Elastic Search Reviews

There are a lot of good things about this solution. First, it is an extremely fast search. We have quite an extensive number of logs, and we can search through billions of documents in just a few minutes, and get the results we're looking for.

The second is easy indexing. We can index almost anything that comes from a log. Anything produced in the system can be ingested in Elastic Search.

I want the solution to improve the graph feature because it is a little bit poor. Both the graph feature and the reporting feature are a little bit lacking. The alerting also needs to be improved.

As for new features, I would like to see more on the network monitoring side. I can see that a lot has been done in server management, security, and application. However, I would love to see the same attention given to network management. If we could go and harvest the network information and bring it into Elastic Search, it would be the perfect solution for achieving a NOC and SOC environment.

I have been using this solution for five years.

We haven't had any stability issues at all. You just have to make sure that you are ingesting the right amount of data and maintaining your cluster by clearing up all of the data regularly. We input some script that tells the solution to drop any data it sees that is older than three months. It's as simple as that, and we're very happy with it. 

If you size your nodes properly, and a node drops or there is a problem, the product will still function. Last night, one of the nodes in my cluster crashed. I went in to check it and restarted the node, and the data appeared and everything was fine. I cannot say the same for a lot of other solutions.

The solution has great scalability. We started with one node, then went to three nodes, as recommended by Elastic. We then found ourselves with seven nodes, and eventually 11 nodes. Then we said, "Wait a minute, this is not going well because we keep adding data and running out of storage." That's when we decided to start dropping data after three months. 

I've seen a lot of improvement over the last five years. Five years ago, there was a little bit of tech support but it was not great. Recently, I opened some cases and the team gave me answers that included exactly what to do to resolve the problems. This shows that the support team has knowledge. It's not just someone who is sitting in the office and try to figure out the problem. When you give them a problem, they know exactly what's wrong and they'll offer the precise solution that will solve the problem. We have seen a lot of improvements in the last six months. I would rate the technical support as a four out of five because they are very knowledgeable. 

Positive

I would rate the initial setup process as a five out of five because it's the easiest product I've ever dealt with. When it needs to be upgraded, you just tell it to upgrade and the solution does it for you. 

We started with the open-source version and the price increases as you add nodes because it's node-based. The price kept increasing, so we decided to buy a license to get all the features and manage the clusters more efficiently. The price of Elastic Enterprise is very, very competitive. I think it was around $700. It was very cheap for our budget. We have other solutions from other vendors that are way more expensive.

The beauty of Elastic Search is that it's based on an open-source solution, so even if you don't want to keep your license, you can just switch it off and go back to the open-source version. You'll lose some of the features, but your data will still be there, and you'll still be able to manipulate it.

You can scale the pricing up and down, which is great flexibility for us because we are a government organization. When it comes to invoicing and payment, the government is a little slow. For example, we found that our license expired on December 31st, but the vendor still hadn't been paid, so they would not issue us a new license. We switched our license off and went back to open source mode until we were able to get our license again and switch back to Enterprise.

One time, we had a remote customer who was complaining about response time, and we couldn't figure out where the problem was located. We created a small setup, just one node of Elastic Search, and we started using it to ingest the network traffic that was going from that customer to our main site. Once we started ingesting the network traffic, we saw exactly what the problem was. We were able to solve the problem, and it only took us an hour.

What sets this solution apart from its competitors is the innovation. For example, look at the number of releases they're doing. About every three to six months, you have a new release with new features, and it's great. The good thing is that even if you don't like the innovation, you still follow an upgrade line, which means you don't lose anything from the past. You just keep getting new stuff pumped into Elastic Search. As a result, it's becoming more like an overall operational solution, when before, it was just a place where you dumped your logs.

My advice to new users of this solution is to start with a specific use case that's a simple or complicated problem that you want to address. Start with that use case, address it straight away, and keep expanding. For example, we started with a network traffic use case, then expanded into Syslog management of a network device. Next, we expanded to an event management server, and then we went into application management. Now we are in security logs, and it keeps expanding.

