Centralized logging has transformed security monitoring and semantic search powers real-time insights
What is our primary use case?
The main use cases are for logging, centralized logging system, and security purposes. We also use it for application monitoring and APM to monitor all the applications that run in our environment.
Applications developed by some of our users are monitored using APM, which is one of our primary implementations. For security purposes, we centralize logging for all 6,000 servers using Elastic Search. With more than 12,000 servers in our infrastructure, we need to track which server requires attention and receive alerts. For example, if we need to update all servers, some may be missed, but the system will trigger an alert to notify us. Monitoring and logging are the main functions we use in our current systems.
We are using Elastic Search for log ingestion only.
What is most valuable?
I chose Elastic Search because it has high search capabilities and setting up the cluster and maintaining it is very easy. Due to this, I found it very user-friendly. High availability and shards allocation are significant advantages that led us to shift to Elastic Search.
I particularly appreciate the sharding concepts because data has high availability. The semantic search feature and the new logsDB feature are valuable additions. These are things I appreciate most about the platform.
Semantic search is a very advanced feature that has proven useful for our data in current systems. I am working with Aadhaar, which is a Unique Identification Authentication firm. When we search for name-related terms, the semantic search provides relevant results. I have also implemented semantic features with hospital data, and it has been very useful for multiple cases.
Elastic Search Hybrid Search is an advanced feature that functions as a future vector database. Vectors are the main component of the database. In current systems, it shows only similar data, but with a vector database, we can store all types of data using vectors. Everything in the future will revolve around vectors. All systems are moving from CPUs to GPUs. This is very useful because comparing vector databases will be a more efficient way to store and retrieve data compared to traditional methods.
Pricing is very high compared to other solutions, but given the features they provide, the pricing is acceptable. The licensing part is also decent compared to other features. I have no issues with this because the features they provide are excellent and position us for next-level future capabilities.
Many banks are moving to Elastic Search, and many identification systems are adopting it because the search capability is significantly higher compared to other solutions, and data retrieval is also very efficient. Many industries are transitioning from old solutions like Splunk to Elastic Search. Banking sectors and healthcare sectors are leading this adoption. Many applications use Elastic Search as their backend, such as Zama. Industries are thinking about and adopting Elastic Search technology because of the features it provides.
What needs improvement?
There are several areas that need improvement. First, while storing data, there are many mapping issues and mapping conflicts that cause Elastic Search to reject the data. We have to develop solutions or significantly change our processes to address mapping conflicts. This is one of the issues that needs to be fixed.
Second, building semantic search requires significant setup and configuration work. If Elastic Search could provide a one-shot, easy-to-use semantic search implementation, many more users would adopt it. Currently, only a few users are using semantic search, but if they brought it with one-shot ease of use, many people could use it easily and create alerts.
Third, Elastic Search Vector Database needs more attention in the market. We need to bring more features about the vector database to make it easier to set up and use. The use cases also need to be brought to market. Additionally, building dashboards in Kibana is challenging. Compared to Grafana, Kibana has very few features and chart options. We need to enhance Kibana to allow very customized dashboards to be built. Kibana needs significant enhancement in this area.
For how long have I used the solution?
I have been using Elastic Search for five years.
What do I think about the stability of the solution?
Elastic Search is stable and reliable until you build the cluster for one terabyte. If data reaches one terabyte, it functions well. However, if data exceeds that or reaches a bottleneck, it becomes unstable. If data is at eighty hundred gigabytes or seven hundred gigabytes, which represents seventy to seventy-five percent of the built cluster capacity, it is very stable and reliable. Search latency is very low compared to other solutions like ClickHouse. Stability and reliability are completely dependent on the data volume.
What do I think about the scalability of the solution?
From the scaling perspective, horizontal scaling by adding extra nodes works well when data increases. We can easily add nodes into the cluster and scale horizontally. Vertical scaling is also straightforward where we can increase the size. We can add new nodes and new components very easily.
How are customer service and support?
I have raised ticket sizes with them many times. I feel very supported by their customer service. For P1 tickets, they provide very immediate quick responses and join calls to support and troubleshoot the issue accordingly. They provide solutions very efficiently. Their service is very good.
Which solution did I use previously and why did I switch?
I have used Splunk and Dynatrace previously.
