Centralized logs and traces have improved monitoring and now support company-wide insights
What is our primary use case?
I use Elastic Search, and from time to time I use it, but most of the time I am a system administrator. I deployed it more than using it. At the beginning, I was a system administrator, responsible for the deployment and maintenance of Elastic Search clusters. For a few years now, I have started to use it more because the end users are rookie users. They need a lot of help to be able to use Elastic Search effectively. I started to be a user approximately five years ago.
Today, at least, we provide a global, unique Elastic Search cluster for the whole company, and all teams store their logs inside, their traces, and their APM traces. Teams use Kibana to display information. We also use Prometheus exporters to collect metrics from the logs. We execute some query DSL over Elastic Search to collect metrics, which will be injected in a time series database like Prometheus. This is the main usage. We store metrics, logs, and APM traces.
What is most valuable?
The deployment of Elastic Search is excellent. I like Elastic Search very much for that. I say regularly to the team that Elastic is elastic. It is really difficult to break. This was not the case a few years ago when I worked with Elastic Search version one and version two. Starting with version six of Elastic Search, it started to be really strong. Today, in the past, the main issue was about the data and the volume.
At the moment they integrated lifecycle policy for indices, ILM, Index Life Cycle Management. When it was created, additionally to the data stream, it started to be really easy to have all the same index volume. It is really easy to administrate and to balance data between data centers and between data nodes, and to keep the same everywhere. It is very nice. It is my favorite feature of Elastic Search. It is so easy to manage. Also, maybe because we used it for a long time, we started to be comfortable with all the setup and the node type, and how we should manage our cluster to make it resilient. I think it is really easy to maintain comparatively to some other databases.
What needs improvement?
To be honest, there is only one downside of Elastic Search that makes sense because we use a basic license, which is a free license. We do not have some features available because of the free license. Except for that, I do not have any complaint. It works perfectly. It is pretty easy to administrate and to use. I do not have complaints, to be honest, except the fact that we do not have all features available such as the APM service map or alerting.
We are not able to use a provider like Sentry, Slack, or PagerDuty. We are forced at some point to generate metrics from the logs in order to use our alerting stack in Prometheus, which works. It is an open-source project which allows us to generate alerts to Slack, PagerDuty, and some third-party tools without any license. However, it is not doable with Elastic Search in the open-source version. The alerting part is the most complicated part to manage because of the license.
What do I think about the stability of the solution?
From time to time we have some JVM, Java Virtual Machine issues with Elastic Search. However, it is more linked to users' requests. From time to time, people ask Elastic Search to search inside one year of logs without a nice query and without any filters. This is clearly not doable and some nodes will crash. This makes sense. However, Elastic Search is really stable when we do not have this kind of request.
What do I think about the scalability of the solution?
Elastic Search is the perfect tool for scalability. You just need to deploy new nodes. They will be able to join and reach the cluster really easily. I appreciate it for that as well because today at VP, we use Terraform to deploy our infrastructure. All Elastic Search nodes are managed through Terraform. If I need to extend my data node or my ingest node or whatever, I just need to deploy new nodes with the same setup, and the node will join my cluster, and it will scale horizontally really easily.
How are customer service and support?
I have never had to contact the technical support of Elastic Search.
How would you rate customer service and support?
Which other solutions did I evaluate?
For logs management, I have not used any alternatives or something similar to Elastic Search. For APM as well, there was a plan in the past to try to migrate to Grafana, the Grafana open-source platform for APM traces using Tempo. Tempo is a Grafana Labs project. However, we decided to keep Elastic Search for that, so we do not have any other tool or similar tool to accomplish that.
Maybe just one, it is about error tracking. We can track errors with APM inside an application, and currently we use Sentry, which is not just an error tracking platform, but also about performance management. However, we use it only for error tracking. It is more useful for developers at the beginning of a new project. Most of the time, they prefer to be connected to Sentry more than APM in order to track errors. When the project will be in production, they will be more focused on the performance than the errors. At this moment they will start to use APM, Elastic Search APM more than Sentry. We do not provide any performance indicators. Sentry is also able to manage performance metrics, but we use it only for errors and everything related to performance has been disabled.
What other advice do I have?
I think the pricing of Elastic Search is really, really expensive. The main point is that we do not get any license. I tried in the past, a few times, to contact the Elastic Search team to get a quote, and it was so complicated each time to get a quote because of the volume and the number of nodes. We are a big company at VP, so we have a lot of nodes, more than one hundred. For sure it was so expensive. They tried to tell me about the enterprise mode and about the new license way to manage cost based on CPU and memory usage. It was really expensive because at this moment, we do not use any cloud services. Our Elastic Search cluster is on-premises.
Everything is self-hosted at VP tech, at VP. We do not have any limit. People using AWS or GCP have limits because the volume of data is really expensive in cloud services and cloud platforms. Because we self-hosted everything around our services such as Elastic Search or Sentry, the idea is to let the user be able to store a lot of data and a lot of metrics. We try to train the team to have a good log level. We do not have such limitation in terms of volume. We have a really big cluster, and at the end, the price is so huge. I gave this review a rating of ten out of ten.
