ELK Elasticsearch Review
Aggregates log/machine data into a searchable index, reduces time to identify issues


How has it helped my organization?

ELK has helped my team leverage a powerful and efficient capability that is comparable to more costly solutions.

What is most valuable?

The ability to aggregate log and machine data into a searchable index reduces time to identify and isolate issues for an application. Saves time in triage and incident response by eliminating manual steps to access and parse logs on separate systems, within large infrastructure footprints.

What needs improvement?

Enterprise scaling of what have been essentially separate, free open source software (FOSS) products has been a challenge, but the folks at Elastic have published new add-ons (X-Pack and ECE) to help large companies grow ELK to required scales.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

We encountered issues with scalability.

How is customer service and technical support?

Not applicable, for my team's experience with ELK. Being a FOSS, there is limited support from Elastic without a service – support, consulting, training. There is wealth of information on the web and a growing community of users to lean on for support, though.

Which solutions did we use previously?

Yes, we had a previous solution but we did not switch. We use multiple log analysis engines. Where we have funds to support commercial, off-the-shelf tools (COTS), we have seen more immediate benefits. Where we must go with low/no-cost FOSS, we use ELK.

How was the initial setup?

Initial setups were complex years ago, but they are more straightforward in the current offering. ELK is essentially a collection of products that each requires infrastructure and expertise to set up independently, and connecting them to gain a functional tool requires still more expertise.

What's my experience with pricing, setup cost, and licensing?

This is a free, open source software (FOSS) tool, which means no cost on the front-end. There are no free lunches in this world though. Technical skill to implement and support are costly on the back-end with ELK, whether you train/hire internally or go for premium services from Elastic.

Which other solutions did I evaluate?

Splunk, Sumo Logic, and IBM’s Operation Analytics.

What other advice do I have?

Try it out. There is little to lose but time.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment

Guest
Why do you like it?

Sign Up with Email