Likelihood to Recommend Perfect for projects where
Elasticsearch makes sense: if you decide to employ ES in a project, then you will almost inevitably use LogStash, and you should anyways. Such projects would include: 1. Data Science (reading, recording or measure web-based Analytics, Metrics) 2. Web Scraping (which was one of our earlier projects involving LogStash) 3. Syslog-ng Management: While I did point out that it can be a bit of an electric boo-ga-loo in finding an errant configuration item, it is still worth it to implement Syslog-ng management via LogStash: being able to fine-tune your log messages and then pipe them to other sources, depending on the data being read in, is incredibly powerful, and I would say is exemplar of what modern Computer Science looks like: Less Specialization in mathematics, and more specialization in storing and recording data (i.e. Less Engineering, and more Design).
Read full review It works extremely well for investigating the root cause analysis of events because you can see so much detail into what was happening before, after, and around the detective incident. A weak point would be when the AI gets a little over-aggressive or doesn’t quite understand the use case for specific tools. Our RMM tool was detected as a pup.
Read full review Pros Logstash design is definitely perfect for the use case of ELK. Logstash has "drivers" using which it can inject from virtually any source. This takes the headache from source to implement those "drivers" to store data to ES. Logstash is fast, very fast. As per my observance, you don't need more than 1 or 2 servers for even big size projects. Data in different shape, size, and formats? No worries, Logstash can handle it. It lets you write simple rules to programmatically take decisions real-time on data. You can change your data on the fly! This is the CORE power of Logstash. The concept is similar to Kafka streams, the difference being the source and destination are application and ES respectively. Read full review Installs on all of our Windows machines and only requires 1 reboot for the install to finish. It allows you to customize the UI and filters based on your use case. Gives a very high level of visibility into any concerns you have or should have in your network. Read full review Cons Since it's a Java product, JVM tuning must be done for handling high-load. The persistent queue feature is nice, but I feel like most companies would want to use Kafka as a general storage location for persistent messages for all consumers to use. Using some pipeline of "Kafka input -> filter plugins -> Kafka output" seems like a good solution for data enrichment without needing to maintain a custom Kafka consumer to accomplish a similar feature. I would like to see more documentation around creating a distributed Logstash cluster because I imagine for high ingestion use cases, that would be necessary. Read full review Possibly for compatibility with legacy Windows OS's and non Windows OS's. Some settings are greyed out and unable to change but I believe this is to protect you from making a bad configuration change. Could do better with reporting at the base level subscription. Read full review Likelihood to Renew Reliable for simple installation and above all efficient
Read full review Usability There are some minor issues with the platform that can be mildly frustrating, but the overall performance, peace of mind, and ROI make it worth using. The management console is intuitive and easy to learn, the endpoint clients are simple but give IT professionals enough data to make management easy and simple
Read full review Support Rating Their support is good and quick to respond. The one issue we faced was when a non-protection issue arose there was a lot of dancing around trying to figure things out. This was frustrating as it took significantly longer to figure out issues. Lots of repetitive log gathers, screen caps, uninstalls that never seemed to resolve issues. Eventually, the product would be updated and the issue seemed to be resolved, but seemed to be the only solution.
Read full review Alternatives Considered MongoDB and
Azure SQL Database are just that: Databases, and they allow you to pipe data into a database, which means that alot of the log filtering becomes a simple exercise of querying information from a DBMS. However, LogStash was chosen for it's ease of integration into our choice of using ELK
Elasticsearch is an obvious inclusion: Using Logstash with it's native DevOps stack its really rational
Read full review SentinelOne had all of the major features that we were looking for. The other products either required too much administrative attention or were lacking key features. For example, one could be uninstalled by the end user. We required that the installation be password protected to protect against end user disabling or uninstalling. One product required manual intervention for all remediation which put to high a burden on limited staff. All products are always being revised so these may no longer be issues but they had a significant impact on our decision.
Read full review Return on Investment Positive: Learning curve was relatively easy for our team. We were up and running within a sprint. Positive: Managing Logstash has generally been easy. We configure it, and usually, don't have to worry about misbehavior. Negative: Updating/Rehydrating Logstash servers have been little challenging. We sometimes even loose data while Logstash is down. It requires more in-depth research and experiments to figure the fine-grained details. Negative: This is now one more application/skill/server to manage. Like any other servers, it requires proper grooming or else you will get in trouble. This is also a single point of failure which can have the ability to make other servers useless if it is not running. Read full review SentinelOne has already proved its value by stopping attacks that would have gone otherwise unnoticed until much later in their infection process. The Vigilance team has provided quick response to threats that were not easily contained via the automated response SentinelOne's agents provide. This has given us a significant piece of mind. Read full review ScreenShots SentinelOne Singularity Screenshots