Elastic solving our products search and navigation
What do you like best about the product?
the ease of use and setup plus the great documentation provided
What do you dislike about the product?
sometimes error handling can be vague in terms of exceeding the heap memory allocated
What problems is the product solving and how is that benefiting you?
huge site wide search and aggregation plus analytics
Exceptional Documentation, Intuitive UI, and Outstanding Support
What do you like best about the product?
I appreciate the wealth of documentation available which makes it easier to implement solutions on my own. Their AI support option is also excellent and often times I do not need to lodge an actual support ticket as the AI recommendations resolved my issue.
The Elastic UI is clean, intuitive and easy to use.
I find the Dev Tools feature within Elastic to be really useful as most of my updates are managed via Elastic ESQL queries which enables me to keep my changes within a repo.
Setting up SSO via Entra ID was fairly straightforward. Ability to do the role mappings for entra ID groups to Elastic roles was easy to do via the UI and also via the Dev Tools.
Customer Support is excellent, they work with you until your issue is fully resolved.
Elastic can be purchased via AWS Marketplace which makes billing seamless if you already work with AWS.
The Elastic infrastructure is scalable and also very resilient. If there are load issues or similar it will scale up as required.
The web crawler is also easy to configure and update directly in the UI.
Search queries are very performant (milliseconds usually).
What do you dislike about the product?
From version 9, you will have to self-manage your Elastic web crawlers which shifts the responsibility on the customer to provide the infrastructure that supports the web crawler. There is also the ongoing support that comes with this too.
It seems to be focusing more and more on its core feature i.e. search, and not so much on user-focused features tailored for non-tech business users.
It would be great if it provided repos with examples to easily setup frontend search experiences.
What problems is the product solving and how is that benefiting you?
Provides a highly performant search solution (used by our frontend search experiences) and enables our customers to find exactly what they need.
Our search is now returning more relevant results and an enhanced user experience. Ultimately leads to more business from clients.
Unmatched Speed and Real-Time Analytics with Elasticsearch
What do you like best about the product?
The "best strength" of Elasticsearch is its ability to perform lightning-fast, near real-time search and analytics across massive, diverse datasets
What do you dislike about the product?
A bit harder to manage self hosted installation.
What problems is the product solving and how is that benefiting you?
Helping us store events data at scale.
Fast Data Processing and Great Observability—No Complaints
What do you like best about the product?
What I like best about Elasticsearch is its speed and scalability when working with large volumes of data. It excels at full-text search and real-time querying, making it incredibly useful for applications like log analysis, monitoring, and powering search features.
What do you dislike about the product?
Nothing at all. It's good the way it is.
What problems is the product solving and how is that benefiting you?
Elasticsearch helps solve the problem of quickly searching, analyzing, and visualizing large volumes of data in real time. For me, it simplifies observability and operational intelligence, reducing time to detect and resolve problems while giving deeper insight into system and user behavior.
ECK Kube features and stability
What do you like best about the product?
Elastic ECK for Kubernetes offers useful features and reliable stability. It effectively meets our enterprise search requirements.
What do you dislike about the product?
None, it worked well. met all requirements
What problems is the product solving and how is that benefiting you?
Enterprise search
Very high, if they need to build a search feature or analyze time-series data like logs or metrics.
What do you like best about the product?
The most compelling feature of Elasticsearch is its scalability and performance in handling high-volume, high-velocity data
What do you dislike about the product?
The primary critique of Elasticsearch centers on its operational complexity and resource intensity at scale. While it offers immense power, it is not a tool you can simply 'set and forget.
What problems is the product solving and how is that benefiting you?
we use it for real-time log analysis, application performance monitoring (APM), and security analytics (SIEM) by aggregating, indexing, and visualizing all machine-generated data.
Elastic elk and anomaly detection
What do you like best about the product?
The elastic feature of collecting logs and monitoring them through ELK is quite useful, especially when the results are displayed on a Kibana dashboard. Additionally, the integration of anomaly detection using machine learning adds significant value to the overall monitoring process.
What do you dislike about the product?
There is nothing to complain about; everything works well, including elk, ml, anomaly detection, and the APM agent, which handles auto discovery effectively.
What problems is the product solving and how is that benefiting you?
Log monitoring and anomaly detection are both available, and the agent installation process supports automatic discovery, which makes it easier to use the APM feature.
Elk usage on elastic using kibana dashboards
What do you like best about the product?
Log monitoring and it's feature to identify anomalies using enterprise elk license version and creating the dashboards on elastic are so easy
What do you dislike about the product?
Nothing all features including th exam agents features are very good for elastic
What problems is the product solving and how is that benefiting you?
Log monitoring and other features of elk including the anomaly detection and elastic apn agent where we are monitoring application performance. Capturing all logs and shown for dashboard helped in all ways to reduce incidents in applications
Sr. Elastic Engineer
What do you like best about the product?
Elastic's cloud-base solution is easy to configure and deploy. Immediately start to ingest data within minutes. Simply deploy and configure one of many integrations and begin making data driven decisions. Elastic's various components such as observability, search (vector search), SIEM makes it a one stop solution for needs.
What do you dislike about the product?
I have been using this product for over 9 years and there is not an aspect which I dislike.
What problems is the product solving and how is that benefiting you?
Elastic is helping with its SIEM integration and anomaly detection providing us with immediate alerting allowing quick mitigation and/or remediation
