Elasticsearch: Open-source, Fast, Excellent!
March 06, 2020

Elasticsearch: Open-source, Fast, Excellent!

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Elasticsearch

Elasticsearch is currently our log aggregator and SIEM. It is collecting Windows Event Logs, Syslog, DNS logs and HIDS logs. We use it in the IT department, but its reach is far and wide and collects data from every domain machine we have. The problems it solves are numerous! We have dashboards set up for authentication activity, firewall event and VPN activity. With a single glance, it's easy to understand the data and move on to other tasks. In the event of an incident, the detail that is able to be gleaned is incredible. The SIEM app has a working Timeline feature that allows you to simply drag and drop events when investigating an issue. Host intrusion is done by a third-party app but is able to ship the data right to Elasticsearch for easy processing, storage, and display.
  • Log storage efficiency - We have millions of events a day and are able to keep 90 days worth for under 1TB of on disk space.
  • Dashboards - Technically through Kibana(but I consider the entire stack as part of Elasticsearch.) Dashboards are easy to manipulate and create from scratch. Many shippers have premade dashboards ready for day one, too.
  • Speed - Have you ever searched an indexed database of 200 million events and found an answer in a matter of seconds? You could with Elasticsearch.
  • Free/self-hosted can be a nightmarish amount of work. When you break it, it's easy to lose data.
  • Documentation is thorough at times, but there still seems to be holes in some components. For instance, PacketBeat doesn't explicitly tell you best practices for DNS logging, and I had to use a different resource to get an answer.
  • Pricing - The free tier is excellent, but it's a significant jump up to get the machine learning modules, endpoint security and more.
  • Free alternative has given us incredible value at the cost of time and energy.
  • We spend 70-90% less time on investigations of incidents.
Faster, better, more efficient. There was no comparison in Elasticsearch vs LEM. AlienVault was decent but too expensive for what it does compared to Elastic. The only competitor I'd consider as in the same ballpark in the SIEM world is Splunk. Save yourself the money and get a Ferrari and Elasticsearch instead.
I can't speak to paid support, but free support is nonexistent. As is the case with most open-source software stacks. Can't complain though!

Do you think Elasticsearch delivers good value for the price?

Yes

Are you happy with Elasticsearch's feature set?

Yes

Did Elasticsearch live up to sales and marketing promises?

Yes

Did implementation of Elasticsearch go as expected?

No

Would you buy Elasticsearch again?

Yes

Easiest recommendation of my career. The capability and speed are out of this world, and pricing compared to enterprise logging solutions is a fraction of the cost. That'd come with a caveat, that you must be ready to devote some time to it to learn it and get it working. It's not turnkey, but it's one of the best all-around.