IT Central Station is now PeerSpot: Here's why
AVP, Site Reliability Engineer at a financial services firm with 10,001+ employees
Real User
Top 5
Good monitoring and behavior prediction; troubleshooting tool could be improved
Pros and Cons
  • "Enables monitoring of application performance and the ability to predict behaviors."
  • "Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."

What is our primary use case?

Our primary use case of this solution is for application performance monitoring. We are customers of ELK.

What is most valuable?

This solution enables us to monitor application performance from Elasticsearch and we can predict some behaviors for applications using ELK. This product is distributed and scalable which is good for us.

What needs improvement?

The troubleshooting or diagnostic tool can be improved to provide a better understanding of internal behavior and how data is stored. It would also be helpful if they were to release the next version as a plugin or an extension, or as a JAR file, for the latest features. When releasing a new version they currently provide a new stack which means everything needs to be removed before the new version is installed. 

For how long have I used the solution?

I've been using this solution for five years. 
Buyer's Guide
Elastic Security
June 2022
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
606,596 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution is generally stable, although with each new upgrade there is an adjustment period. They upgrade versions very regularly and it's hard to keep up. By the time my environment is stable with the previous versions, they are already bringing out a new version. 

What do I think about the scalability of the solution?

Scalability is very good with this product. 

How are customer service and support?

I'm not satisfied with technical support because whenever you raise a case, it goes to some random support person who asks questions about the architecture. It's a waste of time. I'm a platinum customer so each time I raise a request, it should go to a dedicated customer support representative who knows my case. It's very difficult when you work in a highly secure environment to get all the logs and send the logs to them each time. 

How was the initial setup?

The initial setup is easy, but as you begin using the more advanced features like security and authentication with an AM and LM, then it becomes a bit tricky.

What's my experience with pricing, setup cost, and licensing?

Licensing costs are high, they charge based on the nodes and the RAM. If I purchase a license for a 64GB RAM node and then want to have 128GB RAM, I can't because it's not in the contract so I have to pay on top of that. They removed a feature that allows me to provide multiple disks for one node so if I now want to add an extra disk to the volume, I have to buy a license for one extra node. It's very unfair. 

What other advice do I have?

I would recommend this solution for an organization that doesn't require a highly secured environment, because they'll have to deal with the issues of VM upgrades and installations. If it's a highly secured environment like a bank, then I suggest ELK cloud instead of on-prem. I rate this solution a seven out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Co Founder at Basheer Sharma Enterprises LLP
Real User
Top 20
Simplifies process of bug identification and tracking using application log files
Pros and Cons
  • "The most valuable feature for me is Discover."
  • "I would like the process of retrieving archived data and viewing it in Kibana to be simplified."

What is our primary use case?

I was using this product up until recently when I changed companies, but I have been asked to implement logging in my new role and this is one of the options that I am considering.

It was used in conjunction with Kibana to examine our logs and perform debugging. When a user complained about misbehavior in an application, we would research the logs, test, and try to find out where the bug is.

What is most valuable?

The most valuable feature for me is Discover. I have not used all of the features, so I can't say that this will be best for everyone.

What needs improvement?

I would like the process of retrieving archived data and viewing it in Kibana to be simplified.

We ran into trouble once or twice regarding problems with timestamps that came about because of issues with memory. Consequently, the correct data was not logged and it had to be done again.

For how long have I used the solution?

I used this product for about eight months, up until about two months ago.

What do I think about the stability of the solution?

We were using this solution once or twice every couple of weeks when we encountered a bug. I found that it was stable.

What do I think about the scalability of the solution?

I have not tested scalability. In my previous company, there were 20 people on the team, but only the backend developers were using ELK Logstash. This was perhaps 10 users.

How are customer service and technical support?

We hosted this solution ourselves, so there was no technical support.

Which solution did I use previously and why did I switch?

We have used Graylog in the past, but it was self-hosted and the experience wasn't great.

How was the initial setup?

I did not do the initial setup myself.

What about the implementation team?

My colleague deployed this solution for me.

What's my experience with pricing, setup cost, and licensing?

This is an open-source product, so there are no costs.

What other advice do I have?

When my colleague set up this application, it was configured such that every seven days, the data is archived into long-term storage. When I needed something from the archived logs, it was easy to retrieve and I could look through them again. This is something that I would suggest doing.

My suggestion for anybody who is implementing ELK Logstash is to make sure that the entire team knows how to use it. If only one person knows it and takes care of it, then it is not a very productive experience. On the other hand, if everybody is familiar with it, the experience will be much better.