I have worked with ClickHouse, and there were many issues with indexing while storing data. The approach is different with ClickHouse. I have also worked with Splunk, and it functioned adequately. However, when storing large setups or large amounts of data, Elastic Search capability is superior and is really useful for the end user.
How was the initial setup?
I believe the initial setup for this solution is complex for new members. However, if you are technically strong and understand how Elastic Search systems work, it is very easy. With five years of experience, I have set up many clusters for banking sectors and healthcare sectors. I have built fourteen clusters in production environments with large-scale systems exceeding five terabytes. This will be typical for those who have technical knowledge and can build easily. Those starting without experience can use Elastic Cloud, which offers very easy one-click deployment. They can deploy an Elastic Search cluster with single clicks. Those with technical knowledge can build the cluster themselves, but those without experience can use Elastic Cloud. This is not an issue.
What other advice do I have?
Correlation alerts is a feature I did not get the opportunity to work on. I have only theoretical knowledge but not practical knowledge.
We can use agentless approaches with a script in addition to agent-based approaches. We are building both agentless and agent-based solutions. Both are good. Agent-based approaches for fetching data work well. Both are functioning well.
Discovery is a feature we are using, and it works well. Attack is a feature I did not get the opportunity to try.
Elastic Search is very user-friendly, and we can easily integrate it with third-party models and other AWS S3 buckets. It is very user-friendly for integrating with other third-party tools.
My overall review rating for this solution is ten out of ten.
Fast, Customizable Search with Strong Community Support
What do you like best about the product?
I use Elasticsearch to build search products for websites, and I appreciate the fast and highly customizable search experience it provides. I like that it solves problems related to indexing and search speed, and its ability to heavily customize the search experience while incorporating AI is very beneficial. I find the supportive community around Elasticsearch really valuable. There's lots of support when building with it, and the good documentation makes things easier. The technical support is accessible if I need more help. I also enjoy the regular events like ElasticON, which are free and allow people to learn how to use the products better. Additionally, the initial setup was really easy thanks to the great documentation.
What do you dislike about the product?
Sometimes, the Elastic Cloud 'PaaS' experience is a little more hands-on than we'd expect. We have to really dig into areas we don't expect to investigate/fix things. We expected it to be managed by Elastic but it's not totally hands off.
What problems is the product solving and how is that benefiting you?
I use Elasticsearch to build search products, providing fast, customizable search and adding AI to enhance the search experience.
End-to-End Coverage from Ingestion to Observability, ML, SIEM/XDR, and Reporting
What do you like best about the product?
Everything from handling ingestion to observability + ML + SIEM +XDR + reporting
What do you dislike about the product?
it is good and bad in the same time , it is hard to follow all new features at time.
plus if more concret application is added o doc this would be great for better understanding of functialities
What problems is the product solving and how is that benefiting you?
Log & Metric managemnt across Observability/SIEM this is giving the user a clear view on what is going on
Impressive Speed and Powerful Near Real-Time Search with Elasticsearch
What do you like best about the product?
Elasticsearch delivers impressive search speed and strong performance, even when working with massive datasets. Its near real-time search capability, combined with powerful full-text search features, makes it a key part of our data infrastructure.
What do you dislike about the product?
Elasticsearch can be quite resource-intensive, particularly when it comes to RAM usage. For smaller infrastructure setups, managing JVM heap sizes and making sure the cluster has sufficient memory can quickly become a bit of a headache.
What problems is the product solving and how is that benefiting you?
Elasticsearch solves the problem of searching through massive amounts of unstructured data that traditional SQL databases struggle to handle efficiently. It provides a highly scalable, distributed environment that ensures fast retrieval times.
This benefits me by significantly reducing latency in our application's search feature and providing powerful analytical tools through its aggregation framework. It allows us to monitor logs in real-time and deliver a seamless, Google-like search experience to our end users.
Fast, Scalable Elasticsearch for Quick Log Analysis
What do you like best about the product?
From our use, Elasticsearch is fast, scalable and provides quick results for querying which makes it very useful for any log analysis
What do you dislike about the product?
Operational cost is increasing
Shard allocation and indexing can be made easier to configure
What problems is the product solving and how is that benefiting you?
We use ELK for log parsing, and with it its ability to respond quickly to queries helps us identify issues and get clues about what’s going wrong much faster.
