Top Rated
Top Rated



Elasticsearch OSS Review

We are using this in conjunction with other applications such as Atlassian stack. So this is being used throughout the whole organization …

Elasticsearch: Open-source, Fast, Excellent!

Elasticsearch is currently our log aggregator and SIEM. It is collecting Windows Event Logs, Syslog, DNS logs and HIDS logs. We use it in …
Read full review

An amazing search engine

Elasticsearch is being used for multiple purposes in multiple projects: centralized log management, APM, Metrics Collection as a TSDB, and …

Reviewer Pros & Cons

View all pros & cons


View all pricing



per month



per month



per month

Entry-level set up fee?

  • No setup fee


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Features Scorecard

No scorecards have been submitted for this product yet..

Product Details

What is Elasticsearch?

Elasticsearch is an enterprise search tool from Elastic in Mountain View, California.

Elasticsearch Technical Details

Deployment TypesSaaS
Operating SystemsUnspecified
Mobile ApplicationNo


View all alternatives

Frequently Asked Questions

What is Elasticsearch?

Elasticsearch is an enterprise search tool from Elastic in Mountain View, California.

What is Elasticsearch's best feature?

Reviewers rate Support Rating highest, with a score of 7.8.

Who uses Elasticsearch?

The most common users of Elasticsearch are from Enterprises and the Computer Software industry.


(1-25 of 177)
Companies can't remove reviews or game the system. Here's why
Borislav Traykov | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use Elasticsearch (Elastic for short, but that includes Kibana & LogStash so the full ELK kit) for 3 major purposes:
  • product data persistence - as JSON objects.
  • as log storage - different components produce log files in different formats + logs from other systems like the OSes and even some networking appliances.
  • as test automation results storage & reporting platform - this is an implementation we glimpsed from an old Trivago blog post.
Different forms of Elastic are being used across the company - the vanilla one, OpenDistro and OpenSearch. Licensing limbo + long-term support make people here jump from one implementation to another.
  • Data persistence & retriveval
  • Data indexing
  • Metrics & reporting over data thanks to its query language & Kibana visualization
  • Flexibility of data sources - a lot of existing "beats" + ability to push custom data easily
  • Very scalable - although a minimum of 3 nodes is advised, even a 1-node installation can work great for some use cases.
  • Licensing - this is big issue with a lot of companies that try to embed Elasticsearch as a part of their products and not have to expose that explicitly or deal with licensing complications.
  • Security - this is not a feature enabled by default so installations can go and be unsecure & thus exploited without anyone noticing.
  • Having security turned off can be beneficial for some performance optimizations though.
  • Cluster restructuring/upgrading - if you need to do a rolling cluster upgrade, node roles and data replication is handled in a complicated & tricky way so you need to have knowledge & experience to survive such an operation with your data & cluster to be operational after it.
Elasticsearch is a really scalable solution that can fit a lot of needs, but the bigger and/or those needs become, the more understanding & infrastructure you will need for your instance to be running correctly.
Elasticsearch is not problem-free - you can get yourself in a lot of trouble if you are not following good practices and/or if are not managing the cluster correctly.
Licensing is a big decision point here as Elasticsearch is a middleware component - be sure to read the licensing agreement of the version you want to try before you commit to it.
Same goes for long-term support - be sure to keep yourself in the know for this aspect you may end up stuck with an unpatched version for years.
Oscar Narváez Del Rio | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Elasticsearch enables an operational capacity to quickly adopt this technology and boost observability on the different platform's components (infrastructure, integration, application, and services). Elasticsearch distributed architecture to index and search data make it a robust platform to scale on the go and support operational needs.
  • Observability features
  • Machine learning for anomaly detection
  • Index and search high volume of data
  • Basic alerting features
Elasticseach platform allows implementing a robust operational stuck for unified observability handling a huge volume of data with high performance and capacity to scale fast. Logstash, Beats, and APM products provide a structured framework to collect events and data being easy to deploy and configure.
Keith Lubell | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Elasticsearch to Index and make available for Search and Navigation our proprietary data on the M&A landscape. It drives dashboards and alerts to allow users to monitor trends and the latest events that occur in our dataset. It aligns our research group with our bankers. We marry it to Couchbase and MS SQL-Server.
  • Indexing text data
  • Aggregations allow users to progressively add search criteria to refine their searches
  • Find trends in our data with Aggregations
  • Integrate text Search our taxonomy Search
  • Joining data requires duplicate de-normalized documents that make parent child relationships. It is hard and requires a lot of synchronizations
  • Tracking errors in the data in the logs can be hard, and sometimes recurring errors blow up the error logs
  • Schema changes require complete reindexing of an index
Elasticsearch is really well suited for searching text (Natural Language Processing) and you can fine tune the searches and scoring very well. I like the ability to find Significant Terms in the Index, where you can find aggregations that are really relevant to a specific search. It also allows for queries to lead to new queries via aggregations which is great for navigating your data. It is less suited to doing more complex aggregations where slices of data are required to be processing using guassian normalizations. And doing searches which join different documents is very very hard, and requires serious thought on how to denormalize data.
Andrew Meyer | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We are using this in conjunction with other applications such as Atlassian stack. So this is being used throughout the whole organization but is an extension to another application. This allows us to search for words/topics very quickly in projects and commits. We currently use it in a single server instance.
  • Database
  • Scalability
  • Deployment
  • Backup
  • Rest API browser
  • Remote management using utilities
Elasticsearch is used very well in the log management space. In conjunction with Logstash, Kibana, and Graylog Elasticsearch makes leveraging these products wonderful. The ease of deploying it. Securing it very quickly. Fast and scalable searching options. It can also be a distributed data warehouse for immutable documents. However, it is not a fully functional database system.
April 01, 2021

