ELK Logstash Review

Helps us with application behavioral analysis and tuning


What is our primary use case?

We used this solution for gathering our application logs and analyzing application behavior.

How has it helped my organization?

This solution assists in tuning our applications.

What is most valuable?

This is one of the best open-source log management and log analyzer tools in the world.

What needs improvement?

The documentation for this solution is very important, and more needs to be developed. It was not as good as we expected, and because of that, we prefer to work on commercial solutions such as Splunk or ArcSight. If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution.

As you gather more and more data, and the data continues to grow, I think it is difficult to handle, administer, and perform declustering.

I would like to see support for machine learning, where it can make predictions based on the data that it has learned from our environment.

For how long have I used the solution?

We have been using this solution for six or seven months.

What do I think about the stability of the solution?

In terms of stability, we have had many problems when dealing with big data.

What do I think about the scalability of the solution?

There are six people who use this solution in our company.

How are customer service and technical support?

I do not use the commercial version so I cannot comment on technical support. The open-source community is very important for this solution.

If you previously used a different solution, which one did you use and why did you switch?

We used Splunk in parallel with this solution.

In my role as a Security Operations Center Analyst, I think that Splunk is more useful for me. This is because I do not work on analyzing application behavior. However, I help my colleagues with this task, using ELK Logstash, based on my experience with Splunk.

How was the initial setup?

The initial setup of this solution was complex.

We have an enterprise structure and we cannot just install this solution, Logstash, and Kibana (the data visualization plugin for this solution), to have a good experience. For example, we had to set up the SQL database.

We now have nine Elasticsearch nodes in the company that all work together in a cluster. It is not simple, but rather, an enterprise structure.

What's my experience with pricing, setup cost, and licensing?

We use the open-source version, so there is no charge for this solution.

Which other solutions did I evaluate?

The solution does not work as well as Splunk.

What other advice do I have?

Our company uses Logstash for gathering the data, and Kibana for searching. The two are used together.

This is a solution that I recommend. It is the best open-source product for people working in SO, managing and analyzing logs.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email