestion, I think they should look at incorporating all operating systems. It should be easy to collect logs from different sources without a workaround to push the logs into the system. For example, in AIX, there's no direct log shipper so you do need to do a bit of tweaking there.
    Buyer's Guide
    Elastic Security
    May 2022
    Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
    598,116 professionals have used our research since 2012.

    For how long have I used the solution?

    We have been using ELK Logstash for three years or so. We believe we are using the latest version. 

    What do I think about the stability of the solution?

    The solution is quite stable, although it does need a bit of maintenance, and because there is quite a lot of plugins that come with it. There's a lot of testing that is involved to ensure that nothing breaks.

    What do I think about the scalability of the solution?

    The solution is scalable. So you're able to extend it and grow it. For example, you're able to put it in a cluster, so it is quite scalable.

    How are customer service and support?

    I have used the technical support. Their forums are quite good in terms of response. There is quite a big community of forums, where you can get similar question or issues that others have experienced issues previously. Even then direct support is quite good. They also have regional support. 

    Which solution did I use previously and why did I switch?

    Logging solution previously, but mainly I've been using Graylog and ELK. Graylog gives you centralized logging. It's built for a logging solution, whereas ELK is designed and built for more big data. If you want to go in deeper into analytics, ELK gives you that flexibility and out of the box models. The two solutions are widely used by a lot of bigger clients in the industry and they've been tried and tested.

    How was the initial setup?

    With ELK, installation is not really straightforward. There are about three applications to consider. It's quite intense in terms of set up, but once you've done the setup, then it's nice and smooth. The implementation took about 3 weeks, but that is because I was doing it in between other projects. We used an implementation plan. It was deployed to the development environment, then the Point of Concept (POC) environments. It was then deployed into the production environment.

    What about the implementation team?

    We implemented the solution in-house. There were no third parties involved. For deployment and maintenance, we just need about two to three people and the role is known as maintenance and installation.

    What's my experience with pricing, setup cost, and licensing?

    We're using the open-source solution, So there are no-cost implications on it, but we are planning to use it throughout the organization. So, we will soon adopt the open-source model and depending on if there is a need for enterprise then we'll go down the enterprise route. If you need a lasting solution, you do need to buy the license for the OLED plugin. The free version comes fully standard and has everything that you need. It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin. 

    Which other solutions did I evaluate?

    We also have Graylog, for Graylog we're using it in parallel for a similar solution. At the moment, we're basically just comparing the two and see which one is preferred.

    What other advice do I have?

    Do a POC first. They should compare solutions and also look at different log formats they're trying to ingest. See how it really fits with the use case. This goes for ELK and Graylog. You can trial the enterprise version. In terms of lessons learned it does need some time and resources. It also needs adequate planning. You need to follow the documentation clearly and properly. I would give this solution 8 out of 10. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    IT at a tech vendor with 10,001+ employees
    Real User
    Top 20
    Easy to set up with a helpful community and a good dashboard tutor
    Pros and Cons
    • "The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
    • "The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."

    What is our primary use case?

    We primarily use the solution to have a correlation on all the Windows event logs. We use it more for forensic purposes now. We are looking for something which will be a more proactive product for us and be able to detect any threats and take automatic action.

    What is most valuable?

    All of the features on the solution are useful due to the fact that I have the full Stack, therefore I can collect and then visualize. We have the dashboard tutor as well.

    The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes.

    What needs improvement?

    The solution is lacking some features of AI and machine learning. There may be a feature out there we are not using or maybe it's on a different solution, however, having more AI would be so helpful for us.

    The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that.

    I know there are some features which are coming, and which is already available. To be honest, I haven't had any time to play around and check what could be the advantages of them. Compared to other products, already the features available - and there are lots of things which are provided - are quite useful. We are not managing it. We're only using it. For us, if we had the technical skills to manage the solution, we might be able to see and understand a few features that we're not already taking advantage of.

    For how long have I used the solution?

    I've been using the solution for three years.

    What do I think about the scalability of the solution?

    The solution is scalable for us now, although it didn't start that way.

    We have about 50 users between SecOps and the Microsoft team. The network team of between 50 and 100 people are using it on a regular basis.

    How are customer service and technical support?

    I never had to be in contact with technical support. I mainly rely on the communities around the solution and that is where I find almost all of the information I need. They're great. There's lots of information available that helps you troubleshoot issues.

    Which solution did I use previously and why did I switch?