Elasticsearch Review

Josh Kramer | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
It is used in our custom software application for advanced searching and filtering capabilities for our users.
  • It allows extremely fast search and filtering on large datasets
  • It has a very powerful aggregation engine that can allow for tons of customizable analytics and reports.
  • The documentation could be a bit more detailed and have more examples, especially for advanced functionality.
  • The ability to update/change existing live field mappings would be nice.
  • The ingest pipeline structure is a bit more complicated and confusing than previous implementations for using things like attachment plug-ins.
It is well suited for anything involving large data - searching, filtering, aggregations, analytics, reporting, etc.
Score 8 out of 10
Vetted Review
Verified User
Review Source
In my organization, Elasticsearch is used as a fast and simple solution for providing search capability to text-based data and to easily perform analytics for our dashboard. Being a JSON-based response system, our APIs become simple and support multiple behaviors by translating to Elasticsearch queries. Not only does Elasticsearch act as our analytics platform, but also it serves as secondary database storage.
  • Text-based searches on data
  • Daily, weekly, monthly analytics on data
  • Super easy scripting with painless scripting language
  • Relational data query
  • Sync data from SQL on table change (with hash maybe)
  • Provide better tutorials for beginners
Elasticsearch is best suited for search, analytics, aggregation, and consumption from single tabular structured data. It works best if you sync your data at regular intervals either with Logstash or any other custom sync process.

