We just raised a $30M Series A: Read our story
2019-08-08T07:02:00Z

What needs improvement with ELK Logstash?

11

Please share with the community what you think needs improvement with ELK Logstash.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
1616 Answers

author avatar
Top 5Real User

We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10.

2021-09-07T20:37:45Z
author avatar
Top 5Real User

The troubleshooting or diagnostic tool can be improved to provide a better understanding of internal behavior and how data is stored. It would also be helpful if they were to release the next version as a plugin or an extension, or as a JAR file, for the latest features. When releasing a new version they currently provide a new stack which means everything needs to be removed before the new version is installed.

2021-06-15T14:50:34Z
author avatar
Top 20Real User

Using ELK the first time there was a lack of security. We had to buy the paid version due to the fact that we needed to secure access to Kubernetes. The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes. In fact, you have to monitor the stack and it's very, very difficult. Sometimes we lose indexes or we have nothing on the dashboard.

2021-05-07T15:17:51Z
author avatar
Top 20Real User

The solution does not have a UI and this is one of the reasons we are looking for another solution. When setting up some of the pipelines we are receiving different types of log messages with different patterns. When I try to force a certain pattern I need to restart the solution causing a huge inconvenience for us.

2021-04-01T18:54:22Z
author avatar
Top 5Real User

Sometimes, the solution isn't the easiest to use. The solution probably doesn't have all of the advanced machine learning like some other SIEM providers have right now. It's something that could be improved upon.

2021-03-05T22:55:47Z
author avatar
Top 20Real User

This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage. We need to be able to monitor from any location in the world and any location in the company. We find that solutions such as Dynatrace and Datadog offer much more functionality, perhaps due to the fact that they are more mature. The solution needs to integrate more AI capabilities, specifically to assist in anomaly detection. The instrumentation of APM can be enhanced; can be better. It's not automated. It's a very manual process. This ends up being more costly for us. Dynatrace and Datadog are better in this area. The support on offer could be much better.

2021-02-24T07:05:01Z
author avatar
Top 5Real User

We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised. We are planning to go into the production to use the enterprise edition, we just wanted to check how this one works first. I think maybe on the last exercise part, I think the index rotation can be improved. It's something that they need to work on. It can be complex on how the index, all the logs that have been ingested, the index rotation can be challenging, so if they can work on that. In terms of ingestion, I think they should look at incorporating all operating systems. It should be easy to collect logs from different sources without a workaround to push the logs into the system. For example, in AIX, there's no direct log shipper so you do need to do a bit of tweaking there.

2020-12-07T15:14:00Z
author avatar
Top 20Real User

The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there.

2020-08-09T07:19:00Z
author avatar
Top 20Real User

The solution is lacking some features of AI and machine learning. There may be a feature out there we are not using or maybe it's on a different solution, however, having more AI would be so helpful for us. The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that. I know there are some features which are coming, and which is already available. To be honest, I haven't had any time to play around and check what could be the advantages of them. Compared to other products, already the features available - and there are lots of things which are provided - are quite useful. We are not managing it. We're only using it. For us, if we had the technical skills to manage the solution, we might be able to see and understand a few features that we're not already taking advantage of.

2020-08-03T06:11:07Z
author avatar
Top 20Real User

I would like the process of retrieving archived data and viewing it in Kibana to be simplified. We ran into trouble once or twice regarding problems with timestamps that came about because of issues with memory. Consequently, the correct data was not logged and it had to be done again.

2020-07-07T11:18:18Z
author avatar
Top 20Real User

Our system architect has noticed a slowdown of the solution, but I don't see a slowdown. One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty.

2020-03-22T06:49:00Z
author avatar
Top 20Real User

In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready-made, so you'll have to write some scripts. This is the case, especially with a trade. If you are comparing it with a SIEM tool, you don't have ready-made use cases. I would say that to have a better place in the market they should have more built-in use cases so that rather than people creating them, the prime uses had inbuilt use cases. It could even include more templates or automation.

2020-03-04T08:49:00Z
author avatar
Top 10Real User

Configuring the server is difficult and can be improved. I would like to have a high availability set up that is easy to configure. Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution.

2020-03-03T08:47:43Z
author avatar
Top 20Real User

This solution cannot do predictive maintenance, so we have to build our own modules for doing it. It doesn't do advanced analytics. They should have some advance analytics in this solution. With Kibana, we wanted it to be easier to use. The data visualization is there but it should be easier to use. Also, they should start proving APIs for doing ML and AI.

2020-03-03T08:47:40Z
author avatar
Real User

There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated. It would be good if I could get technical support for specific devices. I think that Windows should have some specific connectors. When we implemented a new product, we had to create it manually.

2019-09-10T10:06:00Z
author avatar
Top 20Real User

The documentation for this solution is very important, and more needs to be developed. It was not as good as we expected, and because of that, we prefer to work on commercial solutions such as Splunk or ArcSight. If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution. As you gather more and more data, and the data continues to grow, I think it is difficult to handle, administer, and perform declustering. I would like to see support for machine learning, where it can make predictions based on the data that it has learned from our environment.

2019-08-08T07:02:00Z
Learn what your peers think about ELK Logstash. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,029 professionals have used our research since 2012.