- product data …
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Elasticsearch, and make your voice heard!
Entry-level set up fee?
- No setup fee
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
- Tech Details
|Deployment Types||Software as a Service (SaaS), Cloud, or Web-Based|
- product data persistence - as JSON objects.
- as log storage - different components produce log files in different formats + logs from other systems like the OSes and even some networking appliances.
- as test automation results storage & reporting platform - this is an implementation we glimpsed from an old Trivago blog post.
- Data persistence & retriveval
- Data indexing
- Metrics & reporting over data thanks to its query language & Kibana visualization
- Flexibility of data sources - a lot of existing "beats" + ability to push custom data easily
- Very scalable - although a minimum of 3 nodes is advised, even a 1-node installation can work great for some use cases.
- Licensing - this is big issue with a lot of companies that try to embed Elasticsearch as a part of their products and not have to expose that explicitly or deal with licensing complications.
- Security - this is not a feature enabled by default so installations can go and be unsecure & thus exploited without anyone noticing.
- Having security turned off can be beneficial for some performance optimizations though.
- Cluster restructuring/upgrading - if you need to do a rolling cluster upgrade, node roles and data replication is handled in a complicated & tricky way so you need to have knowledge & experience to survive such an operation with your data & cluster to be operational after it.
Elasticsearch is not problem-free - you can get yourself in a lot of trouble if you are not following good practices and/or if are not managing the cluster correctly.
Licensing is a big decision point here as Elasticsearch is a middleware component - be sure to read the licensing agreement of the version you want to try before you commit to it.
Same goes for long-term support - be sure to keep yourself in the know for this aspect you may end up stuck with an unpatched version for years.
- Observability features
- Machine learning for anomaly detection
- Index and search high volume of data
- Basic alerting features
- Indexing text data
- Aggregations allow users to progressively add search criteria to refine their searches
- Find trends in our data with Aggregations
- Integrate text Search our taxonomy Search
- Joining data requires duplicate de-normalized documents that make parent child relationships. It is hard and requires a lot of synchronizations
- Tracking errors in the data in the logs can be hard, and sometimes recurring errors blow up the error logs
- Schema changes require complete reindexing of an index
- Rest API browser
- Remote management using utilities
- It allows extremely fast search and filtering on large datasets
- It has a very powerful aggregation engine that can allow for tons of customizable analytics and reports.
- The documentation could be a bit more detailed and have more examples, especially for advanced functionality.
- The ability to update/change existing live field mappings would be nice.
- The ingest pipeline structure is a bit more complicated and confusing than previous implementations for using things like attachment plug-ins.
- Text-based searches on data
- Daily, weekly, monthly analytics on data
- Super easy scripting with painless scripting language
- Relational data query
- Sync data from SQL on table change (with hash maybe)
- Provide better tutorials for beginners
- Log storage efficiency - We have millions of events a day and are able to keep 90 days worth for under 1TB of on disk space.
- Dashboards - Technically through Kibana(but I consider the entire stack as part of Elasticsearch.) Dashboards are easy to manipulate and create from scratch. Many shippers have premade dashboards ready for day one, too.
- Speed - Have you ever searched an indexed database of 200 million events and found an answer in a matter of seconds? You could with Elasticsearch.
- Free/self-hosted can be a nightmarish amount of work. When you break it, it's easy to lose data.
- Documentation is thorough at times, but there still seems to be holes in some components. For instance, PacketBeat doesn't explicitly tell you best practices for DNS logging, and I had to use a different resource to get an answer.
- Pricing - The free tier is excellent, but it's a significant jump up to get the machine learning modules, endpoint security and more.
- Complete package.
- Complex query mechanism.
- Complex architecture to set up and optimize.
- Ease of set-up.
- Tuning for ingress performance can be tricky.
- Merged documents can become a bottleneck.
- Log handing
- Full-text search
- Easier to operate
- Easier to understand its bottlenecks
- Search queries based on Java class member names.
- Very detailed queries through the standard library.
- Extremely fast.
- Easy to index.
- Ability to search content when data only in fields.
- Query syntax could be made simpler.
- Auto sharding.
- Centralized logging
- Easy content searching
- Handle tons of data
- Poor documentation
- Not so easy at the first contact
- Hard to debugging issues
- Extremely easy to get started and great documentation.
- Excellent for full-text use cases.
- Also used for analytics and Kibana UX is great for visualization.
- Encountered scaling challenges with large data sets (typically in petabytes).
- Performance issues for raw aggregation use-cases.
- Every contract (request/response) is in JSON which is not optimal. No support for protobuffs or GRPC.
- As I mentioned before, Elasticsearch's flexible data model is unparalleled. You can nest fields as deeply as you want, have as many fields as you want, but whatever you want in those fields (as long as it stays the same type), and all of it will be searchable and you don't need to even declare a schema beforehand!
- Elastic, the company behind Elasticsearch, is super strong financially and they have a great team of devs and product managers working on Elasticsearch. When I first started using ES 3 years ago, I was 90% impressed and knew it would be a good fit. 3 years later, I am 200% impressed and blown away by how far it has come and gotten even better. If there are features that are missing or you don't think it's fast enough right now, I bet it'll be suitable next year because the team behind it is so dang fast!
- Elasticsearch is really, really stable. It takes a lot to bring down a cluster. It's self-balancing algorithms, leader-election system, self-healing properties are state of the art. We've never seen network failures or hard-drive corruption or CPU bugs bring down an ES cluster.