However, Elasticsearch still does not support relational queries out of the box. You could denormalize your data before every sync, but that has the potential for complicating the sync process very fast.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Elasticsearch is currently our log aggregator and SIEM. It is collecting Windows Event Logs, Syslog, DNS logs and HIDS logs. We use it in the IT department, but its reach is far and wide and collects data from every domain machine we have. The problems it solves are numerous! We have dashboards set up for authentication activity, firewall event and VPN activity. With a single glance, it's easy to understand the data and move on to other tasks. In the event of an incident, the detail that is able to be gleaned is incredible. The SIEM app has a working Timeline feature that allows you to simply drag and drop events when investigating an issue. Host intrusion is done by a third-party app but is able to ship the data right to Elasticsearch for easy processing, storage, and display.
  • Log storage efficiency - We have millions of events a day and are able to keep 90 days worth for under 1TB of on disk space.
  • Dashboards - Technically through Kibana(but I consider the entire stack as part of Elasticsearch.) Dashboards are easy to manipulate and create from scratch. Many shippers have premade dashboards ready for day one, too.
  • Speed - Have you ever searched an indexed database of 200 million events and found an answer in a matter of seconds? You could with Elasticsearch.
  • Free/self-hosted can be a nightmarish amount of work. When you break it, it's easy to lose data.
  • Documentation is thorough at times, but there still seems to be holes in some components. For instance, PacketBeat doesn't explicitly tell you best practices for DNS logging, and I had to use a different resource to get an answer.
  • Pricing - The free tier is excellent, but it's a significant jump up to get the machine learning modules, endpoint security and more.
Easiest recommendation of my career. The capability and speed are out of this world, and pricing compared to enterprise logging solutions is a fraction of the cost. That'd come with a caveat, that you must be ready to devote some time to it to learn it and get it working. It's not turnkey, but it's one of the best all-around.
I can't speak to paid support, but free support is nonexistent. As is the case with most open-source software stacks. Can't complain though!
Score 7 out of 10
Vetted Review
Verified User
Review Source
Our organisation is currently using Elasticsearch for the Elasticstack functionality. Elasticstack gives us functionality to collect, aggregate, search and alert on logging. Kibana, which runs within the Elasticstack, gives us the functionality to create neat dashboards which we use within every layer of our organisation. This addresses the need for various levels of insight across the organisation.
  • Complete package.
  • Open-source.
  • Complex query mechanism.
  • Complex architecture to set up and optimize.
Elasticsearch is very well suited within an IT architecture where a lot of open-source software is already being used and where the developers strongly appreciate open-source software. Elasticsearch might be less appropriate in an organisation where there is less space to master the tool. The tool is quite difficult to learn once you start working on the CLI-level search queries.
We've only used it as an opensource tooling. We did not purchase any additional support to roll out the elasticsearch software. When rolling out the application on our platform we've used the documentation which was available online. During our test phases we did not experience any bugs or issues so we did not rely on support at all.
Maria Sousa | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We're using Elasticsearch for indexing most of our data, allowing for blazing-fast searches. We store massive time-series data volumes from thousands of IoT sensors that Elasticsearch handles brilliantly, making metrics available in realtime. We're also running dashboards and canvas in Kibana, fed from Elasticsearch, which gets updated in realtime.
  • Performance.
  • Ease of set-up.
  • Tuning for ingress performance can be tricky.
  • Merged documents can become a bottleneck.
Elasticsearch really excels in search performance, so if you have massive amounts of data you need to search from, Elasticsearch is surely a great fit. I woud advise against using it as the main database or the only source of truth, because data corruption can happen in rare cases, and in that case a reindexing will have to take place.
Elasticsearch support has been great in helping us on the rare occasions when we actually needed help.
Mark Freeman, MBA | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Elasticsearch is being used to store and search architecture standards, guidance, and other documents pertaining to software architectures. When used with the Spring Java Framework, it is extremely easy to set up custom queries.
  • Search queries based on Java class member names.
  • Very detailed queries through the standard library.
  • Extremely fast.
  • Easy to index.
  • Ability to search content when data only in fields.
  • Query syntax could be made simpler.
  • Auto sharding.
Not great for highly structured data where SQL thrives, e.g., heavy use of JOINs. Not great for image data.
I have never used their support, but online documentation was very good.
Erlon Sousa Pinheiro | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