I would rate this solution as a seven out of ten because there is still a lot missing regarding network management. Also, machine learning is still not clear to me. A lot of the things in machine learning can be addressed straight away with other features, like a watcher or alerting. At this point, I don't see the benefit of machine learning when it comes to IT infrastructure.

In terms of use case, we combine a lot of things with Elastic. It's two platforms, so with Elasticsearch, we're using the Beats, Kibana, and Suricata. It's a query engine and we use the information from our sensors. It gets ingested into that and we use the resources to get everything put on our dashboards. If something is detected, alerts come up right away and it's very, very accurate. The more ingest it receives, the better we can respond to threats. It's not just Elastic or Logstash, it's a combination of those and other tools that we would apply towards our threat detection and prevention. We have a partnership with ELK.

The company provides excellent technical support and wonderful engineers, even their sales engineers are great. The dashboard is a valuable feature - it's awesome and very customizable. 

I would like to see more open source tools and testing as well as a signature analysis in the solution. I think that a lot of times when we go into a corporate environment where it becomes more add on features or an additional service fee, it typically draws away from that product. 

I think it would be cool if they could provide a couple of licenses that would be test bed licenses so that engineers and people with have their hands on the keyboard could test any new development. 

I've been using this solution for three or four years. 

It is a very scalable soluton. It is very easy and I would recommend it to anyone. In terms of users it's all tiered. Most things are from tier zero at egress point of any major large-scale network all the way down to the customer. We have roughly 200 users. And those would include analysts and real time threat analysts. 

I'm very satisfied with the technical support and would rate it highly. Sometimes there are issues because we are overseas and there is a six hour time difference which creates a lag. It's hard to get around that but they're very responsive. 

We had issues when we first did the initial setup, because our resources were limited because it was a test that it was a proof of concept. It meant the initial setup was somewhat resource intensive. The data NGS itself was an issue when we were trying to filter and pull that information. Again, a signature analysis would have been helpful here.

For anyone considering implementing this solution, I would say take a good hard look at your own infrastructure resources and scalability as you have to future proof everything. Whether it's scale or increase in customers building up through your actual hardware and your network infrastructure. You need to know it's capable of performing the tasks needed, because sometimes you outgrow yourself. So, I would say look at your resources and how it can be scaled.

I would rate this solution a nine out of 10. 

We are primarily using it for monitoring. It is used for server monitoring.

I really like the visualization that you can do within it. That's really handy. Product-wise, it is a very good and stable product.

They should improve its documentation. Their official documentation is not very informative. They can also improve their technical support. They don't help you much with the customized stuff.

They also need to add more visuals. Currently, they have line charts, bar charts, and things like that, and they can add more types of visuals. 

They should also improve the alerts. They are not very simple to use and are a bit complex. They could add more options to the alerting system.

I have been using this solution for one year.

Stability-wise, it is very good. Once the data starts coming in, it is very stable. I didn't find any big glitches in it.

We contacted their technical support once. I didn't find them very good. They are there just to provide documentation and stuff. They don't help you much with the customized stuff. They could improve that. I would rate them a two out of five.

It is complex because it is not Windows-based. It is Linux-based, so one must know Linux to deploy it properly. It is not a product that you can install with just multiple clicks. You need to understand it.

It seems good in terms of return on investment. It is a monitoring solution, and it triggers alerts before something happens. For example, it triggers an alert when the space in Windows reaches an 80% limit. I would say it is a good investment. We are able to fix things before they go wrong. If we didn't have Elasticsearch, things would go wrong, and we would be spending more time fixing them later on.

I would advise others to first know Linux because it would most probably be on Linux. If you're good at Linux, you will be good at this as well.

I would rate ELK Elasticsearch an eight out of ten.

