Elasticsearch review
Manish Rajkarnikar profile photo
October 04, 2017

Elasticsearch review

Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Elasticsearch

Elasticsearch is used across the whole org. It's used mainly for storing and searching application logs. We have many elastic clusters set up differently. Sometimes it's one cluster per app; sometimes it's one cluster for many apps; depending upon the volume of data being generated. Elasticsearch is used mainly for debugging purposes rather than metrics, but sometimess it's used along with Kibana to visualize metrics also.
  • Elasticsearch search with its clustering solution provides a scalable logging solution. A number of query nodes, data node and master node can be added on demand to make the whole system very scalable making it possible to store and search terabytes of data.
  • Elasticsearch provides logstash, file beat, and many others. It makes it really easy to ingest a log with less setup.
  • Elasticsearch query language is based on Lucene and is very powerful.
  • Elasticsearch is mostly free except a few features such as authentication and authorization; making it really financially economical for companies to deploy it on large scale.
  • Elasticsearch doesn't have a free alerting solution. It has elastalert but it's not comparable to the paid version.
  • It's lacking authentication and authorization which makes Graylog a more enticing option.
  • It's lacking a mechanism to protect cluster against runoff queries. Can bring down cluster to its knees.
  • Most of elasticsearch is free except few things which most of the organizations can live without or have a workaround. Not having to pay Splunk whole bunch of money is a huge ROI right there.
  • Indexing the logs and making it searchable has a huge impact on the way we operate. Developers no longer have to log in to the system to know what's happening. Especially when we have hundreds of servers, having a central place for all the logs is essential to operate the system.
  • It's really easy to set up and maintain even in a scale. Its hot and warm cluster notion is awesome. The self-maintenance makes a huge impact on the need for system admins.
Elasticsearch is widely popular and it's mostly free. Its ecosystem, ability to scale, ease to set up, integration with other systems, highly usable API make it really great compared to its competition.
Elk is great for app logs and search. It comes with Kibana which is great query tool. Logstash is great. It can autodetect datatype but can be tuned if needed which is awesome. It has lots of integrations such as filesystem, syslog, kafka etc., which make setting it up a breeze. It is also sometimes used for metrics. But [I] would rather use timseries db such as influx db, prometheus for metrics. Using logs for metrics tend to be expensive and inefficient.