    We previously used a product from Quest Software called Change Auditor. We actually didn't switch off this solution. We use both Quest and ELK in our organization.

    The main difference is that one you have to pay for, while the other one is much cheaper and if you don't need all the features, you can use it for free.

    ELK has much more information, as well. You can grab much more information with ELK than you can with Change Auditor, without adding any additional modules.

    How was the initial setup?

    The initial setup as I recall was pretty easy. However, I moved to an infrastructure that had a connection to a second ELK instance that I am not managing.

    The settings on that instance are more complex than my initial setup. 

    I am not a specialist in big data infrastructure. I am a process engineer. You need some dedicated and well-trained people as soon as you have a large infrastructure and you are sending a lot of events to the elastic instance so that it is performed correctly. That's always the challenge you have with on-premise infrastructure.

    What's my experience with pricing, setup cost, and licensing?

    I'm not sure how much the company pays to use ELK. It's not part of the job that I handle.

    What other advice do I have?

    We're ELK customers. Mostly I'm a specialist on the infrastructure of the solution.

    The solution is perfect as long as you are using it for forensics. In terms of threat detection, it could be better. There could be another product that is more appropriate for that aspect.

    I'd rate the solution eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Elastic Security
    May 2022
    Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
    598,116 professionals have used our research since 2012.
    Consultant at a computer software company with 5,001-10,000 employees
    Real User
    Top 5Leaderboard
    Fast, highly scalable, and agents don't overload the terminals, but needs a simulation environment, a mobile app, and better documentation
    Pros and Cons
    • "It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
    • "Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
    • "There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
    • "Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."

    What is our primary use case?

    There are around 150 pre-built use cases. One of the major use cases is when somebody tries to fiddle with logs, Elastic SIEM creates an alert because logs are the most critical things from the security aspect. For example, I have more than 1,000 terminals, which can be desktops, laptops, or any sort of servers. If somebody tries to delete Windows logs, Elastic SIEM immediately generates an alert indicating that somebody is trying to fiddle with the logs. Elastic SIEM sends me a pop-up message as well as an email.

    What is most valuable?

    It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast.

    Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals. 

    What needs improvement?

    There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other competitors provide a simulation environment so that I can simulate an IT attack and see how my solution is reacting or giving me alerts. I have not found any such feature in Elastic.

    Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM. This is something missing in Elastic. There is no mobile app.

    Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. The documentation should be more precise and much better than what their counterparts are offering.

    When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price.

    What do I think about the stability of the solution?

    It is, for sure, reliable.

    What do I think about the scalability of the solution?

    It is highly scalable. We at least have two dozen people who are using it. Some people may be using only a part of it, and some may be fully involved in it.

    We have plans to increase its usage. We are ready with a running full-fledged server, and we can even handle data for potential customers. We are definitely planning to widen its usage.

    How are customer service and technical support?

    I have interacted with them. They are quite responsive, and they do respond within the SLA.

    How was the initial setup?

    I was not there when the deployment was done, but based on what I have heard, it was complex because of the server deployment and cluster formation, and it took at least two months.

    What's my experience with pricing, setup cost, and licensing?

    Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year.

    I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement.

    Which other solutions did I evaluate?

    I was not in this company when this was chosen.

    What other advice do I have?

    I would advise going for the latest version, but it may or may not be backward compatible. Nowadays, version 7.12 is the latest version, and I see that it is actually not compatible with the older versions. 

    I would rate Elastic SIEM a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Senior Tech Engineer at a tech services company with 1,001-5,000 employees
    Real User
    Top 20
    Easy to set up, reasonably priced, and offers good integration
    Pros and Cons
    • "The cost is reasonable. It's not overly pricey."
    • "This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."

    What is our primary use case?

    In general, the solution is working together with Open Shift's deployment for the continuous delivery of many projects. This product takes the metrics and checks the log for components that Open Shift deploys. We work with the observation team that monitors the entire company to understand what can be observed and analyzed. 

    What is most valuable?

    The solution is able to handle searches quickly and efficiently. It's much faster than other solutions we've tried. It spends far less time on searches related to capacity and indexing information.

    The possibility to stack, locate, and search with your indexing feature at a high rate of speed is its best feature. 

    It helps that the solution can work together with the infrastructure agents to get the metrics we need. 

    The integration is quite good.

    The initial setup is not difficult. It's easy to set up and customize. It's a strong selling point for the solution. 

    It's easy to collect the data.

    The documentation is big. It's very well documented.

