ELK Logstash Room for Improvement

CharlesNetshivhera
Senior DevOps Engineer at a financial services firm with 10,001+ employees
We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised. We are planning to go into the production to use the enterprise edition, we just wanted to check how this one works first. I think maybe on the last exercise part, I think the index rotation can be improved. It's something that they need to work on. It can be complex on how the index, all the logs that have been ingested, the index rotation can be challenging, so if they can work on that. In terms of ingestion, I think they should look at incorporating all operating systems. It should be easy to collect logs from different sources without a workaround to push the logs into the system. For example, in AIX, there's no direct log shipper so you do need to do a bit of tweaking there. View full review »
reviewer1174176
Associate Delivery Lead at a tech services company with 1,001-5,000 employees
In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready-made, so you'll have to write some scripts. This is the case, especially with a trade. If you are comparing it with a SIEM tool, you don't have ready-made use cases. I would say that to have a better place in the market they should have more built-in use cases so that rather than people creating them, the prime uses had inbuilt use cases. It could even include more templates or automation. View full review »
reviewer1363986
IT at a tech vendor with 10,001+ employees
The solution is lacking some features of AI and machine learning. There may be a feature out there we are not using or maybe it's on a different solution, however, having more AI would be so helpful for us. The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that. I know there are some features which are coming, and which is already available. To be honest, I haven't had any time to play around and check what could be the advantages of them. Compared to other products, already the features available - and there are lots of things which are provided - are quite useful. We are not managing it. We're only using it. For us, if we had the technical skills to manage the solution, we might be able to see and understand a few features that we're not already taking advantage of. View full review »
Learn what your peers think about ELK Logstash. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
454,950 professionals have used our research since 2012.
reviewer1090929
Information Technology Engineer at a university with 501-1,000 employees
We don't like the SIEM in version 7. It was introduced about three months ago, and it's not what we need. The machine learning is not included in the free version. It is only included in the Platinum or Gold versions. It would be helpful if the machine learning features were available even on the free version of the solution. RSA and IBM are other solutions that also offer machine learning, which is interesting for us, but they cost money. View full review »
Fazil BasheerSyed
Co Founder at Basheer Sharma Enterprises LLP
I would like the process of retrieving archived data and viewing it in Kibana to be simplified. We ran into trouble once or twice regarding problems with timestamps that came about because of issues with memory. Consequently, the correct data was not logged and it had to be done again. View full review »
AmirJalilzadeh
Security Operation Center Analyst at Sadad
The documentation for this solution is very important, and more needs to be developed. It was not as good as we expected, and because of that, we prefer to work on commercial solutions such as Splunk or ArcSight. If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution. As you gather more and more data, and the data continues to grow, I think it is difficult to handle, administer, and perform declustering. I would like to see support for machine learning, where it can make predictions based on the data that it has learned from our environment. View full review »
Maxime AGARIM
Junior System Engineer at Efficom-lille
Our system architect has noticed a slowdown of the solution, but I don't see a slowdown. One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty. View full review »
Shadow Fx
User at a comms service provider with 51-200 employees
There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated. It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually. View full review »
MarioReale
Cloud Engineer at GARR
Configuring the server is difficult and can be improved. I would like to have a high availability set up that is easy to configure. Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution. View full review »
reviewer991806
Founder & Chief Executive Officer at a consultancy with 11-50 employees
The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there. View full review »
reviewer1269303
Senior Manager Analytics at a financial services firm with 501-1,000 employees
This solution cannot do predictive maintenance, so we have to build our own modules for doing it. It doesn't do advanced analytics. They should have some advance analytics in this solution. With Kibana, we wanted it to be easier to use. The data visualization is there but it should be easier to use. Also, they should start proving APIs for doing ML and AI. View full review »
Learn what your peers think about ELK Logstash. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
454,950 professionals have used our research since 2012.