Has improved incident visibility and fraud detection through advanced alerting and image analysis
What is our primary use case?
I have implemented
Elastic Search in my organization. My experience has been really good with
Elastic Search regarding the dashboards and alerts. They have integrated AI/ML capabilities in it. The Attack Discovery feature helps to dig into incidents from where they occurred to determine how the incident originated and its source. It gives an entire path of attack propagation, showing when it started, what happened, and all events that took place to connect the entire cyber incident.
Another feature is image vector analysis, which can authenticate images to prevent impersonation frauds in the ecosystem. This is a major use case in personal information and identifiable information portfolio.
I'm using Elastic Search as an observability tool and a SIEM tool. The indexing, searching, fast indexing, alert mechanisms, and BCDR compatibility are pretty smooth with Elastic Search.
On the resourcing part, I have cut off a good amount. While I don't have a concrete percentage to mention precisely, it has reduced resources to some extent.
What is most valuable?
Attack Discovery is the first feature that I appreciate. It is truly an amazing feature for any
SIEM to have inbuilt. The image vector analysis is another feature that identifies any manipulation done to images. It can authenticate and identify authenticated images. If there are 10 duplicate and forged images, it can identify them through vector-based searching capabilities. These two features are prominent in terms of SIEM capabilities that Elastic Search has.
I can share feedback from the SIEM perspective about Elastic Search, as I had evaluated Elastic Search, LogRhythm, QRadar, and Microsoft.
What needs improvement?
More AI would be beneficial. I would also appreciate more simplicity in dashboards. A comprehensive dashboard is something I could expect.
For how long have I used the solution?
I have been using Elastic Search for a year now.
What do I think about the stability of the solution?
There are no limited parameters to search from the events perspective. When you put one keyword, everything related to that keyword in your ecosystem will showcase all the results. This helps to get into the granularity of any events happening across the system.
What do I think about the scalability of the solution?
It has gained significant visibility. Comparing alert statistics from other SIEMs where they could trigger 50 alerts on average weekly, Elastic Search has given me alerting statistics of roughly 90 plus for a week's time. All those alerts are mapped to MITRE ATT&CK framework. Though it could result in false positives in the earlier stage until you fine-tune and streamline the use cases in your SIEM, which is common with all SIEM tools, the visibility that Elastic Search has given us is amazing.
How are customer service and support?
It was a direct purchase.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We previously used an on-premises solution.
How was the initial setup?
The setup complexity depends upon the engineering team doing the implementation and the kind of infrastructure you have where logs will be ingested into the solution. For us, it was time-consuming in the earlier stages, but it was manageable and not overly complex.
What was our ROI?
We have seen moderate returns on investment.
What other advice do I have?
As a CISO, I review and do the governance part. I receive alert notifications, but I don't work directly with the tool. None of my team members have complained or proposed any feature changes or modifications to the existing solution.
It totally depends upon the nature of business you are in. For my organization, it was imperative to have image scanning in place and identifying frauds happening with PII. From that perspective, Elastic Search has played a vital role. It has good inbuilt EDR capabilities as well, making it a good-to-go tool.
I rate Elastic Search eight out of ten.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Has supported performance monitoring and increased adoption across departments
What is our primary use case?
My usual use cases for Elastic Search are that we are using APM, Application Performance Monitoring. We are using Real User Monitoring, as a RUM. We mostly are using it for application performance monitoring and troubleshooting in that regard. I think that's the main thing we're using Elastic Search observability for right now. We are considering expanding it also to have some Metric Beats and some other features. When we have more data, we will probably start to try to activate AI within Elastic Search. That's a possibility. The Elastic Search platform that we are using is an on-prem installation. It's not a cloud solution we have. This is because of the criticality and confidentiality of the data we have in Elastic Search.
What is most valuable?
I don't think there's a specific feature within Elastic Search that I have found the most valuable so far. We are more or less using all the features in one way or the other. Elastic Search has impacted my organization positively as we use it for logging and APM. It's not all systems which are using it yet, but it's gathering momentum because they have more use cases to present to other parts of the organization. They explain how different departments are using it, and then people see that they could also benefit from using it. More departments and their systems start to use Elastic Search as a result.
