What is our primary use case?
Initially, my company started with Elastic Stack for some kind of search in one of the mobile-related projects we were handling and when Kibana was available in the beta release version. My company enabled Elastic Stack for most of the cases of one of our customers, and mostly, it was for the search-related area. My company managed the search for complex scenarios, not only for the logs but also for the FDA and drug database for the physicians involved in one of the healthcare projects, where the search capability had to be enabled. Apart from AWS, Amazon CloudWatch offers a faster setup process for Elastic Stack. With AWS, my company used ELK Stack and Kibana for all kinds of other things instead of Amazon CloudWatch.
What is most valuable?
One of the biggest assets of the Elastic Stack is its search capability, as it is one of the core features that my company leverages for most things, including the search of logs. Regarding the timestamp and retrieval of logs, anyone apart from the production support with proper access can search the log timestamp, including the exact details of what has been logged and what caused the issue. For application-related or large sets of data that are not relational, like in a JSON format, my company is pushing and putting across the Elasticsearch index, and once it is enabled, the search can be made faster.
What needs improvement?
Elastic Stack provides all sorts of things, so it provides Elasticsearch for the transformations into a specific format, and pipelines can be defined for distributed applications along with the logs that come in the JSON format, which is clean. It's only the enhancements or the security that the product lacks and needs to be enhanced. I don't think further enhancement of the features needs to be added to the solution because it is already equivalent to a monitoring or alerting system, like Dynatrace and other tools. Some developments in the area of AI, which Elastic Stack is currently working on, should be fine in terms of the enhancements.
Whenever some critical issue happens, there should be some kind of a co-pilot that helps resolve the issue. The tool should learn from its own previous issues. If you take Databricks, you see that it provides a co-pilot for Python, so a similar kind of development in Elastic Stack would be a real asset for it.
AI would be considered a good way to enable the tool further for more in 2024, and even a beta launch would be helpful. If you take any sort of cloud-native monitoring product, like Azure Monitor or AWS CloudWatch, you see that such products don't provide much of the insights. If you go with Azure Monitor for any sort of ML models to be there, Sentinel needs to be used from Azure, which is very costly.
AI-enablement would be a big improvement in Elastic Stack. Everyone in the monitoring space, including Dynatrace and New Relic, has lately been discussing AI, but it doesn't seem to be coming out. If there is room for an ML model in Elastic Stack, then it would be good.
For how long have I used the solution?
I have been using Elastic Stack for more than seven years.
What do I think about the stability of the solution?
The stability of the product is good as it can be fine-tuned to meet all its specified parameters by following the best practices.
What do I think about the scalability of the solution?
Scalability-wise, I rate the solution an eight out of ten.
The scalability depends on how the cloud team, the DevOps team, or the development team uses the in-built functionalities in the solution, like the indexes, as they occupy quite a lot of space, making it pretty slow.
At any given point in time, the concurrent users of the tool would be around 1,000.
How are customer service and support?
The online forum of the product is fine since anybody can respond to it to help resolve someone else's issues. My company has never contacted the support team of Elastic Stack.
Which solution did I use previously and why did I switch?
Azure Monitor or the AWS CloudWatch provides only cloud-native services, so you will be able to monitor only the services of Azure or AWS since neither of the products is a cloud-agnostic tool in nature. If you take Azure Monitor and monitor something in AWS, it is not possible. The agent is not comfortable with Azure Monitor, where AWS services are monitored, meaning one may face some difficulties. Elastic Stack is a cloud-agnostic product, so you can have Elastic deployed on Azure, and you can monitor AWS or GCP services as well.
How was the initial setup?
The product's initial setup phase was simple.
The solution is deployed on the cloud.
The solution can be deployed in half a day. With all the cloud security, subnets in place, and the other things being allocated, everything can be completed. Our company does have some sort of scripts to take care of the deployment part, so we have written some Terraform scripts from scratch, which pull the Docker image, the latest version of the Docker image, and then deploy it onto the VM.
What about the implementation team?
I took care of the product deployment phase by myself.
What's my experience with pricing, setup cost, and licensing?
For a few of the cases, my company uses the license to the version of the solution, and for a few other cases, we use the cloud-managed service by AWS since Elasticsearch is equivalent to OpenSearch with AWS, along with a few of the tweaks that are there, but ultimately both the products are one and the same.
The pricing of the product depends on how the capacity planning has been done in your company and the plan that has been chosen for use in the environment. Ultimately, the pricing depends upon the capacity planning that the enterprise architect does.
What other advice do I have?
The security part of the product is fine since, anyway, it gets deployed in a VPC or under a subnet, so the cloud provider takes care of the security part.
I rate the overall tool a nine out of ten.
*Disclosure: I am a real user, and this review is based on my own experience and opinions.
