What is our primary use case?
ELK Stack is made up of Elasticsearch, Logstash, and Kibana. What we have is considered modified ELK Stack where instead of the Logstash we use Fluentd, but it serves the same purpose as basically a pipe to get the data into the Elasticsearch.
We primarily use the solution for everything you could think of from error detection to general logging and auditing, to security awareness.
What is most valuable?
Recently I started using some Kibana alerting, which is in the latest versions of Kibana. It's very helpful in general.
You can't beat the price as it is basically free. There are also a lot of features on offer.
We've found the initial setup to be quite straightforward.
The stability is excellent.
What needs improvement?
Sometimes, the solution isn't the easiest to use.
The solution probably doesn't have all of the advanced machine learning like some other SIEM providers have right now. It's something that could be improved upon.
For how long have I used the solution?
I've been using the solution for three or four years at this point. It's been a while.
What do I think about the stability of the solution?
The stability of the solution has been excellent. There are no bugs or glitches. It doesn't crash or freeze. The reliability is very high.
What do I think about the scalability of the solution?
I have no reason to believe this solution wouldn't scale well if a company needed it to. I see no limitations there.
That said, that's a speculative area for us right now. We haven't attempted to scale the product ourselves.
Obviously, Elasticsearch has to do all of its indexing upfront and that might be a scaling concern whereas something like Devo with its just-in-time indexing is pretty darned interesting.
On our end, mostly development staff and operations staff are using it right now. For our organization, everything is going to increase. We're just starting to ramp up usage now.
How are customer service and technical support?
I've never dealt with technical support. I can't speak to how helpful or responsive they are.
How was the initial setup?
The initial setup is not overly complex. It's pretty straightforward. A company shouldn't have any issues with the implementation process overall. Everything in AWS has gotten pretty straightforward.
The maintenance of the solution is minimal. It would only take one person to maintain it.
What's my experience with pricing, setup cost, and licensing?
The price of the product is very good, as it is largely free. There isn't any operating cost. It's basically free software. I'm not aware of any enterprise versions that would cost more. Everything is an AWS service.
What other advice do I have?
We're just customers and end-users. We don't have a business relationship with the company.
We're using the latest version of the solution.
The product in general has come very far. It's gotten a lot better over the years.
I'd recommend the solution to other organizations. I'd advise anyone to try it out.
Overall, I would rate it at an eight out of ten. We've largely been very pleased with the product.