Centralized log monitoring has improved threat detection and simplified alert handling workflows
What is our primary use case?
Our use case is mainly for monitoring purposes, as we are getting the logs from our Linux machines where the applications are installed. Then we are forwarding these logs from the Linux servers to Elastic Search.
For now, we are logging the logs into the dashboard, and whenever a user wants to search on the logs, we use the platform directly on Elastic Search. I don't think we use full keywords; we directly use the user interface in the Elastic Search dashboard. Mainly, I think that should be sufficient for our users.
We don't use elastic streams for log ingestion or for structuring raw logs without agents.
We use the attack discovery feature to create alerts.
What is most valuable?
The best feature of Elastic Search that I appreciate is its monitoring capability. Whatever logs you want to forward to Elastic Search are pretty clear, and you can even edit the logs if you want some logs to delete or some logs not to appear in the monitoring dashboard, so you can clear it from there. It's pretty easy to install, easy to get handy on Elastic Search, and also easy to use it in the project. I think that's the main advantage of Elastic Search.
From a security point of view, I find Elastic Search to be quite secure, as we have a separate cluster that is well secured, and not just anyone can enter it easily.
I've noticed that the logs we are getting from the Linux servers have become automated, and in the long term, I believe Elastic Search will give promising results. When compared to Prometheus and Grafana, Elastic Search plays a main role in injecting SQL-related logs as it can inject any type of logs. It can show us any type of logs, which will be very helpful for any company or organization.
We forward the logs to our internal system that has an internal alerting system maintained by ING. The person monitoring Elastic Search, for instance, an ops guy this week or next week, will take care of the alert and try to fix it, making it quite handy to use this feature.
What needs improvement?
I think the first area for improvement is pricing, as the cluster cost for Elastic Search is too high for me. When I compare it with Prometheus or Grafana, we get very cheap dashboards with them. Elastic clusters are very costly; I understand the capabilities it has, but the price should be reduced a little bit in the market.
I also think the indexing throughput should be reduced, as using the bulk API in Elastic Search takes a lot of time and should become very fast. Additionally, observability features like search latency, indexing rate, and maybe rejected requests should be added to make the platform more reliable and accessible for everyone.
For how long have I used the solution?
I have been using Elastic Search for close to two years in my current project.
What do I think about the stability of the solution?
As far as I have been using it for two years, I did not find any glitches or bugs, so I would rate it an eight or nine.
What do I think about the scalability of the solution?
When it comes to scalability, it is scalable, but the pricing also matters, so I would rate it six or seven.
How are customer service and support?
I would rate their technical support a nine because they are pretty reachable every time.
How was the initial setup?
The deployment was easy for us.
What about the implementation team?
We wrote some Ansible scripts, and it took maybe two weeks, a couple of weeks.
What other advice do I have?
I don't think the hybrid search that combines vectors and text searches will be in my use case.
Currently, we are not using any of the trusted GenAI experience features such as Agentic AI, RAG, or semantic search.
I recommend Elastic Search to other people because it's quite reliable when used in a project. Every project can incorporate Elastic Search because it has a lot of features. The only concern I have is pricing; other than that, the features are very good. Everyone will be able to use it easily, but you need to keep in mind that you have to train some resources because there are not many people experienced with Elastic Search. You should provide some training to them before deploying them onto the project. I would rate this review an eight overall.
Lightning-Fast Log Searches and Reliable High Availability
What do you like best about the product?
I am able to retrieve search results for specific API transaction IDs almost instantly, even when working with our extensive log datasets. Leveraging advanced aggregations and Kibana dashboards, I depend on the platform's built-in high availability, which uses automated sharding and replicas, to keep my logs both accessible and secure.
What do you dislike about the product?
I find it quite challenging to deal with the high memory consumption and the mapping conflicts.
What problems is the product solving and how is that benefiting you?
Elasticsearch allows me to search through millions of API logs within seconds, making it easy to quickly identify and resolve errors. Additionally, it consolidates data from all my services into a single dashboard, which helps me monitor the system's health and manage storage costs more effectively.
Effortless Integration and Powerful Text Search
What do you like best about the product?
What stands out to me is how easy it is to integrate, along with its impressive capabilities for text search. Additionally, I appreciate the flexibility it offers when it comes to working with the schema.
What do you dislike about the product?
This isn't always the primary database, so running two databases in production can be a hassle, especially when it comes to keeping them in sync.
What problems is the product solving and how is that benefiting you?
The text search feature is quite complex, but integrating it with an agent skill is straightforward.
