ELK Logstash Questions

Senior Software Engineer at a tech services company with 501-1,000 employees
Jun 22 2021

Dear community members, 

I've been exploring Datadog vs ELK and I need your opinion about both of them in terms of performance, cost, and efficiency? Which one would you recommend?

Shibu BabuchandranDatadog: Unify logs, metrics, and traces from across your distributed… more »
Aji JosephIt depends on your requirement. If you are looking for a SIEM/log management… more »
reviewer1584621Dear, Unfortunately, I can't say much about Datadog but I have used ELK for a… more »
Julia Frohwein
Content and Social Media Manager
IT Central Station
Jun 15 2021

Hi Everyone,

What do you like most about ELK Logstash?

Thanks for sharing your thoughts with the community!

Julia Frohwein
Content and Social Media Manager
IT Central Station
Jun 15 2021


We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Miriam Tover
Content Specialist
IT Central Station
Jun 15 2021

Please share with the community what you think needs improvement with ELK Logstash.

What are its weaknesses? What would you like to see changed in a future version?

Julia Frohwein
Content and Social Media Manager
IT Central Station
Jun 15 2021

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Miriam Tover
Content Specialist
IT Central Station
Jun 15 2021

If you were talking to someone whose organization is considering ELK Logstash, what would you say?

How would you rate it and why? Any other tips or advice?

Log Management Questions
Ertugrul Akbas
Manager at a computer software company with 11-50 employees
Sep 13 2021

Hot data is necessary for live security monitoring. 

Archive data (cold data) is not available fastly. It takes days to make archive data live if the archive data time frame is more than 30 days (in most of the SIEM solutions). 

As an example, SolarWinds said the attackers first compromised its development environment on Sept. 4, 2019. So, to investigate the SolarWinds case, we have to go back to Sept. 4, 2019, from now on (July 13, 2021). In this case, we need at least 18 months of live data.

Image: SolarWinds

The second example of why hot data is critical is from the IBM data breach report. The average time to identify and contain a breach is 280 days, according to this report.

Hot data gives defenders the quick access they need for real-time threat hunting, but hot data is more expensive than the archive option in current SIEM solutions. 

Keeping data hot for SIEM use is inevitably one of the most expensive data storage options.

What are your thoughts about it, dear professionals?

reviewer1469436We changed our model to be able to cover such critical long-term cases.  We… more »
IT Central Station
Aug 09 2021

How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution?

Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log management and SIEM?

Lindsay MiethRony, Daniel's answer is right on the money.  There are many solutions for each… more »
Daniel SichelLog Management is just that, it looks at logs from devices and attempts to make… more »
David Rivas HueteIn short, Log Management refers to the collection, storage, and organizing of… more »
Nurit Sherman
Content Specialist
IT Central Station
Sep 23 2021

Hi community members,

We know it's important to conduct a trial and/or proof of concept as part of the buying process. 

Do you have any advice for our community about the best way to conduct a trial or PoC? How do you conduct a trial effectively? 

Are there any mistakes to avoid?

Carl PhillipsAt the risk of sounding flippant,  I personally believe that the best way to… more »
Kent Gladstone-USAMark is correct but there are things to look for. Do you have a set of… more »
UmbertoAlloniHello, for my experience a good Log management POC task must include: -… more »
Ariel Lindenfeld
Sr. Director of Community
IT Central Station
Jun 29 2021

Dear members, 

Let the community know what you think. Share your professional opinion!

Gerrit BoeleLog Management should be a separate function of correlation. Correlation is best… more »
Jeff Uhlich-Searchability -Compression -Encryption
Harris WardUnderstanding what your organization is capable of monitoring and responding to… more »