What needs improvement?
The documentation for Elastic Search can be challenging if you're not already familiar with the platform. The approach to Elastic Search can be difficult if you haven't been working with it previously. Within the product itself, some features could be more intuitive, where currently you need to know specifically where to find them and how to use them.
For how long have I used the solution?
I have been working with Elastic Search for more than four years now.
What do I think about the stability of the solution?
From my perspective, Elastic Search has been very stable. The only thing I'm probably missing is what we call the session replay, some kind of tool within Elastic Search based on the data collected that can make some kind of session replay.
What do I think about the scalability of the solution?
Elastic Search is very scalable. The only issue is some features use a huge amount of storage. You need to be in the forefront to make sure that you have the necessary storage to obtain all the data that you're collecting. They probably have surveillance indicating when storage is running low. The engineering department ensures we have sufficient storage. So far, we don't have any scalability issues regarding hosts sending data or the amount of data we are collecting. The engineering department might say we are over-consuming data, but we haven't received any message saying we have reached the ceiling yet.
How are customer service and support?
I do not often communicate with the technical support of Elastic Search. That's the engineering department's responsibility. If I have an issue, I go to the engineering department, and they have the responsibility to communicate with the supplier of Elastic Search or the producer.
How would you rate customer service and support?
What other advice do I have?
I work with many technical solutions compared to Elastic Search, specifically on observability. We are also looking into AI, which is in an experimental phase in my area. We haven't chosen any specific technology regarding AI. For Elastic Search as it is now, we are not looking into other technology to replace it. I am a chief consultant in my department, but in this regard, I'm mostly a user. The ones who are responsible for the platform are in another department. My experience with configuring relevant searches within the Elastic Search platform is limited as I don't search much within the platform. If I have specific needs, I reach out to get assistance from specialists because they are more familiarized with the system and know exactly how to search for things. For implementation configuration of the system, they are more capable than I am, as I'm more of a user than an engineer on the platform. I would rate Elastic Search an eight out of ten because there's always room for improvement, though from a functionality and price perspective, it could be considered a ten.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Boosted search efficiency through real-time querying and seamless indexing for high-volume product data
What is our primary use case?
The main use cases for Elastic Search are index building and retrieving information using Elastic Search vector, vector search, and related functionalities. Search is the primary use case.
What is most valuable?
Computation is very good. The scalability is very good because we have a huge customer database that is searching lots of products, and auto-scaling or load balancing are the prominent features we are using in this.
If we look at the impact on operational efficiency, we can see that decision-making has become much faster due to real-time data and quick responses. We have also implemented many automations, which enhance our processes. For example, when we optimize certain fields to improve search functionality, it yields great results.
What needs improvement?
I have not explored Elastic Search at the most. Searching from vector DB is available in Elastic Search, and there is one more concept of graph searching or graph database searching. I have not explored it, but if it is not there, that would be an improvement area where Elastic Search can improve.
For how long have I used the solution?
I have been working with Elastic Search for more than two years.
What do I think about the stability of the solution?
It is very reliable, and it has no downtime.
What do I think about the scalability of the solution?
I believe it is scalable. Every day, we have thousands of users continuously utilizing the search feature. We haven't encountered any problems so far, and there is the potential for auto-scaling. It is currently a scalable solution.
How are customer service and support?
We have not contacted them yet. So far, we haven't had any need.
How would you rate customer service and support?
How was the initial setup?
The initial setup is straightforward.
What about the implementation team?
We have a team of developers, so it is internally managed.
What was our ROI?
We have not calculated the ROI for Elastic Search, but we are a consumer platform where numerous searches are happening, and we are getting very good results from the current infrastructure of Elastic Search. Though the exact numbers or ROI were never calculated, the performance has been beneficial.
What's my experience with pricing, setup cost, and licensing?
It is average compared to other platforms. There isn’t anything particularly special about the pricing. However, the pay-as-you-go model is advantageous for the organization, as we only pay for what we utilize.