Efficient Log Management & Search with Excellent Support
What do you like best about the product?
Very efficient product to manage our logs and search
The support is easy to interact with and the quality of the answers are perfect
What do you dislike about the product?
When it is self managed, a bit tedious to update
What problems is the product solving and how is that benefiting you?
Centralizing our documentation and making it available in quick search is really great
Powerful Search Platform for Enterprise-Scale Operations
What do you like best about the product?
What I like best about Elasticsearch is its powerful search and aggregation capabilities combined with high performance at scale. We support over 100 customers who use it daily in their operations, and Elasticsearch consistently handles large data volumes with fast response times.
From a support perspective, features like detailed query capabilities, clear APIs, and strong integration within the Elastic Stack significantly improve our workflow. Kibana dashboards help us quickly analyze customer issues, review logs, and identify performance bottlenecks without needing custom tools. This often reduces troubleshooting time from hours to minutes.
An unexpected benefit has been how flexible and scalable the platform is across different customer environments. It allows us to support diverse use cases while maintaining a relatively standardized architecture.
What do you dislike about the product?
One of the main challenges with Elasticsearch is the complexity of configuration and tuning, especially in larger or high-availability clusters. For customers without deep expertise, settings around JVM tuning, shard allocation, and performance optimization can be difficult to manage. This often increases the support workload and extends troubleshooting time.
Version upgrades can also be demanding. Breaking changes between major versions and strict compatibility requirements sometimes require careful planning and additional testing, which impacts customer environments and maintenance windows.
Customers often ask about the possibility of reverting to the previous version, but this is not possible.
In such cases, we have to come up with our own workarounds.
Improved backward compatibility, clearer upgrade paths, and more built-in automated diagnostics for cluster health and performance tuning would significantly reduce operational overhead for both customers and support teams.
What problems is the product solving and how is that benefiting you?
Many of our customers struggled with slow database searches, limited reporting capabilities, and fragmented log storage. Troubleshooting incidents often required manually checking multiple systems, which was time-consuming and inefficient.
With Elasticsearch, they can centralize logs and operational data, perform fast full-text searches, and build real-time dashboards. As a result, tasks that previously took hours - such as identifying the root cause of an issue - can now often be completed in minutes.
For us as a support team, this has significantly reduced resolution times and improved SLA compliance. In many cases, incident investigation time has decreased by 50% or more, which directly benefits both our customers and our internal operations.
Fast, Flexible, and Innovative—Elasticsearch at Its Best
What do you like best about the product?
I appreciate its speed, flexibility, and innovation.
What do you dislike about the product?
There isn’t much to dislike about Elastic Search.
What problems is the product solving and how is that benefiting you?
It’s helping us improve our search platform and making it better overall.
Elasticsearch: The Best Engine for Fast Data Search and Analysis
What do you like best about the product?
Elasticsearch is the best platform/engine to analyze and search your data. With the AI capabilities Elastic is developing, it becomes even more powerful. Besides the company offers an excellent support.
I cannot imagine the current internet and technological world without Elasticsearch.
What do you dislike about the product?
Documentation is sometimes hard to follow and navigating it feels confusing.
What problems is the product solving and how is that benefiting you?
You just put your data in Elasticsearch, and it can produce value. No matter if the data comes from old databases, files, logs, etc. Once it´s in Elasticsearch you extract all the value and knowledge from it.
Elasticsearch unifies multi-platform insights with powerful log search
What do you like best about the product?
Elasticsearch help to gather information from multiple platforms. Providing a single view for searching UI, search effectively from massive log data
What do you dislike about the product?
So far, we do not use much advance features in Elastic at this moment. When we have to use a certain feature in Elastic. We have to study the methodology and check from community for case reference. Also, there is less reference cases or examples that I cannot find easily if I want to arrange integration between Elasticsearch with third party application such as Oracle DB / Fortigate Firewall etc.
What problems is the product solving and how is that benefiting you?
For Telcom internal use: usually operator has many IoT device and application such as switch, router, server, VM and also many log file generated from them. The inventory is large and complex. We have use Elasticsearch to summarize the view to keep record and search these devices log. Also, with some known behavior or threshold for potential fault issue, we have set the alarm mechanism to trigger support team for troubleshooting for quick respond. In conclude, it helps me for inventory, reporting, monitoring and troubleshooting.
