ELK Logstash Room for Improvement

reviewer1090929
Information Technology Engineer at a university with 501-1,000 employees
We don't like the SIEM in version 7. It was introduced about three months ago, and it's not what we need. The machine learning is not included in the free version. It is only included in the Platinum or Gold versions. It would be helpful if the machine learning features were available even on the free version of the solution. RSA and IBM are other solutions that also offer machine learning, which is interesting for us, but they cost money. View full review »
AmirJalilzadeh
Security Operation Center Analyst at Sadad
The documentation for this solution is very important, and more needs to be developed. It was not as good as we expected, and because of that, we prefer to work on commercial solutions such as Splunk or ArcSight. If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution. As you gather more and more data, and the data continues to grow, I think it is difficult to handle, administer, and perform declustering. I would like to see support for machine learning, where it can make predictions based on the data that it has learned from our environment. View full review »
Shadow Fx
User at a comms service provider with 51-200 employees
There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated. It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually. View full review »
Find out what your peers are saying about Elastic, Graylog, IBM and others in Log Management. Updated: January 2020.
397,717 professionals have used our research since 2012.
Prabhanshu Pandit
Programmer at a tech services company
Email notification should be done the same way as Logentries does it. Because of the notification issue we moved to Logentries, as it provides a simple way to get notification whenever a server encounters an error or something unexpected happens (which we have defined using Regex). We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there). View full review »
Find out what your peers are saying about Elastic, Graylog, IBM and others in Log Management. Updated: January 2020.
397,717 professionals have used our research since 2012.