Elastic Stack Reviews

We are an MSSP providing security management services. We are using Elastic Stack only for security purposes, not for host capabilities or EPM, which is for observability.

The detection rules in Elastic Stack are the most valuable feature. The search capabilities are excellent and fast. As we collect logs from workstations and devices, the detection rules run on top of the logs and detect any suspicious activity, raising alerts accordingly. Integration with Elastic Stack depends on the specific integration. Elastic provides some bridging integrations that make it easy, but require custom integration. Most integrations are simple, but customization can be challenging because we need to do some parsing. There's something called Elastic Common Schema, and we need to parse the source logs to match this schema, which can be a bit challenging.

Improving integration capabilities, especially with authentication systems, firewalls, and security controls, is a crucial area for improvement in Elastic Stack. Additionally, enhancing functionality to handle large Yara queries more efficiently would be beneficial, as many EDR solutions can run such queries faster than Elastic Stack's current limitations.

I have been working with Elastic Stack for the past four years.

I would rate the stability an eight out of ten. 

Scalability for Elastic Stack would be rated high, around nine out of ten, as it's perfect in this aspect.

Elastic Stack's technical support is not suitable, specifically regarding response time. The quality of support is not the issue; instead, it takes a lot of time to receive assistance could be improved. We have to go through an intermediary company to raise the problems with Elastic, which can delay resolution.

The initial setup for Elastic Stack is straightforward and makes provisioning very easy. As for deployment, we use our solution on cloud servers. 

I would recommend Elastic Stack to others.

I would rate the product an eight out of ten. 

In my company, we use Elastic Stack for managing logs from various equipment, and then we create alerts in some cases before sending them to one of our projects.

The most valuable feature of Elastic Stack is its ease of implementation. The tool has various services like security, managing, and searching logs. Elastic Stack is one of the best tools, and I highly recommend it since it influences everything in one's environment.

The implementation of dashboards in the solution needs to be made easier. Last year, I implemented dashboards with the help of Docker's compose file, and I had some issues with the ports and configuration since it was kind of complex to implement with Docker.

The product's dashboard and maintenance are two areas that need improvement.

I have experience with Elastic Stack beginning in 2023. I am an end user of the solution. I used Elastic Stack as a part of one of our company's projects involving certain security aspects for three months.

The solution's stability was great. I only had issues with the pieces of equipment we were using in our company since I don't have such a great server, restricting the use of only features that open on my computer. Stability is an area that can be terrible if you don't have a great server.

It is a very scalable solution. It is very easy to scale up logs. I didn't face any problem with this scalability part of the solution since we only have a few pieces of equipment in our company. For bigger enterprises, I am unsure if the product would be a very scalable one.

Elastic Stack was used in our company for just one project, so only one of my colleagues and I were using it.

My experience with the solution's customer support team was great. Though I hadn't interacted much with the technical support team, they used to respond via emails if we faced some issues with the solution in our company.

I use Apache Kafka to manage the flow between two databases.

Elastic Stack's deployment process could be done easily because of the documentation and availability of videos everywhere related to the deployment phase.

The deployment process for the product got completed within a few days.

One of my colleagues and I were the only two people involved in the product's implementation phase.

I used the open-source version of Elastic Stack, because of which I did not have to pay anything.

I want to use some tools so that I can manage and visualize the flow while having scalability and availability options.

I have experience with the benchmarking of Splunk, IBM, and QRadar. I had only searched for the videos and documentation of the aforementioned tools and didn't use them since they weren't open-source products. Pricing was a major area of difference between Elastic Stack and the products I evaluated.

For those looking for just some support products or an open-source service, Elastic Stack can be a great choice. For organizations handling big projects, IBM STACK can be a better choice compared to Elastic Stack.

The maintenance part of the solution was difficult since I wasn't aware of the process, but after doing a few searches online, I felt the maintenance part to be good. Some additional knowledge is required to maintain the product.

I rate the overall solution an eight out of ten.

We are using the solution as our backend with information for a team. We also use Elastic as our database. We saw a lot of logs from our devices through Elastic Stack. 

We can group a lot of alarms into one automation alarm supervision. It's quite helpful for us. We used that to suppress our alarms. Elastic already provides the agent. It is easy to integrate Elastic Stack with other devices and vendors.