    It's working and easy to work with.

    The cost is reasonable. It's not overly pricey.

    What needs improvement?

    This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage.

    We need to be able to monitor from any location in the world and any location in the company. We find that solutions such as Dynatrace and Datadog offer much more functionality, perhaps due to the fact that they are more mature.

    The solution needs to integrate more AI capabilities, specifically to assist in anomaly detection.

    The instrumentation of APM can be enhanced; can be better. It's not automated. It's a very manual process. This ends up being more costly for us. Dynatrace and Datadog are better in this area.

    The support on offer could be much better.

    For how long have I used the solution?

    I've been using the solution for the last six months at this point. It hasn't been an extremely long amount of time just yet.

    What do I think about the stability of the solution?

    The stability has been pretty good. It's reliable. There aren't bugs or glitches. it doesn't crash or freeze. I'd describe it as 95% stable overall.

    What do I think about the scalability of the solution?

    We haven't really done any scaling. We only have had an environment with a small cluster on-premises and we can't really test it for scalability. We have no more than four servers for the platform and never really needed to expand anything.

    The solution may be used by around 1,000 people in our organization.

    How are customer service and technical support?

    Technical support could be a lot better. They should offer online chat functionality so that we can get answers to questions right away. It would make troubleshooting a lot faster and less cumbersome.

    We've had some troubles, and when we do, we need to open a ticket to get it resolved, which takes some time.

    That said, it does offer very good documentation and their knowledge is very good when you do interact with them.

    How was the initial setup?

    The initial setup is easy. It's not complex or difficult. It's pretty straightforward.

    It's very easy to set everything up and configure it on-premises.

    The deployment only took an hour or two. We only deployed to one environment. It was pretty fast.

    What's my experience with pricing, setup cost, and licensing?

    The cost is pretty low. It is not open-source, however.

    What other advice do I have?

    We are just customers and end-users.

    I would advise others to use this solution. It's relatively low cost and the implementation is quick, giving you results faster. 

    I would rate the solution at an eight out of ten overall.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Haitham AL-Sarmi - PeerSpot reviewer
    Information Security Analyst at a financial services firm with 1,001-5,000 employees
    Real User
    Top 5
    Open-source with good machine learning but users need to be specialized
    Pros and Cons
    • "ELK is open-source, and it will give you the framework you need to build everything from scratch."
    • "There isn't really a very good user experience. You need a lot of training."

    What is most valuable?

    Overall, the solution is good.

    The machine learning aspect of the solution has been great.

    The deployment is not that complicated.

    ELK is open-source, and it will give you the framework you need to build everything from scratch.

    What needs improvement?

    The SIEM modules in Logstash, need more improvement. In the future, the modules could be more advanced as right now there are only very basic modules.

    We are facing an issue with the engineers. In the region, there are not many available. Only a few people might be available in our particular region, which is a problem. 

    There isn't really a very good user experience. You need a lot of training. There is an interface with limited options. You need to work with the coding and you need to work with the scripts. It's not simple. If you want to configure something, for example, you need to be a proper programmer.

    It would ideal if they had a dashboard. Right now, the only way to see what you need to see is to go through all of the logs. 

    For how long have I used the solution?

    I've used the solution for one and a half years.

    What do I think about the stability of the solution?

    The stability of the solution is good. However, it depends on the configurations. If the solution is configured properly from the beginning, it will be stable. However, if the solution is not configured from beginning properly, it will not be. This is due to the fact that ELK Elasticsearch gives you the framework only, and the customizations depend on the guys who will be coming to configure everything for the company.

    What do I think about the scalability of the solution?

    The scalability is good, however, there is a certain level of skill that is needed. Due to the lack of trained engineers in the area, this could be a challenge.

    How are customer service and support?

    We've reached out to technical support in the past. We found that sometimes communication with them was difficult as there was a lack of understanding. This means that it takes a longer time to reach a resolution. However, in the end, when we have had issues, we were able to resolve them, even if it was a bit delayed. 

    Which solution did I use previously and why did I switch?

    I've also worked with LogRhythm and there is no comparison. LogRhythm is the best solution for me. The use cases are better and are readily available. In contrast, with ELK, we need to deploy a lot of things. We need to program people and we need skills and training. We need a lot of things. Even the LogRhythm training is easier than ELK. With ELK, you need to build the customization, rules, everything, from scratch. WithLogRhythm, you just have to enable features.