In a cloud universe where we have hundreds or even thousand of servers to manage, is is a huge challenge to figure out the root cause of issues, it is totally unacceptable keep this sort of environment without a reliable logging and analysis system. Being part of the ELK stack, Elasticsearch give us what is necessary to handle this huge amount of data. I can't imagine our environments without Elasticsearch nowadays.
  • Centralized logging
  • Easy content searching
  • Handle tons of data
  • Poor documentation
  • Not so easy at the first contact
  • Hard to debugging issues
Elasticsearch is a great tool, but remember as every other tool, needs knowledge and expertise to work with. My first option would be using the cloud version provided by Elastic company, but unfortunately it is over my budget, then I need to manage by myself. Also according to your company's area, it wouldn't be possible to keep your data into third's cloud environment. In this case, there is no option other than keeping it by yourself.
I've never used official support from the company behind Elasticsearch, but I had to get support from community, and being a so known product, it is really easy find someone else facing the same issues you have, and most of time, presenting a good solution for that.
Gary Davis | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Elasticsearch is used on our B2B and B2C eCommerce websites to provide fast and powerful search capabilities for products. Search by title, artist, or various facets like genre, price-range and availability-date results in a list of products that the user can then drill down or continue searching within the result list. Within the organization, Elasticsearch is used by the programmers in the IT department.
  • Search results are provided very quickly.
  • The search results are accurate.
  • Search results contain details on the accuracy of each hit.
  • There is a steep learning curve for this product so what is most useful for developers is good documentation including examples and sample applications.
Initially, we were using Elasticsearch for just product searches. It is also becoming useful as our product repository to display all data needed for the product detail pages.
Support has been very good. New releases come out periodically with new features, performance, and stability improvements. Questions to support are answered fairly responsively.
Gedson Silva | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Elasticsearch is being used for multiple purposes in multiple projects: centralized log management, APM, Metrics Collection as a TSDB, and as a replacement for traditional OLAP databases. It provides a high-performance indexing and search engine, which has become an invaluable tool addressing hard problems that would otherwise be very difficult to solve.
  • Ingress and indexing.
  • Searching.
  • Aggregations.
  • Aggregations on top of other aggregations.
  • Encryption at rest.
  • Has a performance penalty when using inked documents.
Elasticsearch is so versatile and so easy to set up that it's really a no-brainer including it in most projects as the indexing and search engine components, as well as for analytics and aggregations. It's not so well-suited to be used as the main database, as there's a minor risk of data loss.
Jose Adan Ortiz | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Elasticsearch has been a big help for us. We used to work with Application Performance Management Tools that need another layer of visualization and data treatment, and with Elasticsearch we have delivered better insights for our customers.
We use Elasticsearch at our Technology & Services Department to address these issues for our customers:
- Customized Dashboards.
- Anomaly Detection.
- Metrics Predictability.
  • Anomaly detection. It can find patterns over a wide variety of metrics and values.
  • Behind the walls, Elasticsearch has a robust distributed architecture to support queries and data processing, and it is easy to maintain and scale.
  • Elasticsearch has a new Elastic Cloud SaaS solution which is very easy to deploy, set up, and scale with all features and more.
  • Elasticsearch has an important security layer to separate access to data and dashboards.
  • If you want to explode Elasticsearch's capabilities, you need to have a medium-high SQL and Database knowledge.
  • The user interface is heavy in Java requirements, and sometimes you can get some lag displaying heavy results for heavy queries.
  • It will be helpful if you can construct Logstash queries with a drag&drop based user interface.
Elasticsearch can be used perfectly inside a site for searching features in order to respond quickly to user queries. It can be used to act as a Centralized Log Server, where you can define events based on pattern detection for anomaly detection.
Elasticsearch has potent visualization features with Canvas and OOB Dashboards that can respond to business and technical requirements.
Ben Williams | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User
Review Source
We currently use it to log the details of our RPA processes as they run through their production and development environments. They log back checkpoints, statues and error messages back to the Kibana database we use in conjunction with Elasticsearch.
  • Powerful beats modules.
  • Later number of input/output pipelines.
  • Open documentation.
  • Documentation is often incomplete.
  • Forums are very full but misleading.
  • The programs don't work well together. They have different methodology and flavors in each.
  • Different configurations in each element make it difficult to use.