This is definitely a product that I recommend using.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Elastic Security
June 2022
Learn what your peers think about Elastic Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
606,596 professionals have used our research since 2012.
I.T. Manager at a healthcare company with 51-200 employees
Real User
Top 5
Analyses your security data quickly and effectively
Pros and Cons
  • "Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
  • "The biggest challenge has been related to the implementation."

What is our primary use case?

We plan to use it to analyze the data that we're pumping into it from Active Directory and from firewalls, then we'll pass that information onto our own external SOC.

What is most valuable?

We really haven't had any significant SIEM solutions, so it's all new to us, other than a simple up-down solution. Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted.

What needs improvement?

The biggest challenge has been related to the implementation. It's a very complex product which, without a lot of knowledge or a lot of training, it's very difficult to get into and make use of. They try and make a lot of the general features very simple to access; a lot of the dashboards are very simple to use and so forth, but a lot of the refined capabilities take serious skills. They're not necessarily the easiest to implement.

For how long have I used the solution?

We've been trying to implement it and get it up and going for a good three to four months now.

What do I think about the stability of the solution?

Elastic SIEM is pretty stable. I did have a problem during one of the upgrades, but customer support was able to resolve it for me quickly. Other than that, it's been very reliable and stable.

How are customer service and technical support?

The customer service is great; not a whole lot of back-and-forth going on.

How was the initial setup?

The initial setup was pretty straightforward.

What's my experience with pricing, setup cost, and licensing?

It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost.

What other advice do I have?

In our case, being a medium-sized business, it takes a lot of resources to learn how to properly use and implement it — you need to have a good understanding. They give you a very good framework and a very good solution to work with, but there's a lot of intuition that's required to actually make it work well. It requires a lot more effort than they would lead you to believe or that you would even expect.

On a scale from one to ten, I would give this solution a rating of eight. This is based on my experiences from the past as we're still implementing it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Operating Officer / SR. Project Manager at SCS
Real User
Top 5
A flexible, cost-effective, and reliable solution
Pros and Cons
  • "One of the most valuable features of this solution is that it is more flexible than AlienVault."
  • "It is difficult to anticipate and understand the space utilization, so more clarity there would be great."

What is our primary use case?

We use it as a SIEM for monitoring a client's environment.

What is most valuable?

One of the most valuable features of this solution is that it is more flexible than AlienVault. 

What needs improvement?

It is difficult to anticipate and understand the space utilization, so more clarity there would be great.

For how long have I used the solution?

My company has been using this solution for two years.

What do I think about the stability of the solution?

It is a very stable solution.

What do I think about the scalability of the solution?

The solution is very scalable.

How are customer service and support?

The technical support is adequate.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We currently use AlienVault for some clients and Elastic Security for others. We chose Elastic Security because we felt it was the most flexible, cost-effective solution to provide the results needed.

How was the initial setup?

In certain respects, the setup of this solution is more straightforward than other solutions, but in other respects, it's more complex because it needs more fine-tuning than Splunk or AlienVault.

What about the implementation team?

We implemented through an in-house team and it took about two months.

What's my experience with pricing, setup cost, and licensing?

The licensing cost depends on the size of the environment it's monitoring. Everything is based on volume, as with all SIEMs. When compared to other products, the price is average or on the low side.

Which other solutions did I evaluate?

We evaluated several options, including Monster SIEM, Splunk, and Wazuh.

What other advice do I have?

There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means you have to figure out which part of "everything" makes sense for your company to do.

I would rate this solution as an eight out of ten. It's a good value for money and a  reliable solution, but it's heavily reliant on appropriate configuration.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
KarthikeyanSrinivasan - PeerSpot reviewer
Sr Cloud Data Architect at Sun Cloud LLC
Real User
Top 5
A flexible product that can be used in a number of scenarios, but its knowledge is quite rare and hard to come by
Pros and Cons
  • "Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
  • "We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."

What is our primary use case?

It is for our own infrastructure. We are trying to do ELK Stack for everything. We are trying to build our own monitoring solution. For now, we are using it as an alerting solution, and SIEM is going to be our destination.

What is most valuable?

Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy.

With Kibana, we can make very beautiful dashboards the way we wanted. It makes sense for the business.

What needs improvement?

We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10.

What do I think about the scalability of the solution?

We don't have any scalability problems as of now. We have less than 2,000 devices.

What about the implementation team?

We have a contractor who is trying to develop and deploy the ELK Stack for us. He has requested a couple of servers, and we have given those to him. He asked for more RAM and storage for the service, and he will take time developing the custom Logstash scripts that we have asked for.

What's my experience with pricing, setup cost, and licensing?