Support could be improved. The error code is not helpful. We have to ask for it or pass it on to community forums. It's quite hard to understand what's wrong with our Elastic. If we have trouble, we often need to experiment with how to solve the problem.

I have been using Elastic Stack for two years.

The solution has downtime and glitches.

I rate the solution’s stability as four out of ten.

We can apply the solution to small to large enterprises.

I rate the solution's scalability an eight out of ten.

We can ask for technical support, but sometimes, we need to solve the problems quickly. Since the error code is not helpful, we need to experiment with how to solve the problems before, or to do a quick repair. We can also escalate it to Elastic.

The initial setup is complex.

I rate the product’s pricing as five out of ten, where one is cheap, and ten is expensive.

If your company meets the criteria for a database platform that is easily integrated with third-party devices and vendors or easily integrated with a solution that you are currently developing, then Elastic is quite a good solution for you.

Overall, I rate the solution a seven out of ten.

I use the solution for logging. I must check the logs and alerts regularly to see if an incident occurs. Also, I'm using the EDR to check for any network viruses in all my environments.

The tool is huge, and it performs brilliantly. I tested it for malware, and within two weeks of launching, the product alerted me about a network intrusion. This was a tough test for it, but it performed admirably. The alerting system is excellent, and searching through logs is incredibly efficient. What's impressive is that all three products or options are integrated into one solution. This means I don't need separate logging, monitoring, or antivirus solutions.

The tool's pricing can be improved. 

I have been using the product for five years. 

It can be quite challenging when it comes to administration and expanding our cluster management. As our company grows, managing these aspects becomes even more difficult.

As the logs increase in volume, the workload becomes heavier. We must establish different tiers, such as high tiers, hot tiers, etc. This requires careful calculations to determine the specifications for each tier and how to manage data flow through the cluster efficiently.

The tool's implementation is easy. However, it requires someone familiar with Elastic Stack and an understanding of the data flow. It might be challenging for beginners or those unfamiliar with Elastic Stack to utilize and gather logs efficiently and fully. However, implementing it becomes much easier once you have at least a year of experience working with the product.

My company consults with other companies in the Fintech sector. So, I'm implementing the solution in all Fintech companies we work with to obtain the PCI certificate. This PCI certificate is required to work in the fintech sector. I'm installing this solution in all other Fintech companies as a consulting company.

I work with the plugin for customer management, monitoring logs for each product, feature, or application. This simplifies life for end users. However, I'm pleasantly surprised by its success. The only downside is that the license is a bit expensive.

Every day, I start by opening the Elastic Stack Analytics loop. I check the sources and cloud store payloads. Then, I move on to Kibana, inspecting every feature I've installed or worked with. I check if Kibana is in the green, yellow, or red state, addressing any issues. Lastly, I meticulously examine logs from each data source, ensuring that all data is being received without issues and investigating any queues or anomalies that may arise.

I rate the overall product an eight out of ten. No other solution combines these three components, and no logging system offers the same level of functionality for logging, SIEM, and antivirus in one package. I've extensively searched for alternatives to Elastic Stack to avoid licensing issues, but I couldn't find any solution that matches its capabilities.

I use the solution to monitor and collect logs.

The most valuable features of the solution are automatic analysis, anomaly detection, and new features.

The main issue related to Elastic Stack is in the area of its licensing. The licenses of the product have changed, and the community-driven open-source fork of Elasticsearch has created a lot of issues in terms of compatibility between the products, which is not nice. The aforementioned areas are to be considered for improvement in the product.

I have been using Elastic Stack for seven to ten years. I am a customer of the product.

Stability-wise, I rate the solution a six to seven out of ten.

Scalability-wise, I rate the solution a ten out of ten.

Around 30 people in my company use the solution.

The solution is used daily in our company.

I have faced some issues with the technical support team of the product since some of the issues for which tickets were raised in the past were never resolved.

I rate the technical support a five out of ten.

Neutral

In the past, I have used log aggregation tools like Snare Central. I started to use Elastic Stack since it provides a single place to consolidate all of the logs. The tool allows quick digging inside the logs, looking for a part or specific events, and generating reports.

I rate the initial setup phase a seven or eight on a scale of one to ten, where one is a difficult setup phase, and ten is an easy setup process.