    If a company wants some more specific detailed use cases, then ELK would be better than LogRhythm, however, for a generic use case, LogRhythm is better.

    How was the initial setup?

    The initial setup is pretty simple and straightforward. It's not overly complex. 

    That said, it does require trained specialists, and there just aren't that many in our area. 

    Overall, I would rate the setup process at a two out of five. 

    The configuration must be done correctly, and that depends on who is configuring it. If the person configuring it, for example, only has an administrator background, he will configure the administrator stuff. If he has a security background, he will configure for security.

    What other advice do I have?

    We are a partner. 

    I'd advise others considering the solution that ELK is a good solution, however, it requires skills and capability. You need to be properly trained with it to get the most out of it. 

    I would rate the solution at a five out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Consultant at a computer software company with 5,001-10,000 employees
    Real User
    Top 5Leaderboard
    Easy and quick to set up, and the runtime performance is good
    Pros and Cons
    • "The most valuable feature is the speed, as it responds in a very short time."
    • "The training that is offered for Elastic is in need of improvement because there is no depth to it."

    What is our primary use case?

    This is a log aggregation tool and we are using it for security purposes.

    There are 145 pre-built use cases, but we are still making some ourselves. One we built is an alarm for log deletion. For example, if a hacker tries to delete the log from a bank machine then it will raise an alarm immediately. A second use case is an alert for too many false login attempts, perhaps indicating a brute-force attack.

    What is most valuable?

    The most valuable feature is the speed, as it responds in a very short time. I think that the alerts are generated in less than a minute.

    It is very easy to set up and doesn't take much time.

    What needs improvement?

    There are sensors called beats that have to be installed on all of the client machines, and there are seven or eight of them. As it is now, each beat needs to be configured separately, which can be quite hectic if my client has 1000+ machines. It would take a considerable period of time for us to complete the installation. They have begun working on this in the form of agents, which is a centralized management tool wherein all beats will be installed in a single stroke.

    The training that is offered for Elastic is in need of improvement because there is no depth to it. It hardly takes 15 or 20 minutes to complete a training session that they say will take two hours to finish. Clearly, something is missing. If a new engineer wants to work with Elastic then it is really very hard for them to understand the technology. 

    For how long have I used the solution?

    I have been using Elastic SIEM for two or three months.

    What do I think about the stability of the solution?

    This is a stable system and it has never crashed.

    What do I think about the scalability of the solution?

    Elastic SIEM is definitely stable. We have just started working on it, so we have no more than perhaps 100 users at this point. At the same time, we are confident that it can be scaled up to any extent.

    How are customer service and technical support?

    I am satisfied with the technical support.

    How was the initial setup?

    The initial setup is easy. The length of time for deployment on a machine depends on the configuration that is required. If it uses all 145 use cases then it will take a long time. If on the other hand there are only a small set of use cases, it will be very quick. I would say that it takes no more than 30 minutes to install one.

    Which other solutions did I evaluate?

    I have personally worked with Splunk in the past, but here at this company, they only use Elastic. I believe that one of the major differences between these two is the pricing model. With Splunk, it depends on how much data we are ingesting. For us, it is approximately 500 GB per day. Elastic has a different pricing system that is ultimately cheaper.

    One of the advantages of Splunk is that they offer extensive training that is free of cost.

    What other advice do I have?

    My advice to anybody who is considering this product is that it is a very competitive tool that is very new in the market and the vendor is doing their best to improve services. I highly recommend it and suggest that people choose it without a second thought.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    Devops/SRE tech lead at a transportation company with 201-500 employees
    Real User
    Top 20
    Scalable with good logging functionality and good stability
    Pros and Cons
    • "The solution is quite stable. The performance has been good."
    • "The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."

    What is our primary use case?

    We do not use monitoring due to the fact that we use Prometheus for monitoring. We don't use APM and so on. We use ELK only for logging.

    What is most valuable?

    The solution has very good logging functionality. 

    The aggregation capability is quite useful. 

    The solution is quite stable. The performance has been good.

    The solution scales well.

    The solution has gotten easier to deploy since the 2019 version.

    What needs improvement?

    Using ELK the first time there was a lack of security. We had to buy the paid version due to the fact that we needed to secure access to Kubernetes.

    The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes. In fact, you have to monitor the stack and it's very, very difficult. Sometimes we lose indexes or we have nothing on the dashboard.

    For how long have I used the solution?

    I've been using the solution for about two years at this point. It hasn't been an extremely long amount of time.