I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10.

What other advice do I have?

It is complex, but you just need to have patience and personnel to develop it. Unless you explore a technology, you won't know what are the pros and cons. I have not seen any cons as of now, but it has miles to go in terms of being equal to Splunk. It is a community-driven technology. So, it will get there.

I would rate this solution a seven out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Founder & Chief Executive Officer at a consultancy with 11-50 employees
Real User
Has good scalability and is consistently stable
Pros and Cons
  • "The feature that we have found the most valuable is scalability."
  • "The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."

What is our primary use case?

We are using ELK Logstash for application log management and fault detection.

What is most valuable?

The feature that we have found the most valuable is scalability. 

What needs improvement?

The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. 

The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there.

For how long have I used the solution?

We have been using ELK Logstash for nearly three years.

What do I think about the stability of the solution?

It's quite stable. We have not seen it going down at all for the last three years. It's working well consistently.

What do I think about the scalability of the solution?

Scalability is very good. 

How are customer service and technical support?

We have not taken the technical support at all, so we have been supporting ourselves. We are using the open-source edition, and we are supporting ourselves.

How was the initial setup?

The initial setup was very straightforward for us because we are a software development company. We understand how to compile the source code. We can compile the source code, and we can deploy it. It was pretty straightforward for us.

What other advice do I have?

You should know this solution pretty well. You need to be clear beforehand for what you are going to use this product. This is not something that you can use generally for anything and everything. You should be really clear in terms of your requirements.

I would rate ELK Logstash a nine out of ten. 

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Giuseppe Ragazzini - PeerSpot reviewer
Project Delivery Manager at Spindox
Real User
Top 20
A good SIEM solution but doesn't have as many features as its competitors
Pros and Cons
  • "It's not very complicated to install Elastic."
  • "With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."

What is our primary use case?

I worked for a telco client for the security model of Elastic, but my role was unit manager. I don't have a lot of technical expertise, but I decided on the solution for a client, and I was responsible for the delivery.

I worked with the security of the mobile app. I see all the logs in Elastic for SIEM. I monitored the logging and some logs from the machine for a UNIX system with some use cases like the machine's file system.

This solution is deployed on-premise.

We provide this solution to our customers, which are telcos, in the finance industry, and in retail.

What is most valuable?

I think that it's a good solution for a SIEM.

What needs improvement?

Elastic doesn't have the features like other competitors in SIEM. For example, Dynatrace as a solution for SIEM has features that Elastic actually don't have.

With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM. That's the improvement I would like to see.

What do I think about the stability of the solution?

The product is stable.

Which solution did I use previously and why did I switch?

Other products like Splunk are better than Elastic for a SIEM because there are some use cases already available for a client. Elastic doesn't have this, so the user must build the SIEM solution. I think that Elastic has to increase the features for the SIEM.

How was the initial setup?

It's not very complicated to install Elastic, but I didn't deploy it.

What other advice do I have?

I would rate this solution 7 out of 10.

It's a good solution and I would recommend it, but there are other products that have more features that Elastic doesn't have.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Associate Director - Solutions at a comms service provider with 1,001-5,000 employees
Real User
Good indexing of logs, cost-effective, and stable
Pros and Cons
  • "I like the indexing of the logs."
  • "Better integration with third-party APMs would be really good."

What is our primary use case?

We use this solution for the Microsoft deployment of auto-management.

What is most valuable?

I like the indexing of the logs.

For how long have I used the solution?

I have been using ELK Logstash for one year.

What do I think about the stability of the solution?

This product is quite stable and I've not seen any type of issue with it so far.

What do I think about the scalability of the solution?

With respect to scalability, you have to properly plan. Generally, I don't see any issues with scalability.

How are customer service and technical support?

We have not used technical support because we always had talent within the company for end-user support.

Which solution did I use previously and why did I switch?

This was a solution that our client chose, and they were not using a different one prior to this.

How was the initial setup?

I do not think that we had any issues with the deployment. Overall, I would say that the process is of medium complexity.

What about the implementation team?

The support team assisted us with the deployment. I don't think that we had any issues with the team.

What's my experience with pricing, setup cost, and licensing?

Compared to other products such as Dynatrace, this is one of the cheaper options.

Which other solutions did I evaluate?

Our client provided us with this option after they had already been through a selection process.

What other advice do I have?

My advice is that this is a good product to use if you are financially contained, and you want to start with something small. Later, if you need to scale then you can look at other options.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Elastic Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2022
Buyer's Guide
Download our free Elastic Security Report and get advice and tips from experienced pros sharing their opinions.