It works well for what we need. Short sharp logs of data from ongoing consistent processes.
Anatoly Geyfman | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Elasticsearch for our online (realtime) search engine. We've indexed over 2 billion documents, including every physician, hospital, and clinic in the United States. We started using ES from the beginning since I had a bunch of great experiences with the technology from my last job. We load data into Elasticsearch from multiple locations, including Postgres and BigQuery. On top of Elasticsearch, we've built a number of analytics tools that let us not only search but also deliver analytics for our stored data -- like top physicians performing a specific service and geography-based analyses. Overall we're super happy with Elasticsearch.
  • Super-fast search on millions of documents. We've got over 2 billion documents in our index and the retrieve speeds are still in the < 1-second range.
  • Analytics on top of your search. If you organize your data appropriately, Elasticsearch can serve as a distributed OLAP system
  • Elasticsearch is great for geographic data as well, including searching and filtering with geojson, and a variety of geospatial algorithms.
  • Elasticsearch is highly distributed, but it takes time to tune so you get the right performance out of your cluster.
  • The query language is not SQL, so it's not a straightforward conversion from an RDBMS to Elasticsearch for searching through data.
  • There are lots of ways to insert data into Elasticsearch, and some are better than others (batch vs. single insert). Need to experiment with your own data and environment.
Elasticsearch is extremely well suited for structured (faceted) search, full-text search, and analytics workloads. Elasticsearch and the ELK stack are also a good fit for operations teams that want to be able to interrogate their logs in an online (read: fast) query tool. Elastic is amazing at creating super fast search experiences over very large datasets, where traditional RDBMS systems are either too costly or too slow.
Tarun Mangukiya | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Elasticsearch is being used for multiple purposes at Iconscout. Starting from a search engine to viewing detailed analytics. We're even using it for logging of the server. It helps us to query through the millions of data easily and efficiently.
  • Fast Search through millions of data
  • Uses a very limited storage to store the data - high compression
  • Easy to get started & configure
  • Their documentation needs a lot of imporvement
  • Difficult to understand query language
  • New updates are difficult to adopt
Elasticsearch has a very fast an efficient searching process. If you've searched a heavy project, you can't just be dependent on databases. Plus, they have a REST API for everything, making it easy to use with any programming language or database.
Brett Knighton | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use Elasticsearch to efficiently search large pools of data. Elasticsearch gives us the ability to have blazing fast searches even when doing partial text matches on multiple fields.
  • The best solution we've found for blazing fast searches, especially text-based.
  • Easy to add nodes for data redundancy.
  • Good documentation makes getting up and running easy.
  • I found the learning curve fairly difficult having a SQL background.
If you are in a scenario where you are constantly trying to optimize queries to get better performance from your database searches, Elasticsearch is probably a product worth trying out. With the amount of data we have, doing text searches via SQL isn't even an option. If you aren't struggling with getting reasonably fast queries getting Elasticsearch up probably isn't going to be worth the hassle.
David Greenwell | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We decided to start looking into Elasticsearch after we had good success with using lucene (the full-text search indexer that Elastic uses). We had some queries in Oracle that were running EXTREMELY slow and knew we had to do something for the customer to make their experience better. We had a few thoughts on what we could use and Elasticsearch fit what we really wanted.
  • Searching, it does it well and searches are fast...real fast.
  • Ease of use, we were able to get an Elasticsearch cluster up and running in a half hour and doing basic searches after that was very easy with simple requests
  • Redundancy built in and stability. We haven't had any of our Elastic clusters go down intentionally, but testing out redundancy by removing nodes Elasticsearch has gone flawlessly.
  • Only breaking changes between versions when they are absolutely necessary.
  • Works well with .Net libraries that are supported and coded by Elastic.
  • A bit more of a learning curve for complex searches, indexing more complex things.
  • Some of our updates between versions haven't gone as smoothly as we would like, but in more recent versions Elastic has done a much better job at trying to allow for full uptime upgrades.
  • Configuration needs to be set up to do larger searches, or more complex searches and at times while starting it wasn't obvious what configuration needed to be changed.
The best situation where we have found elasticsearch to help was when you have searches and your database just isn't doing them with the speed that you want, and even where the DB is going the speed needed Elasticsearch can take some of the processing from the database(which isn't necessarily built specifically for searching) to a system that was designed for searches.