    What do I think about the stability of the solution?

    The solution is stable. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.

    What do I think about the scalability of the solution?

    The solution can scale. If a company needs to expand it, it can do so pretty easily.

    We use the solution for quite a small team. Ten people work on it.

    How are customer service and technical support?

    Due to the fact that we have a paid version of the product, technical support has been fine. We've been satisfied with the level of service provided to us. They are quite helpful and responsive.

    Which solution did I use previously and why did I switch?

    Previously, we were on Datadog, Kubernetes Logs. It was not very easy to debug incidents and so on. If I had to compare, I'd say that Datadog is very easy to implement and it's such a fast solution.

    How was the initial setup?

    The first time, it was very hard to deploy on Kubernetes. However, as we reached version seven, they are now an operator. Now it's very easy to deploy. We no longer have any issues.

    What's my experience with pricing, setup cost, and licensing?

    The solution is a bit expensive. I don't know the pricing of Datadog, which is what we used to use, however, it's my understanding that it is very expensive also. 

    What other advice do I have?

    We are a customer and an end-user. We do not have a business relationship with ELK.

    The solution is deployed on Kubernetes in Azure.

    I would advise other companies and users not to mix monitoring and logging. It's not the same purpose. Many people do monitoring by scanning logs. It's not a good idea. The good idea is to monitor separately. In case of incidents, you have to monitor metrics and logins for the root cause. It's important to separate this, and not treat them as the same thing.

    I'd rate the solution at an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Steve Drill - PeerSpot reviewer
    VP Platform Engineering at Hydrogen
    Real User
    Top 5
    Free to use, easy to set up, and quite stable
    Pros and Cons
    • "We've found the initial setup to be quite straightforward."
    • "Sometimes, the solution isn't the easiest to use."

    What is our primary use case?

    ELK Stack is made up of Elasticsearch, Logstash, and Kibana. What we have is considered modified ELK Stack where instead of the Logstash we use Fluentd, but it serves the same purpose as basically a pipe to get the data into the Elasticsearch.

    We primarily use the solution for everything you could think of from error detection to general logging and auditing, to security awareness.

    What is most valuable?

    Recently I started using some Kibana alerting, which is in the latest versions of Kibana. It's very helpful in general.

    You can't beat the price as it is basically free. There are also a lot of features on offer.

    We've found the initial setup to be quite straightforward.

    The stability is excellent.

    What needs improvement?

    Sometimes, the solution isn't the easiest to use.

    The solution probably doesn't have all of the advanced machine learning like some other SIEM providers have right now. It's something that could be improved upon.

    For how long have I used the solution?

    I've been using the solution for three or four years at this point. It's been a while.

    What do I think about the stability of the solution?

    The stability of the solution has been excellent. There are no bugs or glitches. It doesn't crash or freeze. The reliability is very high.

    What do I think about the scalability of the solution?

    I have no reason to believe this solution wouldn't scale well if a company needed it to. I see no limitations there.

    That said, that's a speculative area for us right now. We haven't attempted to scale the product ourselves.

    Obviously, Elasticsearch has to do all of its indexing upfront and that might be a scaling concern whereas something like Devo with its just-in-time indexing is pretty darned interesting.

    On our end, mostly development staff and operations staff are using it right now. For our organization, everything is going to increase. We're just starting to ramp up usage now.

    How are customer service and technical support?

    I've never dealt with technical support. I can't speak to how helpful or responsive they are.

    How was the initial setup?

    The initial setup is not overly complex. It's pretty straightforward. A company shouldn't have any issues with the implementation process overall. Everything in AWS has gotten pretty straightforward.

    The maintenance of the solution is minimal. It would only take one person to maintain it.

    What's my experience with pricing, setup cost, and licensing?

    The price of the product is very good, as it is largely free. There isn't any operating cost. It's basically free software. I'm not aware of any enterprise versions that would cost more. Everything is an AWS service.

    What other advice do I have?

    We're just customers and end-users. We don't have a business relationship with the company.

    We're using the latest version of the solution.

    The product in general has come very far. It's gotten a lot better over the years.

    I'd recommend the solution to other organizations. I'd advise anyone to try it out.

    Overall, I would rate it at an eight out of ten. We've largely been very pleased with the product.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Download our free Elastic Security Report and get advice and tips from experienced pros sharing their opinions.
    Updated: May 2022
    Buyer's Guide
    Download our free Elastic Security Report and get advice and tips from experienced pros sharing their opinions.