ELK Logstash Pros and Cons

The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash.

ELK Logstash is easy and fast, at least for the initial setup with the out of box uses.

The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes.

The feature that helps us to create a report for the login testing of Logstash is the most valuable aspect of the solution.

The most valuable feature for me is Discover.

It is the best open-source product for people working in SO, managing and analyzing logs.

I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash.

The visualization is very good.

The most valuable feature is the ability to collect authentication information from service providers.

The feature that we have found the most valuable is scalability.

We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised.

In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts.

The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that.

The machine learning is not included in the free version. It is only included in the Platinum or Gold versions. It would be helpful if the machine learning features were available even on the free version of the solution. RSA and IBM are other solutions that also offer machine learning, which is interesting for us, but they cost money.

I would like the process of retrieving archived data and viewing it in Kibana to be simplified.

If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution.

One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty.

There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.

Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution.

The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there.