If you are doing searching, then I would suggest going with Elasticsearch.
Colby Shores | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Elasticsearch as the storage/search component of our logging infrastructure (ElasticStack). Once we have broken apart the individual variable components of each log as their own variable type using Logstash, we store those records in to Elasticsearch. Kibana queries Elasticsearch to display the resulting data. We also utilize Elasticsearch to display the cluster status for each of our markets across our entire web cluster using an internal reporting tool we wrote.
  • Effortless to set up. Literally set the memory thresholds for Java and start throwing JSON formatted records in to the database, it "Just Works". Even clustering is automated as the cluster finds other ElasticSearch servers on the network and assigns each a name.
  • Very simple to use interface either through it's RESTFUL API (ala Curl) or via its speedy protocol on port 9300. Once records are added, the very easy to use Apache Lucene syntax is supported to extract data.
  • It's search capabilities are fast on huge datasets, even on very modest hardware. Our organization operates in the hundreds of servers taking thousands of requests a second, each with it's own log w/ a 2 week retention. The ElasticSearch server we recently decommissioned was Pentium 4 Netburst class Xeon, it rarely skipped a beat.
  • Setting Java memory thresholds can be a pain for those not accustomed to things like Eden Space & Old Generation which can lead to over allocation, or more likely, under allocation. Apache Solr had a similar issue. It would be nice if the program would take an extra step and dogfood it's own advice by analyzing the system & processes to return a solid recommendation for that configuration. The proper configuration information is outlined in the documentation, it would be nice if that was automated.
  • The only health check that ElasticSearch reports back is a "red" status without any real solid information about what is going on, though its usually memory thresholds or disk I/O. I am currently on ElasticSearch 1.5 so that may have changed for newer versions. When the status goes "red", I as the administrator of the software, feel like I lose control of whats going on which should rarely happen. Something more verbose would eliminate that.
  • This is more of a critique of the ElasticStack in general. The whole top to bottom stack is starting to get feature creep with things that are better suited in other software and increasing the barrier for entry for people to get started with setting up a robust logging infrastructure. ElasticSearch as a storage search engine, is pretty streamlined, but I can see that the tools that comprise the ELK Stack are going to require a certification with constant study at some point. During major release for Logstash a while back, it literally took a month to learn a new language because Elastic completely changed the syntax. For a medium sized organization of only a couple of admins, that is a pretty high bar where time is money. They really should work on refining/automating the tools & search engine they have, instead of shoehorning/changing things on to an already rock solid foundation.
ElasticSearch is hands down, the absolute best solution for logging in a virtualization environment. The Kibana front end to ElasticSearch is extremely intuitive, even computer novices can be trained on how to chain together tags in the Apache Lucene syntax to extract the data they need. Once the deploy process is nailed down and system is engineered, the logging structure can remain fairly static until the next major revision. Compared to Splunk, with an administrator well versed in the ElasticSearch suite, will save an organization upwards of 10's of thousands of dollars a year even with the caveats mentioned earlier.