We use the product for log analytics and metrics features. 

We can easily collect all the data and view historical trends using the product. We can view the applications and identify the issues effectively.

They could improve some of the platform's infrastructure management capabilities. There should be better visualization and insights about the cost of the SaaS services, which are not effective. Additionally, there needs to be more native integrations to merge the data.

We have been using Elastic Search for about a year.

I rate the stability a ten out of ten.

It is a highly scalable application. We have 15 users in our management team. I rate the scalability an eight out of ten.

I have experience working with Splunk in the past.

The initial setup for the SaaS platform is quite easy. We took assistance from an engineer for the onboarding. Thus, it was straightforward for us. However, there could be a better integration with AWS.

I rate the process a seven out of ten.

I rate Elastic Search's pricing an eight out of ten.

By integrating Deepgram insights with the product, we've gained visibility into logging, service behavior, and cost optimization.

I rate Elastic Search a nine out of ten.

It's a cloud-based service. At that time, we were using AWS, so we could get the same Elasticsearch capabilities from AWS. It was mostly a PaaS service that we could access. We had the Elasticsearch specific server and database hosted on an AWS instance, and then we fed the data to it and tried to fine-tune the algorithm to give the necessary search intelligence that we needed.

We're not using the latest version. We're using a version that was released one year ago.

The whole organization has about half a million users, but at any point of time, a hundred users might be using it.

The AI-based attribute tagging is a valuable feature. It passes through text data and identifies the tag-words and keywords and connects them to various attributes in the whole system. The system was supposed to run through a lot of existing data in terms of which tag-words would reflect which keywords. There was a model built on top of that. We were building a machine-learning model, which passed through all of the data and did the necessary attribute tagging. We couldn't find attribute tagging in other services.

We initially tried to do it in-house, but we couldn't get the accuracy that we wanted. Elasticsearch was quite efficient in terms of getting accuracy with the limited amount of data that we had. We had 10,000 to 20,000 records. Based on that, we had a good amount of accuracy, which we were happy with. There's a lot we can do with customization.

The documentation regarding customization could be better. Other than that, Elasticsearch has very good documentation. We can get a lot of information from forums.

I have worked with this solution for six months. 

The solution is stable.

As far as what we could accomplish, it was scalable, but we didn't have a lot of data that needed to be processed. We had 10,000 records and it was scalable.

We have reached out to tech support when we have had queries, and they respond in time. We didn't have an escalation process, but we had a lot of queries.

We chose Elasticsearch because we could build a model in a short amount of time. It allows us to build a whole setup in one month and get 93% accuracy. Even if you look at the complex AI-based features that we built within a shorter span, we could build that model with high accuracy, which wasn't possible with other search enterprise vendors that we used.

Setup was a little complex, but we had in-house expertise.

The solution needs regular fine-tuning in terms of the data model. As we get more and more data into the system, the predictability and accuracy of the output keeps changing. On the application and DB side, it was fine. Not a lot of maintenance was required.

Deployment was done in-house.

The solution is affordable. Previously, we wasted a lot of time by building our own system, which we could have avoided by moving to Elasticsearch earlier.

I would rate Elasticsearch as eight out of ten. 

Elasticsearch provides a lot of possibilities. You need to understand your requirements and how Elasticsearch can fulfill them. Somebody might be looking at a simple keyword service or attribute tagging. If you don't understand exactly what you're looking for, you'll get lost in their options and waste a lot of time.

The primary use case of this solution is to search large amounts of data across multiple systems.

The solution has improved our organization by allowing us to quickly search data from multiple systems saving valuable time.

The most valuable features are full-text search, the ability to index large amounts of data, map data in areas that are not fully structured, and scaling out.

The one area that can use improvement is the automapping of fields.

This may have been improved in the latest version.

I have been using the solution for a year.

The solution is stable. 

The solution is easily scalable.

There has not been a need to use customer service or support because of the vast amount of reliable forums available online.