The solution is deployed on the cloud services offered by AWS and on an on-premises model.

The solution can be deployed and configured in a couple of weeks.

Our company's in-house team, consisting of me alone, completed the deployment process.

I have experienced a return on investment from the use of the solution.

The product is expensive.

All of the team members who work with me in the company participate in the maintenance process of the product.

I rate the overall tool a seven out of ten.

My company uses Elastic Stack extensively for its functionality or feature known as observability.

From what I have heard about the solution from other sources, I know that there were some issues with pushing data from other sources to Elastic Stack, making it the solution's only shortcoming that needs improvement. When people try to move the data from another source to Elastic Stack for visualization, they face challenges when connecting to Elastic Stack from such different sources. The aforementioned details can be considered for improvement in the solution.

I have experience with Elastic Stack, also known as ELK Stack, for five years. I am a customer of the solution.

The solution's technical support is good. Elastic Stack has good customer service managers who respond well to my queries.

I don't think we have done much in my company with Elastic Observability. In my previous assignment, I had used the solution more like a search functionality. Our company used the platform to provide our customers the features to search for different medicines, as it was a B2B platform. Observability Kibana Dashboard is something that we used in our company to analyze some of the logs, but I can't provide in-depth feedback on the product.

Elastic Stack offers good value for value for money based on the product's features and what they offer. The product's overall performance was good based on my limited experience with the product.

I think Elastic Stack is definitely a good product.

I rate the overall product an eight out of ten.

I use the solution along with Kibana to visualize and analyze the logs. I plan to use Elastic Stack as a cloud service platform for future projects because it streamlines DevOps workflows.

The tool's most powerful aspect is its search engine capability. It's a highly effective and powerful solution for searching. We use it in professional and student projects at universities, and it delivers promising results.

Elastic Stack's search capabilities can be challenging, especially when searching for precise data from past years, such as two or ten years ago. Its indexing performance for exact data retrieval may decrease as the data volume grows. Therefore, I believe there is room for improvement in the product's search functionality. It needs to improve its pricing as well. 

I have been using the product for ten years. 

I rate the product's stability a six out of ten. 

I find Elastic Stack's native scaling and sorting capabilities very powerful and suitable for scalability. Just like MongoDB, it offers native scaling features. We use medium-sized Elastic Stack in our projects. We experience considerable traffic, with thousands of requests occurring within minutes, although not within seconds.

I haven't used the tool's support. 

We downloaded the open-source version, which comes with an open-source license. Setting it up was easy. However, the maintenance, particularly the DevOps tasks, can be challenging. It's not exactly within my expertise, and I might need support from our IT to handle those aspects.

Depending on my client's specific needs, I use a mix of on-premise and cloud solutions. I implement private clusters for some customers who require data to remain on their own premises. However, I prefer cloud solutions for my projects and in general. Working in both academic and industrial settings in cloud computing, I find cloud solutions more convenient and powerful. Yet, I understand that each client has unique requirements, and some prefer to have their data stored and processed on-premise.

The tool's deployment takes an hour to complete. 

I rate the solution's pricing a seven out of ten. 

I don't have direct experience with data security. However, we ensure data security by deploying Kibana within our network and restricting access to it via VPN. The solution doesn't need any maintenance. I rate it an eight out of ten. 

Most users leverage Elastic for SIEM and SOC. It's also beneficial for integration with other solutions like CloudStrike and Endpoint Security. Elastic is especially useful for managing data lakes and enhancing security.

Prior to the latest updates, data lake management was a standout feature. The hybrid capability for on-premise and cloud integration was also crucial. Now, with Elastic Defense, the agent simplifies security monitoring, making it a key asset.

It lacks a clear NDR (Network Detection and Response) feature. If Elastic could enhance this aspect, it would significantly boost its capabilities.

I have been working with Elastic Stack for six months. 

It is quite stable and I would rate it 8 out of 10. 

It is scalable and I would rate it 9 out of 10. 

Direct support is good but I often get quicker help from the community.

Neutral

The installation is straightforward, but configuring the buffer can be complex. With recent AI assistance, it has become easier. I'd rate it around 7.

It depends on the specifics, but generally, Elastic is economical for certain use cases.

I would rate it 8 out of 10.