- Elasticsearch paid support could be much better. Not only is it really expensive, but the reps just don't seem to be that knowledgeable and keep linking us to support documentation we've already found and read.
- I wouldn't call it missing functionality or a part that's hard to use perse, but upgrading from ES 5 to ES 6 is a PITA. Maaaan did they mess up a part of their data model so bad that when migrating, you have to restructure almost all your queries and transform almost all your data! I don't want to go into too many details here as some people may not be clued in on the concept of mapping types, but you can read more about it here https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking-changes-6.0.html.
- This is no longer a problem in ES 6 but in versions 5 and before, reindexing is a PITA. You have to almost bring down the whole cluster to fix small problems such as missing fields or wrong types.
- Search results are provided very quickly.
- The search results are accurate.
- Search results contain details on the accuracy of each hit.
- There is a steep learning curve for this product so what is most useful for developers is good documentation including examples and sample applications.
- Ingress and indexing.
- Aggregations on top of other aggregations.
- Encryption at rest.
- Has a performance penalty when using inked documents.
We use Elasticsearch at our Technology & Services Department to address these issues for our customers:
- Customized Dashboards.
- Anomaly Detection.
- Metrics Predictability.
- Anomaly detection. It can find patterns over a wide variety of metrics and values.
- Behind the walls, Elasticsearch has a robust distributed architecture to support queries and data processing, and it is easy to maintain and scale.
- Elasticsearch has a new Elastic Cloud SaaS solution which is very easy to deploy, set up, and scale with all features and more.
- Elasticsearch has an important security layer to separate access to data and dashboards.
- If you want to explode Elasticsearch's capabilities, you need to have a medium-high SQL and Database knowledge.
- The user interface is heavy in Java requirements, and sometimes you can get some lag displaying heavy results for heavy queries.
- It will be helpful if you can construct Logstash queries with a drag&drop based user interface.
Elasticsearch has potent visualization features with Canvas and OOB Dashboards that can respond to business and technical requirements.
- Easy to install
- Easy to use/lots of documentation
- Easy to scale up as demand increases
- The price point for the X-Pack plugins (ie. Security, Alerting, etc.) is a bit high, especially if you only want to do something small and simple and you don't need to leverage the full power of the plugin
- Configuring the right hardware and capacity planning (when at scale) can get really tricky. In order to get the best performance, a lot of tweaking is needed, and not all of the secret tricks are documented
- Getting used to ElasticSearch's query language was a bit of an adjustment. You really have to delve into defining analyzers and tokenizers in order to get application-specific results
If you need a large data store for documents where not everything needs to be indexed, don't use JUST ElasticSearch. We use one KV database system to store all of our data and use ElasticSearch as our Index. All searches are run off of ElasticSearch, and the main data store that it pulls from is the other database.
- Powerful beats modules.
- Later number of input/output pipelines.
- Open documentation.
- Documentation is often incomplete.
- Forums are very full but misleading.
- The programs don't work well together. They have different methodology and flavors in each.
- Different configurations in each element make it difficult to use.
- Free of SQL: ES does not have the overhead of relying on SQL. In fact, you can use most (if not all) DBMs out there.
- Java: Normally, this is not a strength: Java is slow and cumbersome. I believe in this case, it's truly a feature: by utilizing a language with universal support, it makes ES VERY DevOps friendly, simply by being able to focus on Problem-oriented vs Solutions-based thinking.
- Although ES has been known to consume RAM, it's very flexible, and I have implemented on a number of distinct hardware configuration with success.
- Linux: It's not locked down to an OS (which is the way of the future), and as a result-running it on Linux means you get the power of Linux, in a data science package.
- Elastic Search IS a resource hog: most of the time, I will run ES on a dedicated VM (often a dedicated blade, too!) and allow the other components of the stack to run on separate blades/VMs.
- Works great for small projects, but is NOT industrial strength: When you are performing a data architecture project, where you are capturing and mining datasets, ES is fine, until you start getting into much denser data sources (orders to TBs), such that ES will violate Data integrity.
- It only supports JSON output: Which is very friendly to a lot of DevOps/Data Architecture projects but may become a hassle when your endpoints require CVS, XML, etc.
- Big data
- Lightning fast
- Easily scalable
- Powerful feature set
- Additional complexities when in need of frequent & rapid updates to the Elasticsearch data set
- New syntax can be confusing, particularly with advanced features and more powerful queries
- Super-fast search on millions of documents. We've got over 2 billion documents in our index and the retrieve speeds are still in the < 1-second range.
- Analytics on top of your search. If you organize your data appropriately, Elasticsearch can serve as a distributed OLAP system
- Elasticsearch is great for geographic data as well, including searching and filtering with geojson, and a variety of geospatial algorithms.
- Elasticsearch is highly distributed, but it takes time to tune so you get the right performance out of your cluster.
- The query language is not SQL, so it's not a straightforward conversion from an RDBMS to Elasticsearch for searching through data.
- There are lots of ways to insert data into Elasticsearch, and some are better than others (batch vs. single insert). Need to experiment with your own data and environment.
- Fast Search through millions of data
- Uses a very limited storage to store the data - high compression
- Easy to get started & configure
- Their documentation needs a lot of imporvement
- Difficult to understand query language
- New updates are difficult to adopt
- The best solution we've found for blazing fast searches, especially text-based.
- Easy to add nodes for data redundancy.
- Good documentation makes getting up and running easy.
- I found the learning curve fairly difficult having a SQL background.