The initial setup is straightforward. If you understand Linux you can deploy in a couple of days.

The implementation was completed in-house.

To access all the features available you require both the open source license and the production license.

I rate the solution seven out of ten.

In cases where the memory of the nodes is exceeded, you will need to manually step in to delete some data, otherwise, the solution maintains itself automatically with little need for human intervention.

The forced merge and forced resonate features reduce the data size, increasing reliability.

The open source license is not enough when dealing with a large amount of data. The production license is required when you have larger requirements.

I recommend the solution to anyone who needs to integrate a lot of old systems into a data lake.

We are developing a SIEM application that is similar to QRadar, ArcSight, or Splunk. This application uses Elasticsearch as its search engine because we want to retrieve information fast. We are just using the basic search engine part of Elasticsearch. We have developed lots of things on top of Elasticsearch, such as security, correlation, reporting, etc.

The search speed is most valuable and important.

Its licensing needs to be improved. They don't offer a perpetual license. They want to know how many nodes you will be using, and they ask for an annual subscription. Otherwise, they don't give you permission to use it. Our customers are generally military or police departments or customers without connection to the internet. Therefore, this model is not suitable for us. This subscription-based model is not the best for OEM vendors. 

Another annoying thing about Elasticsearch is its roadmap. We are developing something, and then they say, "Okay. We have removed that feature in this release," and when we are adapting to that release, they say, "Okay. We have removed that one as well." We don't know what they will remove in the next version. They are not looking for backward compatibility from the customers' perspective. They just remove a feature and say, "Okay. We've removed this one."

In terms of new features, it should have an ODBC driver so that you can search and integrate this product with existing BI tools and reporting tools. Currently, you need to go for third parties, such as CData, in order to achieve this. ODBC driver is the most important feature required. 

Its Community Edition does not have security features. For example, you cannot authenticate with a username and password. It should have security features. They might have put it in the latest release.

I have been using this solution since version 1.0.

For a one-node installation, it is easy. You can do it and retrieve information fast, but when you are trying to scale up, everything becomes complicated. If you want to deal with several terabytes of data, you should read whitepapers or case studies or get proper consultancy from Elasticsearch. Otherwise, you will lose data. I know many customers who lost their data and could not recover it. It is not like you store everything and search for everything, and it is just instant. It is not like that. You should do your homework very intensively. It looks easy, but when you scale up, it gets complicated.

We got 60 days of development consultancy with them. Until we sign the agreement, they were quick and prompt. After the signature it changed. Overall experience, we are not satisfied with the development consultancy.

We switched from SQL Server to Elasticsearch. For our application, we wanted the information very fast without locking everything. In SQL Server or Oracle, that would not have been possible. Deleting is also very difficult in SQL Server.

Its initial setup is straightforward. There were no problems.

We are using the Community Edition because Elasticsearch's licensing model is not flexible or suitable for us. They ask for an annual subscription. We also got the development consultancy from Elasticsearch for 60 days or something like that, but they were just trying to do the same trick. That's why we didn't purchase it. We are just using the Community Edition.

We evaluated other products and chose Elasticsearch because the data that we are collecting is unstructured. Every log has a different structure.

The most important thing to keep in mind is that it is not as they advertise on their site. If you want to scale up and are looking for a big deployment, you must read everything. You also need support from the company itself. 

I would rate ELK Elasticsearch a seven out of ten.

The tool's stability and performance are good. 

Elastic Search needs to improve its technical support. It should be customer-friendly and have good support. 

I have been using the product for a year. 

The tool is stable; I rate it an eight to nine out of ten. 

The product is scalable, and I rate it a ten out of ten. My company has three users. We use it regularly. 

You need three resources to handle the deployment. 

The tool is not expensive. Its licensing costs are yearly. 

I rate Elastic Search an eight out of ten. You can use the product if you are looking for value for money.