As a developer looking for a quick and simple search engine which has little configuration required, ElasticSearch is fast and perfect for that solution. Literally throw JSON records in to the database and push a request to get JSON out, exceptionally straightforward.
Trung Le | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Elasticsearch helped us to provide comprehensive reports, and frequent queries on our data (millions of rows), provided us a performance that we could not achieve before (though we have only 40 concurrent users at most) We also consolidate data from many sources within our company, and elasticsearch made it easy for us to do data analyzing, to have many useful insights of our data; things that we could never do (so easily) in the past.
  • Comprehensive reports and queries
  • Data analytics
  • A better way to provide custom functions. I struggled with implementing the PercentileExc (exlusive) funtion, the one that Excel provided, because the business users requested it.
  • Better IntelliSense in development console, when the query is complex, I often lost the IntelliSense feature. The “exists” query is not supported by IntelliSense.
October 04, 2017

Elasticsearch review

Manish Rajkarnikar | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Elasticsearch is used across the whole org. It's used mainly for storing and searching application logs. We have many elastic clusters set up differently. Sometimes it's one cluster per app; sometimes it's one cluster for many apps; depending upon the volume of data being generated. Elasticsearch is used mainly for debugging purposes rather than metrics, but sometimess it's used along with Kibana to visualize metrics also.
  • Elasticsearch search with its clustering solution provides a scalable logging solution. A number of query nodes, data node and master node can be added on demand to make the whole system very scalable making it possible to store and search terabytes of data.
  • Elasticsearch provides logstash, file beat, and many others. It makes it really easy to ingest a log with less setup.
  • Elasticsearch query language is based on Lucene and is very powerful.
  • Elasticsearch is mostly free except a few features such as authentication and authorization; making it really financially economical for companies to deploy it on large scale.
  • Elasticsearch doesn't have a free alerting solution. It has elastalert but it's not comparable to the paid version.
  • It's lacking authentication and authorization which makes Graylog a more enticing option.
  • It's lacking a mechanism to protect cluster against runoff queries. Can bring down cluster to its knees.
Elk is great for app logs and search. It comes with Kibana which is great query tool. Logstash is great. It can autodetect datatype but can be tuned if needed which is awesome. It has lots of integrations such as filesystem, syslog, kafka etc., which make setting it up a breeze. It is also sometimes used for metrics. But [I] would rather use timseries db such as influx db, prometheus for metrics. Using logs for metrics tend to be expensive and inefficient.
Devaraj Natarajan | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
Elasticsearch is currently in our organization for multiple use cases. With the data volume growing huge and rapidly, we push the data into an Elasticsearch cluster setup. We collect logs from multiple systems and push into E C using logstash and few other message brokers system. We collect telemetry from multiple systems and run algorithms to analyze the data.
  • Indexing
  • Text analysis
  • Time series data handling
  • Connector to other big data software
  • Plugins to visualize the data other than Kibana
  • Better query editor
I have noticed Elasticsearch is good in following scenarios:
Faster Aggregation
Full-text search features
Great performance
Complete Ecosystems of applications

It could have been slightly better in handling indexing. (Should index all the items and create index overhead)
Better load balancing
Elasticsearch aggregations are not always precise, because of how data in the shards is placed
Kris Bandurski | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
The first use case is log aggregation. We have a number of micro-services running, some of them in Docker, and we use the ELK to ensure we have easy access to our most recent logs. This proves invaluable for fault detection and diagnosis and is used primarily by engineers. Another use case in a customer-centric search index. Each of our customers is described by a set of data points that come from various sources and are indexed in Elasticsearch. The index is later used by marketing, customer service, and other departments to get quick insights on our customer base.
  • Flexible and advanced search.
  • Ease of creating time-based indices and automatic archiving of old indices.
  • Quick data ingestion.
  • Configuration. Looking forward to seeing Elasticsearch detecting hardware specs and self-adjusting its config.
  • The lack of _changes streams. They were promised to appear in 2.0...
  • The price of the hosted solution could be lower.
  • Great for log aggregation and handling of time-based data in general, product search.
  • Not so great for highly "relational" data sets.
Yasmany Cubela Medina | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Elasticsearch its a critical piece of our platform. We rely on it not only for searching of our documents (that is 80% of our business goal and most used feature) but for tracking logs and analytics with Kibana. Elasticsearch allows us to build this amazing search component that gets the user the refinement they want so they can find easily and quickly the results they are looking for. Monitoring our logs is almost that important; we track incidents and code quality among others.
  • Search
  • Organize data
  • Scale
  • Mapping and data type auto conversion
Elasticsearch is a great choice for search scenarios, for architectures that heavily rely on search capabilities. It's also great for analytics using Kibana. It's also great for log aggregations and again search. It can be even used as the main database layer for critical search infrastructures. But you need to [take] care with data that may change the structure and type of fields.