Elasticsearch has been a great database since the start of my business
What do you like best about the product?
With Elastic Cloud, I am able to perform ultra-complex text queries and integrate with APIs, all while benefiting from scalability and easy maintenance.
What do you dislike about the product?
The cost feels rather steep when you take into account how few gigabytes are included.
What problems is the product solving and how is that benefiting you?
The platform can handle large volumes of textual data and allows for queries to be executed within just a few milliseconds.
Unified search has powered feature‑driven research with minimal maintenance overhead
What is our primary use case?
We utilize Elastic Search to bring a bunch of data sources together into a large search corpus, which is used to power our core research platform.
We don't generally do a lot of full-text search with Elastic Search. We do a lot of keyword-based searching and a lot of faceted search, and it works really well. We've also had to build custom relevance algorithms based on data that's being stored in the search index. This is more about the algorithm being less about text matching and more about feature matching and relevance on a number of different scales. It's generally worked out really well.
What is most valuable?
The best feature of Elastic Search is it does exactly what it says. It's really easy to get set up and running and have search running very quickly with basic, out-of-the-box features. It scales very well, and we can do a whole lot with the core feature set before having to move to more advanced concepts. Even then, it performs very well, whether we need to expand into vector databases or decide that the Elastic Search Query DSL doesn't solve our needs anymore and have to go with ESQL or something. It expands and scales really well.
The hosted solution means Elastic Search takes care of the maintenance, which is one of the reasons we chose it. There's been very little maintenance from a data perspective on our side. As we make changes to our database structure, we've had to mirror them into Elastic Search.
What needs improvement?
We haven't had the opportunity to use the hybrid search with Elastic Search yet. I think there's a place for it in our long-term solution, but we're not quite there yet.
We haven't yet used any AI features built into Elastic Search.
To do what we want to do with Elastic Search, the queries can get complex and require a fuller understanding of the DSL. Once we start to build that understanding, it's another muscle we have, so it's not a bad thing, but it just takes a while to get up and running with expertise for our engineers.
It's not hard to learn how to use more complex things in Elastic Search; it's just a challenge we're going to face.
For how long have I used the solution?
In my career, I've been using Elastic Search for three or four companies, probably on and off for 10 years.
What do I think about the stability of the solution?
We've had various very small blips with Elastic Search, but it's never been an issue that was concerning. We have limited infrastructure, so we could go further in terms of our hosted deployment to ensure that some of those things didn't happen. We've simply accepted the level of risk we have.
What do I think about the scalability of the solution?
Thus far, everything seems really good in terms of scalability for Elastic Search. We don't have the largest data set in the world; we have millions of records, single-digit millions, so two or three million records. I feel confident knowing that we could times that by 10 or 100, maybe, and it would still work. The cost would obviously scale, the number of nodes would scale, but Elastic Search would be able to handle that level of scale.
Which solution did I use previously and why did I switch?
Before I was using Elastic Search and actually before Elastic Search even existed, I previously used Apache Solr and Lucene in my career. The release of Elastic Search way back when was a boon because it was out of the box and did what it said. We've also worked with Pinecone, Amazon's OpenSearch, and essentially Postgres trying to do vector search in Postgres. All of those tools have their place, but if we're doing straight search, Elastic Search is just really the right answer.
How was the initial setup?
The initial deployment of Elastic Search was really straightforward because we used the hosted solution.
We had Elastic Search live and our first initial searches running in our staging environment within a week. We moved into production with our full data set within six weeks.
What about the implementation team?
We had one engineer working on this implementation. That's why it took six weeks.
What's my experience with pricing, setup cost, and licensing?
Elastic Search's pricing is affordable when using the hosted solution through Elastic Search. The pay-as-you-go monthly approach has been nice, and if we scale as a company grows, we'll probably switch to a prepaid model, which will be an even bigger benefit. Having the hosted solution and not having to pay for essentially a DevOps person on staff to manage makes it affordable. We haven't really looked into serverless, which has its own benefits. I think serverless still had some challenges early on, and I wanted to go with something I had previously worked with. The hosted solution pricing fits, but the pricing for serverless also looks really interesting. The self-managed solution is nice from a pricing perspective, but we need the right staff to support it, and we don't have that staff.
Which other solutions did I evaluate?
We don't use Elastic Search for log ingestion, though I think they have a feature for this.
We haven't worked with anything in terms of Elastic Search integration process for third-party models with interference endpoints.
I'm not using the Attack Discovery feature because we're not using Elastic Search for our observability approach.
What other advice do I have?