What other advice do I have?
We are using AWS for our solutions. In AWS, we are heavily using Redshift and Glue. We focus more on vector searches and boosting the keywords, and all those features we are using heavily. In search, the key parameter that we boost up during indexing is essential.
We self-implement Elastic Search in our e-commerce application. We are not currently doing a regex setup for RAG Playground, but there is a plan to do that. We are more into vector searches when it comes to how effectively the hybrid search capability meets our needs for combining traditional keyword and vector searches.
Regarding the workflow, we are using the API for real-time inference because lots of data is being loaded at real-time on the application, and it is working well for us.
I can definitely recommend Elastic Search to be used wherever you have consumer search capabilities needed in a large or scalable manner because it is very effective.
I would rate Elastic Search an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Elasticsearch provides best searching and data aggregation capabilities
What do you like best about the product?
I used Elasticsearch to store salary statistical data and to perform mathematical operations on that data. What I appreciated most about Elasticsearch is that its queries offer built-in support for operations such as calculating the mean, average, and percentiles.
What do you dislike about the product?
The documentation for Elasticsearch could use some improvement. It would be helpful if more detailed information were included.
What problems is the product solving and how is that benefiting you?
Elasticsearch offers outstanding text search capabilities with minimal latency. Along with simple text search, it also provides capabilities like string matching, wildcards, fuzzy logic etc
Powerful and Flexible
What do you like best about the product?
The flexibility to solve many problems, the expansive feature set allows us to use Elasticsearch in a variety of ways.
What do you dislike about the product?
Slight learning curve, as it can do many things, you need to be aware of the use case you are solving for or it can get overwhelming without proper planning.
What problems is the product solving and how is that benefiting you?
Helping us with enterprise search functions on several of our internal and external facing applications
Good product, meets our needs
What do you like best about the product?
Able to consume and collect our data without any surprise costs.
What do you dislike about the product?
Support can take a while to get back with you, and the product is dependent on a lot of other products such as zookeeper that have different timelines and support models.
What problems is the product solving and how is that benefiting you?
Elastic is used to collect, catalog and score security data within the Agency. It provides a useful dashboard that allows access to all underlying data.
Elasticsearch for Search and Match
What do you like best about the product?
Combining traditional keyword search (BM25) with semantic vector search, enabling powerful hybrid retrieval. This makes it ideal for modern search experiences that require both precision and contextual understanding
What do you dislike about the product?
Complex Configuration
The configuration process—especially for Elastic Enterprise Search—is often described as difficult and time-consuming. Users find that even basic setup tasks can be challenging without deep technical kno
What problems is the product solving and how is that benefiting you?
Search and Match
Search logs in real time
Visualize system health
Detect anomalies and performance bottlenecks
Scalable search, log analytics and data exploration
What do you like best about the product?
1.Performance and scalability
2. Advanced search capabilities
3.Analytics Integration
4. APIs & ecosystem
5. Security
What do you dislike about the product?
1. Resource intensive
2. Complexity
3. Licensing changes
What problems is the product solving and how is that benefiting you?
Elastic provides advanced search capabilities helping us do full-text searches, fuzzy matching, aggregations in a quick performance oriented way.
Scalable and Robust, working with on-prem ECE
What do you like best about the product?
This platform is impressively fast, even when handling petabytes of data in queries. It scales smoothly without any issues and is straightforward to manage. The availability of both a GUI and an API adds to its flexibility. Cluster management and monitoring are made very simple with this solution.
What do you dislike about the product?
Troubleshooting can be frustrating at times, and occasionally it takes a while to receive a response from support.
What problems is the product solving and how is that benefiting you?
Storing technical and audit logging for a big organisation, this has all to do with compliance.
Elastic search product is easy to manage
What do you like best about the product?
Elastic search has good indexing and search capabilities
What do you dislike about the product?
Elastic search should allow trial version with sample indexes
What problems is the product solving and how is that benefiting you?
Elastic search upgrade was smooth.
