ELK Elasticsearch Review

Helps us keep firewall logs and collect traffic flow information


What is our primary use case?

What we use this ELK (Elasticsearch, Logstash, and Kibana) solution is mostly for keeping firewall logs and collecting traffic flow information.

What is most valuable?

The scalability of this product is something that is very impressive and the performance is also very good.

What needs improvement?

I think the GUI part of the solution has the most room for improvement. Actually, we are using the free version. We do not use the plug-ins so we have to do some additional development ourselves to have the necessary access to the controls.

We are not a heavy user, we just keep the logs and track data in the system. We use it and there is no problem for our current purposes and level of use.

For how long have I used the solution?

We have been working with the solution for just over a year.

What do I think about the stability of the solution?

Up until this point, there have been a few times that we did have some issues and we did not know what went wrong. But we have a guy who is dedicated to managing the system now and it is running pretty well. At this point, we do not have to spend much time in administration and maintenance paying a lot of attention to it. I would say it is pretty stable, overall.

We have around five people involved in using the solution.

What do I think about the scalability of the solution?

The scalability is very impressive. We can do a lot of things with the product and have not explored all the possibilities as it is something we use somewhat lightly compared to its potential.

How are customer service and technical support?

We do not yet currently use a full technical support plan. We are not really using the product extensively enough to warrant that expenditure. Up until now, our use has been light and the product is not heavily burdened. It has been performing as expected. When we upscale usage we will probably engage with a paid support plan.

How was the initial setup?

The initial setup is not that problematic. It is obviously manageable as we are doing it by ourselves, so it is okay and fairly straightforward. We didn't need any assistance from integrators or consultants for the deployment.

Which other solutions did I evaluate?

Before choosing to go in this direction, we actually checked with some of the database options like the JSON option and Mango. The Elasticsearch product was referred to us by a friend at another company as a better solution for our particular need. They are using the system. After some tests and reviews of the products, we thought it would fit our needs, so we decided to go with it.

What other advice do I have?

The advice I would give to others considering this solution is that you have to have someone knowledgeable managing the system. You have to know the needs, know how to manage queries, and understand the visualization. You have to have someone working on it and dedicated to it so that you can manage it. It is not just plug-and-play. If you decide to run with it, the performance and the result can be very satisfactory. We did not have any issues with achieving what we tried to do. When we need certain data, we always find it.

On a scale from one to ten where one is the worst and ten is the best, I would rate ELK Elasticsearch as an eight out of ten. What would make it a ten for us is something I wouldn't know at this point. Until we use it more heavily in production then we'll see how it performs under a full load and we'll have a better idea of what needs to be improved.

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest