We just raised a $30M Series A: Read our story
2019-04-03T08:39:00Z

What needs improvement with ELK Elasticsearch?

4

Please share with the community what you think needs improvement with ELK Elasticsearch.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
2020 Answers

author avatar
Top 20Real User

Elasticsearch includes mechanisms for ingesting data into the cluster. So it would be great if those mechanisms could be simplified. Improving machine learning capabilities would be beneficial.

2021-10-21T07:50:37Z
author avatar
Top 20Real User

They could simplify the Filebeat and Logstash configuration piece. There are a lot of manual steps on the operating system. It could be simplified in the user interface.

2021-09-15T15:58:10Z
author avatar
Top 5LeaderboardReal User

The price could be better. Kibana has some limitations in terms of the tablet to view event logs. I also have a high volume of data. On the initialization part, if you chose Kibana, you'll have some limitations. Kibana was primarily proposed as a log data reviewer to build applications to the viewer log data using Kibana. Then it became a virtualization tool, but it still has limitations from a developer's point of view.

2021-07-08T01:32:46Z
author avatar
Top 5LeaderboardReal User

They should improve its documentation. Their official documentation is not very informative. They can also improve their technical support. They don't help you much with the customized stuff. They also need to add more visuals. Currently, they have line charts, bar charts, and things like that, and they can add more types of visuals. They should also improve the alerts. They are not very simple to use and are a bit complex. They could add more options to the alerting system.

2021-05-20T00:45:18Z
author avatar
Top 20Real User

Its licensing needs to be improved. They don't offer a perpetual license. They want to know how many nodes you will be using, and they ask for an annual subscription. Otherwise, they don't give you permission to use it. Our customers are generally military or police departments or customers without connection to the internet. Therefore, this model is not suitable for us. This subscription-based model is not the best for OEM vendors. Another annoying thing about Elasticsearch is its roadmap. We are developing something, and then they say, "Okay. We have removed that feature in this release," and when we are adapting to that release, they say, "Okay. We have removed that one as well." We don't know what they will remove in the next version. They are not looking for backward compatibility from the customers' perspective. They just remove a feature and say, "Okay. We've removed this one." In terms of new features, it should have an ODBC driver so that you can search and integrate this product with existing BI tools and reporting tools. Currently, you need to go for third parties, such as CData, in order to achieve this. ODBC driver is the most important feature required. Its Community Edition does not have security features. For example, you cannot authenticate with a username and password. It should have security features. They might have put it in the latest release.

2021-03-31T15:43:54Z
author avatar
Top 5LeaderboardConsultant

It should be easier to use. It has been getting better because many functions are pre-defined, but it still needs improvement. If you have a large enterprise environment, it is costing a lot of money and it's not a full-blown SIEM. It has SIEM features but a lot is missing. You need to involve other products to make a SIEM out of it. Some of the other products needed were Apache, Kafka, and ticket tools. It was custom made and not what I had expected in the end. I would like to see them get closer to a full-blown orchestrated SIEM, and create predefined modules to bring you to using it as a SIEM faster, and on the fly instead of having to tweak the Grok filter for weeks. I would like to see more pre-defined modules.

2021-01-04T13:49:14Z
author avatar
Top 5LeaderboardReal User

I have not been using the solution for many years to know exactly the improvements needed. However, they could simplify how the YML files have to be structured properly. If you want to ingest certain logs, you need to edit the YML file and connect it to your modules to start ingesting and parsing the end-user logs. Doing this is sometimes difficult and could be streamlined.

2020-12-21T22:29:00Z
author avatar
Top 5LeaderboardReal User

We run this solution on multiple servers. ELK has three lanes which comprise a single package made up of Elasticsearch, Logstash, and Kibana. To my mind, this is not efficient because we have to individually deploy the different applications. In contrast, we're able to deploy Splunk with a singe application. Implementing the dashboards is also quite difficult. With Splunk and Nagios it's much easier to directly interact with Elasticsearch. I'd like to see some additional features in the front end which currently make it a bit difficult to implement and it should be simplified.

2020-11-23T15:53:39Z
author avatar
Top 20Real User

Enhance the Spaces feature to make it fully multi-tenant by enabling role-based access control (RBAC) at a Space level rather than overall Kibana or stack level like it is currently. Elastic needs to work on their Machine Learning offering because currently they have been trying to make it a black box which doesn't work for a serious user (a Data Scientist) as it doesn't give any control over the underlying algorithm. It's like a point-and-click camera vs a DSLR. The offering started with a single/ univariate anomaly detection on time-series data. Now, they have a multivariate which is good, but beyond this, we cannot build any other Machine Learning models, like traditional supervised models. Anomaly detection uses mostly unsupervised algorithms and also it is a very broad problem space for a black box to solve it fully. Make index’s metadata searchable (or referenceable in search queries).

2020-11-19T16:53:00Z
author avatar
Top 20Real User

There are a few things that did not work for us. When doing a search in a bigger setup, with a huge amount of data where there are several things coming in, it has to be on top of the index that we search. There could be a way to do a more distributed kind of search. For example, if I have multiple indexes across my applications and if I want to do a correlation between the searches, it is very difficult. From a usage perspective, this is the primary challenge. I would like to be able to do correlations between multiple indexes. There is a limit on the number of indexes that I can query or do. I can do an all-index search, but it's not theoretically okay on practical terms we cannot do that. In the next release, I would like to have a correlation between multiple indexes and to be able to save the memory to the disk once we have built the index and it's running. Once the system is up, it will start building that in memory. We need to be able to distribute it across or save it to have a faster load time. We don't make many changes to the data that we are creating, but we would like archived reports and to be able to retrieve those reports to see what is going on. That would be helpful. Also, if you provide a customer with a report or some archived queries, that the customer is looking at when they are creating, at first it will be slow while putting up their data or subsequently doing it. I want it to be up and running efficiently. If the memory could be saved and put back into memory as it is, then starts working it would reduce the load time then it will be more efficient from a cost perspective and it will optimize resource usage.

2020-10-22T15:53:47Z
author avatar
Top 20Real User

Technical support should be faster.

2020-10-11T08:58:18Z
author avatar
Top 20Real User

Kibana should be more friendly, especially when building dashboards. Stability needs improvement. I would like to see the Kibana operating more smoothly, as Grafana does. Also, I would like to see some improvements with the machine learning capability, so that we can rely on it more. It's in the early phases but this would be a great way to start using it. When it comes to aggregation and calculations, I would like to have to have advanced options in the dashboards to be used in a simplified way, such as building formulas and queries between different fields and indexes. Alerting feature should be more flexible with advanced options.

2020-08-02T08:16:43Z
author avatar
Top 20Real User

The solution has quite a steep learning curve. The usability and general user-friendliness could be improved. However, that is kind of typical with products that have a lot of flexibility, or a lot of capabilities. Sometimes having more choices makes things more complex. It makes it difficult to configure it, though. It's kind of a bitter pill that you have to swallow in the beginning and you really have to get through it. Once you begin to understand the concepts and how to actually look for data it's a very pleasant solution, but the learning curve is very steep in the beginning, to the point that they could improve it to make it a bit less intimidating to start. There needs to be a bit more intuition behind the architecture and the data search.

2020-06-18T05:17:50Z
author avatar
Real User

I would like to see more open source tools and testing as well as a signature analysis in the solution. I think that a lot of times when we go into a corporate environment where it becomes more add on features or an additional service fee, it typically draws away from that product. I think it would be cool if they could provide a couple of licenses that would be test bed licenses so that engineers and people with have their hands on the keyboard could test any new development.

2020-05-10T08:06:06Z
author avatar
Real User

I think the GUI part of the solution has the most room for improvement. Actually, we are using the free version. We do not use the plug-ins so we have to do some additional development ourselves to have the necessary access to the controls. We are not a heavy user, we just keep the logs and track data in the system. We use it and there is no problem for our current purposes and level of use.

2019-12-15T05:58:00Z
author avatar
Top 20Real User

In terms of product improvement, ratio aggregation is not supported in this solution. I can do aggregations, but taking a ratio of two metrics is not supported. That's a common use case that I have come across. And if I want to do bulk coding then that's something that is not very convenient. I would like those things to be included in the next version.

2019-12-09T10:59:00Z
author avatar
Top 20Real User

The pricing of this product needs to be more clear because I cannot understand it when I review the website.

2019-09-19T08:39:00Z
author avatar
Real User

This is not a robust system, so in terms of resilience, they have to make some improvements. From time to time the system goes down and we have to start again, after adjusting some configuration parameters. Technical support can be improved. The interface would be improved with the inclusion of dashboards to assist in analyzing problems because it is very difficult. Better dashboards or a better configuration system would be very good.

2019-08-26T06:42:00Z
author avatar
User

This product could be improved with additional security, and the addition of support for machine learning devices.

2019-04-19T21:29:00Z
author avatar
Real User

Elasticsearch is useful for different business processes, but there are some problems. We discuss these problems with the vendor and with our in-house team. We see the need for some improvements with Elasticsearch. We would like the Elasticsearch package to include training lessons for our staff.

2019-04-03T08:39:00Z
Learn what your peers think about ELK Elasticsearch. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.