We changed our name from IT Central Station: Here's why

ELK Logstash OverviewUNIXBusinessApplication

ELK Logstash is #7 ranked solution in Log Management Software. PeerSpot users give ELK Logstash an average rating of 8 out of 10. ELK Logstash is most commonly compared to Datadog: ELK Logstash vs Datadog. The top industry researching this solution are professionals from a comms service provider, accounting for 26% of all views.
What is ELK Logstash?

Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite “stash.”

ELK Logstash was previously known as Elastic Stack, ELK Stack.

ELK Logstash Buyer's Guide

Download the ELK Logstash Buyer's Guide including reviews and more. Updated: January 2022

ELK Logstash Customers

Sprint, Grab, Autopilot, Just Eat, Verizon Wireless, Green Man Gaming, Compare Group, Tango, Perceivant, Quizlet

ELK Logstash Video

Archived ELK Logstash Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
User at a comms service provider with 51-200 employees
Real User
Good visualization, but more automation is needed
Pros and Cons
  • "The visualization is very good."
  • "There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."

What is our primary use case?

We are a service provider, and use this solution to work with our customers.

We use this solution for collecting firewall logs and then supplying them to the log analyzer.

We are running Fortinet FortiGate for our firewall, and these are the logs that we are analyzing. Normally, we have a problem with the visualization part.

How has it helped my organization?

This solution helps us because we can find all of the logs in one place. We can easily find a specific log in a specific time period.

What is most valuable?

The visualization is very good.

What needs improvement?

There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.

It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually.

What do I think about the stability of the solution?

The stability of this solution is fine.

What do I think about the scalability of the solution?

This solution is scalable.

We have approximately two hundred users and we do not plan to increase usage at this time.

How are customer service and technical support?

We had not contacted technical support for this solution.

Which solution did I use previously and why did I switch?

We have used other SIEM solutions in our company.

How was the initial setup?

On week is enough for the deployment.

What about the implementation team?

We performed the integration ourselves.

What's my experience with pricing, setup cost, and licensing?

We are using the free, open-source version of this solution.

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution.

What other advice do I have?

We are interested in learning more about plugins for specific firewalls or other products.

The only problem with this solution is the development part, where we have to do it manually.

I would rate this solution a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user782697
Security Operation Center Analyst at Sadad
Real User
Helps us with application behavioral analysis and tuning
Pros and Cons
  • "It is the best open-source product for people working in SO, managing and analyzing logs."
  • "If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."

What is our primary use case?

We used this solution for gathering our application logs and analyzing application behavior.

How has it helped my organization?

This solution assists in tuning our applications.

What is most valuable?

This is one of the best open-source log management and log analyzer tools in the world.

What needs improvement?

The documentation for this solution is very important, and more needs to be developed. It was not as good as we expected, and because of that, we prefer to work on commercial solutions such as Splunk or ArcSight. If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution.

As you gather more and more data, and the data continues to grow, I think it is difficult to handle, administer, and perform declustering.

I would like to see support for machine learning, where it can make predictions based on the data that it has learned from our environment.

For how long have I used the solution?

We have been using this solution for six or seven months.

What do I think about the stability of the solution?

In terms of stability, we have had many problems when dealing with big data.

What do I think about the scalability of the solution?

There are six people who use this solution in our company.

How are customer service and technical support?

I do not use the commercial version so I cannot comment on technical support. The open-source community is very important for this solution.

Which solution did I use previously and why did I switch?

We used Splunk in parallel with this solution.

In my role as a Security Operations Center Analyst, I think that Splunk is more useful for me. This is because I do not work on analyzing application behavior. However, I help my colleagues with this task, using ELK Logstash, based on my experience with Splunk.

How was the initial setup?

The initial setup of this solution was complex.

We have an enterprise structure and we cannot just install this solution, Logstash, and Kibana (the data visualization plugin for this solution), to have a good experience. For example, we had to set up the SQL database.

We now have nine Elasticsearch nodes in the company that all work together in a cluster. It is not simple, but rather, an enterprise structure.

What's my experience with pricing, setup cost, and licensing?

We use the open-source version, so there is no charge for this solution.

Which other solutions did I evaluate?

The solution does not work as well as Splunk.

What other advice do I have?

Our company uses Logstash for gathering the data, and Kibana for searching. The two are used together.

This is a solution that I recommend. It is the best open-source product for people working in SO, managing and analyzing logs.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about ELK Logstash. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,322 professionals have used our research since 2012.
Prabhanshu Pandit
Programmer at a tech services company
Real User
Stable, with good documentation, but needs better email notification
Pros and Cons
  • "ELK documentation is very good, so never needed to contact technical support."
  • "Email notification should be done the same way as Logentries does it."
  • "We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
  • "They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."

What is most valuable?

Documentation is very good, so implementation is fine.

What needs improvement?

Email notification should be done the same way as Logentries does it. Because of the notification issue we moved to Logentries, as it provides a simple way to get notification whenever a server encounters an error or something unexpected happens (which we have defined using Regex).

We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there).

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

Not really, but we did set up a cron job to delete old logs so that we wouldn't hit a disk space issue.

How are customer service and technical support?

ELK documentation is very good, so never needed to contact technical support.

Which solution did I use previously and why did I switch?

We used Logentries, but because it is open-source we moved to ELK as a part of cost-cutting strategy and evaluation of ELK. But the lack of a notification feature caused us to go back to Logentries.

How was the initial setup?

Slightly complex, especially when you are configuring machines which are on a separate IP rather than on a single machine. In my case Elasticsearch, Kibana, and Logstash were on different machines. Along with that, we added a proxy server (nginx) ahead of the Kibana server. We used the proxy server for user authentication so that only known users should be able to access the Kibana dashboard. ELK didn’t have a free version for user authentication and that made us go for the alternative. We have, in total, four machines.

What other advice do I have?

I give it a seven out of 10. They don't provide user authentication and authorisation features (Shield) as a part of their open-source version.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Yogesh-Sharma
DevOps Engineer at a computer software company with 1,001-5,000 employees
Consultant
Central log management helped increase developer productivity
Pros and Cons
    • "Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
    • "We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."

    How has it helped my organization?

    In my previous organization, I used this for central log management, increasing developer productivity.

    What is most valuable?

    Elasticsearch Indexing and the Visualize tools of Kibana.

    What needs improvement?

    Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    No issues with stability.

    What do I think about the scalability of the solution?

    We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK.

    How is customer service and technical support?

    We were using the open source version. Community support is good.

    How was the initial setup?

    Complex. We needed to analyze multiple factors, like benchmarking, performance of Logstash.

    What other advice do I have?

    I rate it at eight out of 10. It is scalable (if used properly), durable, and performance tested.

    If you are good to spend money, Splunk is way better for log management. There might be other use cases where you may need ELK.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.