We have no partnerships or anything with Elastic Search. I would rate this review as a 9.
Reliable, Easy-to-Integrate Solution with Excellent Support
What do you like best about the product?
This product delivers on its promises and functions reliably from the start. The hosted solution makes it easy to launch your feature or product quickly, and integration with your existing stack is relatively straightforward. As your needs grow, there is a wide range of advanced features available to support further development. Right out of the box, it simply works as expected. Elastic also provides excellent support options, from an active Slack community to access to architects who can help guide your progress.
What do you dislike about the product?
It might be overkill for your smallest search needs. (That being said, the serverless option is quite affordable so that's not a particularly good reason to not use it.)
What problems is the product solving and how is that benefiting you?
We utilize Elasticsearch to amalgamate a bunch of different data sources into straight forward user profiles that are then heavily searched and score upon. Elasticsearch's strong query language and support for customization at all levels allows us to build queries that work well and are fast. It's allowed us to speed up our data processing time and user experience because of how performant it is.
Unmatched Query Power and Speed for Scalable AI-Driven Search
What do you like best about the product?
1. Query Flexibility and Power (DSL): The expressive power of the Query DSL is unmatched. We can easily combine exact filtering (e.g., in stock > 0), range queries (e.g., voltage: [3V TO 5V]), and semantic relevance ranking (e.g., full-text match for 'low power') in a single lightning-fast query. This is essential for AI-driven component matching.
2. Speed and Scalability: For our users, sub-second response time is non-negotiable. Elasticsearch's distributed architecture and inverted index structure ensure that even as our component catalog scales into the tens of millions, performance remains consistently fast.
What do you dislike about the product?
1. Initial Learning Curve: While the flexibility is fantastic, the initial setup—particularly defining efficient mappings, indexing strategies, and understanding the nuances of the Query DSL—involves a steep learning curve. The barrier to entry for a small team compared to a managed SQL service is significant.
2. Cost at Scale (Self-Hosted vs. Cloud): While self-hosting offers performance control, the resource consumption for high-speed indexing and large clusters can become substantial, making cost optimization a constant operational task. The various cloud offerings help, but this remains a key consideration for startups managing costs.
What problems is the product solving and how is that benefiting you?
As the core technology behind PartGenie.ai, an AI co-pilot for hardware development and component sourcing, Elasticsearch is critical for solving the multi-faceted search challenges unique to the electronics industry.
Our main problems solved are:
1. Complex Semantic Component Search: Traditional relational databases failed to handle natural language queries (like "low-power BLE module, coin cell, FCC certified") and required exact keyword matches. Elasticsearch allows our AI to perform vector and fuzzy full-text search across millions of diverse component attributes and unstructured datasheet text, instantly matching user intent to viable components.
2. Performance at Scale: Engineers demand instantaneous results for complex queries involving thousands of parameters. Elasticsearch provides the low-latency, real-time indexing necessary to power our AI's component selection feature, turning multi-day manual searches into minute-long API calls.
Intuitive Dashboard That Simplifies Management and Integration
What do you like best about the product?
Easy to understand the dashboard and easy to integrate
What do you dislike about the product?
I would say pricing/billing is a bit expensive.
What problems is the product solving and how is that benefiting you?
I use as indexing the data to store as json format to do keyword search.
High-Performance, Flexible Search with Powerful Cloud Features
What do you like best about the product?
Elasticsearch is a mature product with high levels of performance and is very flexible. Able to be tuned for accurate lexical search but also supports semantic search. The Cloud Hosted option helps to abstract away much of the infrastructure management and also has an AutoOps feature to help identify issues with indexing or searching. Working closely with their knowledgeable product team helped to ease the implementation of our solution.
What do you dislike about the product?
It is very API-centric and although the Kibana interface continues to improve and add management features, if the end-users are not very technical, they will need support with some of the management activities. Also, if you need to use the Elasticsearch web crawlers for indexing web pages, version 9 moves away from the Elastic-hosted crawlers so you will need to run the Open Crawler on your own infrastructure.
What problems is the product solving and how is that benefiting you?
Elasticsearch is helping to improve our Enterprise search both in relevancy and performance when compared to our previous solution. It also moves us into a direction of semantic and AI experiences.
Blazing Fast Search and Real-Time Analytics
What do you like best about the product?
Extremely fast full-text search and Real-time-ish analytics
What do you dislike about the product?
Can get expensive at scale
Operational complexity
What problems is the product solving and how is that benefiting you?
I can build features like log search, product search, monitoring dashboards, or internal tools without designing complex search algorithms.
