What is our primary use case?
The primary use cases are for infrastructure monitoring networks, security analytics, and SIEM.
We are evaluating it for business analytics as well.
What is most valuable?
The feature that I have found most valuable is the infrastructure monitoring part because it is quite easy. If you want to get up and running, we could create use cases in four to five days. So the initial infrastructure for simple analytics is quite easy.
ELK Logstash is easy and fast, at least for the initial setup with the out of box uses. I'm not talking about advanced use cases, but the basic ones are quite easy to configure.
What needs improvement?
In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready-made, so you'll have to write some scripts. This is the case, especially with a trade. If you are comparing it with a SIEM tool, you don't have ready-made use cases.
I would say that to have a better place in the market they should have more built-in use cases so that rather than people creating them, the prime uses had inbuilt use cases. It could even include more templates or automation.
For how long have I used the solution?
I have been using this solution almost 10 - 11 months.
What do I think about the stability of the solution?
In terms of stability, as a starting point with simple use cases, it's quite easy and fast to deploy.
What do I think about the scalability of the solution?
In terms of assessing its scalability, we have not gone with a very huge amount of data yet so it is early to comment on that. We started with three node architecture and I think slowly we'll scale up.
It is suitable for small to large businesses. We have started small but we plan to scale it up.
Currently, we are using the solution between 16 and 24 hours a day, 7 days a week for live monitoring.
How are customer service and technical support?
We have been in touch with support and raised tickets a couple of times, especially when we get stuck with respect to some advanced level issues.
Sometimes the reply has been quite fast and sometimes it has taken maybe 24 to 48 hours. They could definitely improve a bit on their support.
How was the initial setup?
We have done both setups, on-premise as well as on AWS.
The installation is quite okay. We have done three or four installations and it's fine. We have deployed on Windows as well as on Linux platforms.
I don't get involved in the installation, but I have a small team who does it and based on their experience, we have installed in one day.
The installation of full-frame solutions is quite smooth.
What about the implementation team?
We implement it ourselves in-house. We have a technical team that does it. We can refer to blogs in case we get stuck, but so far it's been smooth.
If you have a basically knowledgeable person, even without a lot of experience, as we had on our team, people with only two months' experience, they have been able to do it quite well in a day or two.
Which other solutions did I evaluate?
Until now, we have not evaluated the Elastic cloud version, which is the fast kind of solution. But we have deployed the on-premise as well as the AWS options.
What other advice do I have?
Based on my experience, it's quite easy and manageable with small scale implementations, and the time to market is quite fast. I can have good monitoring with a couple of use cases set up in less than four weeks.
In terms of other advice, it depends what I am looking for. Am I looking at this as a platform or for a specific use case? If I see it as a platform, I would definitely say it's a good platform to work on. In that case, I would rate it an eight on a scale of one to ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner