I have implemented Elastic Search in my organization. My experience has been really good with Elastic Search regarding the dashboards and alerts. They have integrated AI/ML capabilities in it. The Attack Discovery feature helps to dig into incidents from where they occurred to determine how the incident originated and its source. It gives an entire path of attack propagation, showing when it started, what happened, and all events that took place to connect the entire cyber incident.

Another feature is image vector analysis, which can authenticate images to prevent impersonation frauds in the ecosystem. This is a major use case in personal information and identifiable information portfolio.

I'm using Elastic Search as an observability tool and a SIEM tool. The indexing, searching, fast indexing, alert mechanisms, and BCDR compatibility are pretty smooth with Elastic Search.

On the resourcing part, I have cut off a good amount. While I don't have a concrete percentage to mention precisely, it has reduced resources to some extent.

Attack Discovery is the first feature that I appreciate. It is truly an amazing feature for any SIEM to have inbuilt. The image vector analysis is another feature that identifies any manipulation done to images. It can authenticate and identify authenticated images. If there are 10 duplicate and forged images, it can identify them through vector-based searching capabilities. These two features are prominent in terms of SIEM capabilities that Elastic Search has.

I can share feedback from the SIEM perspective about Elastic Search, as I had evaluated Elastic Search, LogRhythm, QRadar, and Microsoft.

More AI would be beneficial. I would also appreciate more simplicity in dashboards. A comprehensive dashboard is something I could expect.

I have been using Elastic Search for a year now.

There are no limited parameters to search from the events perspective. When you put one keyword, everything related to that keyword in your ecosystem will showcase all the results. This helps to get into the granularity of any events happening across the system.

It has gained significant visibility. Comparing alert statistics from other SIEMs where they could trigger 50 alerts on average weekly, Elastic Search has given me alerting statistics of roughly 90 plus for a week's time. All those alerts are mapped to MITRE ATT&CK framework. Though it could result in false positives in the earlier stage until you fine-tune and streamline the use cases in your SIEM, which is common with all SIEM tools, the visibility that Elastic Search has given us is amazing.

It was a direct purchase.

Positive

We previously used an on-premises solution.

The setup complexity depends upon the engineering team doing the implementation and the kind of infrastructure you have where logs will be ingested into the solution. For us, it was time-consuming in the earlier stages, but it was manageable and not overly complex.

We have seen moderate returns on investment.

As a CISO, I review and do the governance part. I receive alert notifications, but I don't work directly with the tool. None of my team members have complained or proposed any feature changes or modifications to the existing solution.

It totally depends upon the nature of business you are in. For my organization, it was imperative to have image scanning in place and identifying frauds happening with PII. From that perspective, Elastic Search has played a vital role. It has good inbuilt EDR capabilities as well, making it a good-to-go tool.

I rate Elastic Search eight out of ten.

On-premises

Other

My usual use cases for Elastic Search are that we are using APM, Application Performance Monitoring. We are using Real User Monitoring, as a RUM. We mostly are using it for application performance monitoring and troubleshooting in that regard. I think that's the main thing we're using Elastic Search observability for right now. We are considering expanding it also to have some Metric Beats and some other features. When we have more data, we will probably start to try to activate AI within Elastic Search. That's a possibility. The Elastic Search platform that we are using is an on-prem installation. It's not a cloud solution we have. This is because of the criticality and confidentiality of the data we have in Elastic Search.

I don't think there's a specific feature within Elastic Search that I have found the most valuable so far. We are more or less using all the features in one way or the other. Elastic Search has impacted my organization positively as we use it for logging and APM. It's not all systems which are using it yet, but it's gathering momentum because they have more use cases to present to other parts of the organization. They explain how different departments are using it, and then people see that they could also benefit from using it. More departments and their systems start to use Elastic Search as a result.

The documentation for Elastic Search can be challenging if you're not already familiar with the platform. The approach to Elastic Search can be difficult if you haven't been working with it previously. Within the product itself, some features could be more intuitive, where currently you need to know specifically where to find them and how to use them.

I have been working with Elastic Search for more than four years now.

From my perspective, Elastic Search has been very stable. The only thing I'm probably missing is what we call the session replay, some kind of tool within Elastic Search based on the data collected that can make some kind of session replay.

Elastic Search is very scalable. The only issue is some features use a huge amount of storage. You need to be in the forefront to make sure that you have the necessary storage to obtain all the data that you're collecting. They probably have surveillance indicating when storage is running low. The engineering department ensures we have sufficient storage. So far, we don't have any scalability issues regarding hosts sending data or the amount of data we are collecting. The engineering department might say we are over-consuming data, but we haven't received any message saying we have reached the ceiling yet.

I do not often communicate with the technical support of Elastic Search. That's the engineering department's responsibility. If I have an issue, I go to the engineering department, and they have the responsibility to communicate with the supplier of Elastic Search or the producer.

Positive

I work with many technical solutions compared to Elastic Search, specifically on observability. We are also looking into AI, which is in an experimental phase in my area. We haven't chosen any specific technology regarding AI. For Elastic Search as it is now, we are not looking into other technology to replace it. I am a chief consultant in my department, but in this regard, I'm mostly a user. The ones who are responsible for the platform are in another department. My experience with configuring relevant searches within the Elastic Search platform is limited as I don't search much within the platform. If I have specific needs, I reach out to get assistance from specialists because they are more familiarized with the system and know exactly how to search for things. For implementation configuration of the system, they are more capable than I am, as I'm more of a user than an engineer on the platform. I would rate Elastic Search an eight out of ten because there's always room for improvement, though from a functionality and price perspective, it could be considered a ten.

On-premises

Other

The main use cases for Elastic Search are index building and retrieving information using Elastic Search vector, vector search, and related functionalities. Search is the primary use case.

Computation is very good. The scalability is very good because we have a huge customer database that is searching lots of products, and auto-scaling or load balancing are the prominent features we are using in this.

If we look at the impact on operational efficiency, we can see that decision-making has become much faster due to real-time data and quick responses. We have also implemented many automations, which enhance our processes. For example, when we optimize certain fields to improve search functionality, it yields great results.

I have not explored Elastic Search at the most. Searching from vector DB is available in Elastic Search, and there is one more concept of graph searching or graph database searching. I have not explored it, but if it is not there, that would be an improvement area where Elastic Search can improve.

I have been working with Elastic Search for more than two years.

It is very reliable, and it has no downtime.

I believe it is scalable. Every day, we have thousands of users continuously utilizing the search feature. We haven't encountered any problems so far, and there is the potential for auto-scaling. It is currently a scalable solution.

We have not contacted them yet. So far, we haven't had any need.

Positive

The initial setup is straightforward.

We have a team of developers, so it is internally managed.

We have not calculated the ROI for Elastic Search, but we are a consumer platform where numerous searches are happening, and we are getting very good results from the current infrastructure of Elastic Search. Though the exact numbers or ROI were never calculated, the performance has been beneficial.

It is average compared to other platforms. There isn’t anything particularly special about the pricing. However, the pay-as-you-go model is advantageous for the organization, as we only pay for what we utilize.

We are using AWS for our solutions. In AWS, we are heavily using Redshift and Glue. We focus more on vector searches and boosting the keywords, and all those features we are using heavily. In search, the key parameter that we boost up during indexing is essential.

We self-implement Elastic Search in our e-commerce application. We are not currently doing a regex setup for RAG Playground, but there is a plan to do that. We are more into vector searches when it comes to how effectively the hybrid search capability meets our needs for combining traditional keyword and vector searches.

Regarding the workflow, we are using the API for real-time inference because lots of data is being loaded at real-time on the application, and it is working well for us. 

I can definitely recommend Elastic Search to be used wherever you have consumer search capabilities needed in a large or scalable manner because it is very effective. 

I would rate Elastic Search an eight out of ten.

Public Cloud

Amazon Web Services (AWS)

My main use case is for security, specifically for the SIEM aspect, as I work as a cybersecurity engineer.

We specifically use this system for security-related topics. We have a dedicated environment for Large Language Models (LLMs). We have connected our LLM, but our primary focus remains on security. When we encounter any incidents or need to gather information about connected IPs, we rely on established rules and alerts. We utilize the chat functionality of this LLM to generate queries in Kibana language.

My favorite feature is the ease of use, particularly in how you integrate the agent. I've been using it since version 7, and we're on version 9 now, and I've seen the progress from using Beats to using the agent, making it so simple today to enroll a server with the Elastic Agent. 

Deploying the Elastic Agent internally is relatively straightforward; it only requires a few commands to be run on the server. However, to manage this deployment at scale, we needed to develop a solution using Ansible. This involved creating scripts to install, restart, and uninstall the agent. While I would have preferred if Elastic had provided an official solution for these tasks, they haven't yet developed one that addresses all the necessary aspects. As a result, we've taken it upon ourselves to create these tools internally.

There are two areas in which it could improve. One is the smoother enrollment process for 1,000 or 2,000 servers at the same time, rather than having to develop something internal. 

The second topic is the actual support of YARA rules—it's Y-A-R-A, which is specific for security. As of today, this is not supported, and I've been asking for a while now; I'm unsure if they will ever release it.

I have been using this solution for at least four years.

I haven't seen any downtime.

It is really scalable. Since we're on the cloud, whenever we need to upgrade or add resources, they handle everything. It takes a couple of hours due to the amount of data we have, and I've never faced any issues during upgrades.

I have contacted technical support because we encountered issues when we started using the Elastic integrations, some of which were not finalized on their side. I had countless meetings with engineers from Elastic, including product managers and support engineers, to work on and fix the integrations we wanted to use. They have always been really responsible and responsive to my requests. Once, we had an issue with GCP, Google Cloud Platform, and they even sent us a complimentary five or six hours with an Elastic consultant to help set things up.

I would give them a nine out of ten because they are very responsive. They clearly know what they are talking about. I never encountered a situation where the support team didn’t understand what we needed.

Positive

The initial setup process took around a month.

What they need is to be more transparent about the actual setup of the cluster and the deployment process. When using Elastic out of the box, there is information that is not readily available, requiring users to dig deep into the documentation to truly understand how it works. If you're looking to set up the cluster automatically, it works well for testing purposes. However, when installing two thousand servers at once, if your deployment isn't large enough, it can lead to crashes. Occasionally, we have to delete the logs just to access the interface. Therefore, I believe they should provide clearer guidance on using the deployment manager effectively.

We started four years ago with 200-300 servers, and now we are at around 2,000 servers. The learning curve involved understanding how it works, doing labs, and the difference between Elastic Search and competitors. Elastic really helped with support; we had weekly sessions with engineers from their side to assist us in setting up.

Maintenance on my end is limited to updates. Since we are using Elastic Cloud, they take care of the infrastructure.

I am familiar with the pricing, as we negotiated it last year. Compared to other tools, it's fair. However, if we are talking with full transparency, Elastic pushes clients to buy the Enterprise edition instead of the Premium edition, and we don't see the value in that other than to spend more money more quickly. So, while pricing is good and what we expect to pay for this type of product, I'd love to finalize this concern.

We've tested multiple open-source tools based on Elastic before signing with them, including one tool called Wazuh that is built on top of Elastic. We've also tested the open-source edition of Elasticsearch where we manage the cluster and Splunk. Overall, I believe Elastic Cloud is still one of the best products out there.

I would rate this solution an eight out of ten.

Our main use case for Elastic Search is primarily for application search and document discovery.

We built an application with APIs that make documents available for search to the enterprise and we store the documents as well. A typical flow would be when an upstream application delivers a document to us, and then a different application or different user looking for some documents comes to our application, enters the metadata for that document, which we use to search in Elastic Search to retrieve the document and then deliver that document to the end user.

The seamless scalability is something I see as among the best features Elastic Search offers.

The speed with which Elastic Search is able to search through all of the documents we place into it is quite remarkable, as we search through 65 billion documents in less than a second in most cases, on a constant consistent basis.

I find configuring relevant searches within Elastic Search platform very straightforward. Elastic Search is easily scalable.

The customer support for Elastic Search is quite good.

I advise others looking into using Elastic Search to think about the future of your platform and where you intend it to be in five years, and based on that, which version of Elastic Search best suits the needs of your platform. Additionally, jump into the AI products first as you're in the planning phase so that as you're filling out your data, the AI products and machine learning products can enrich the data real-time early on in the process, which will save you a lot of time later.

The overall performance of the platform, scalability of the platform and other additional features, especially when it comes to AI, really earn the nine.

The ability to change field types seamlessly would be a huge improvement for Elastic Search, and more seamless upgrades would also be a big improvement, especially with regards to upgrading between major versions.

The upgrade experience and inflexibility with fields keeps Elastic Search from being a perfect 10.

I have been using Elastic Search the whole time I have been at Optum since 2019.

Elastic Search is stable.

The customer support for Elastic Search is quite good.

I would rate the customer support a nine.

Positive

We previously used a self-hosted Elastic running on virtual machines, and we switched to Elastic Cloud on Kubernetes at the urging of Elastic Search itself, as well as an internal drive towards cloud-first technologies. The features of Elastic Search Cloud on Kubernetes seemed to mesh well with the overall goals of our organization.

My experience with pricing, setup cost, and licensing for Elastic Search is overall fairly straightforward.

I do not have any specific numbers on a return on investment, but I do have a general sense of the overall improvement of efficiency of the platform as we moved from on-prem hosted to Elastic Cloud on Kubernetes, where the time saved from maintaining the platform itself was significant.

My experience with pricing, setup cost, and licensing for Elastic Search is overall fairly straightforward.

We have tried the hybrid search capability, and we have seen overall fairly positive results, though we have yet to roll it out in production.

We have implemented a proof of concept using Inference APIs in our processes, but we have yet to release it into production.

To be clear, we are not on Elastic Cloud serverless; we are on Elastic Cloud on Kubernetes, running on the Azure platform self-hosted.

We have not utilized Better Binary Quantization, BBQ, in our operations.

On a scale of one to ten, I rate Elastic Search a nine out of ten.

Public Cloud

Microsoft Azure

We use Elastic Search for search purposes and things related to semantic search.

It is not being used for the moment regarding my main use case for Elastic Search.

In my experience, the best features Elastic Search offers are its stability and brand new features that I consider very interesting.

The machine learning features of Elastic Search are very interesting, including the possibility to include models such as ELSER and different multilingual models that let us fine-tune our searches and use them in our search projects.

The machine learning features of Elastic Search have helped us with many things such as improving our searches and experience for the guests.

We could benefit from refining the machine learning models that we currently use in Elastic Search, along with the possibility to integrate agents, intelligent artificial intelligence, form of agent, and MCP.

It would be useful to include an assistant into Kibana for recommendations, advice, tutorials, or things that can help improve my daily work with Elastic Search.

I have been using Elastic Search and Kibana for about four years.

In my experience, Elastic Search is quite stable.

The scalability of Elastic Search is very good in my opinion. It never has incidents that cause issues in our daily tasks.

The customer support for Elastic Search is one of the best I have ever tried. Whenever I had to create a new incident, I got the responses that I needed.

Positive

I consider Elastic Search a very good project. On a scale of 1-10, I would give it a 10.

The features and capabilities that Elastic Search provides are very easy to use, and the documentation is rich. You can find and understand everything here to use it properly.

I would tell others looking into using Elastic Search that they can try it and see if it fits their use cases.

Elastic Search is a very good product. I really appreciate all the features that it provides, and I hope this product continues its evolution in the way it has been.

Private Cloud

Amazon Web Services (AWS)

At Shopee, I worked with numerous database schemas to find out which table columns belonged to which schema. We utilized Elastic Search to manage metadata for millions of tables, allowing us to search efficiently. Besides that, we used Logstash to put all the log files in Elastic Search for easy searchability.

Elastic Search significantly improved my work. Previously, when searching for text that appears in the middle of strings, the process was time-consuming. Elastic Search enables efficient searching, enhancing system performance and responsiveness. I can also collect logs through Kafka, send them to Elastic Search, and create indices, thus managing logs and customizing searches easily.

Elastic Search provides features such as stemming and range-based queries to search log files efficiently. It allows filtering data easily by searching for specific words based on created indexes. This made searches very efficient, and it also allows for log collection through Kafka and helps with managing logs and customizing searches according to needs, such as grouping by dates or user IDs.

Elastic Search could improve in areas such as search criteria and query processes, as search times were longer prior to implementing Elastic Search. Elastic Search has limitations for handling huge amounts of data and updates, especially if updates are frequent. It doesn't handle big data scale efficiently, especially regarding data size and scale, compared to Apache Solr. It doesn't support real-time search effectively, as it refreshes the indexes every few seconds.

It is stable as many companies already use Elastic Search. In cloud scenarios, it manages well by scaling up or down based on peak traffic. Otherwise, similar functionality needs to be replicated in a private cloud, including backups.

Elastic Search requires enhancements for handling huge amounts of data and updates. Segmenting or sharding data and complexities regarding the cluster can be issues. Updating in Elastic Search involves index computations and user dependencies. There might be issues regarding data size and scaling, but these can be tuned and improved.

I remember Apache Solr, which is generally used for much larger scale data compared to Elastic Search. Apache Solr is used by most companies, and while Elastic Search is very common, there are technologies similar to Elastic Search, though I'm not familiar with all the names.

I have used Elastic Search, but I might not be aware of many internal details; I just used the API to create an index, manage data, and search. It's very useful. On a scale of 1-10, I rate it an eight.

Private Cloud

Other

The main use case for Elastic Search is mainly for log management.

I appreciate the indexing capabilities and the speed of indexing in their product, which demonstrates how quickly logs are collected and stored. The search capabilities are also valuable.

The architecture of Elastic Search could be improved as it is complicated for most general users to build up the environment and maintain the cluster.

Currently, I do not have suggestions for additional functions that could be added to the product.

I have been working with Elastic Search for about two years.

I usually use Elastic Search on-premises, which introduces complexity in deployment. Using the cloud version would reduce the complexity of setting up.

I would rate the stability for Elastic Search as eight out of ten.

I would rate the scalability as eight.

I would rate technical support from Elastic Search as three out of ten.

The main issue is a general sum of all factors. Being based in Hong Kong means I can only assess the service in my region and cannot speak for other regions based on my experience.

Negative

I am currently working with multiple solutions including Elastic Search, Splunk, and Graylog.

The initial setup for Elastic Search is complex.

The real-time analytics capabilities depend on whether you use the paid version or open-source version.

I work with SME users of Elastic Search, though the solution can technically support enterprise customers.

I have not extensively used AI technology with Elastic Search.

I can recommend Elastic Search to other users.

The pricing for Elastic Search rates as four out of ten. Overall, I would rate Elastic Search as seven out of ten.

On-premises

I have been using it for a year. The main use cases involved implementing search functionality.

When discussing the features of Elastic Search, the full text search capabilities are particularly beneficial for handling large volumes of data.

The full text search capabilities in Elastic Search have proven to be extremely valuable for our operations.

Regarding AI integration, we have not yet implemented any AI-driven projects or initiatives using Elastic Search.

There are some features and functionality that could be enhanced in Elastic Search to improve its overall capabilities.

I have been using Elastic Search for a year.

In terms of performance and stability, Elastic Search has proven to be a reliable solution.

The environment includes multiple users utilizing Elastic Search across different locations.

Before implementing Elastic Search, I had experience working with other search engines from different vendors.

The implementation strategy involved specific steps during the setup process to ensure proper configuration.

The main benefits observed from using Elastic Search include improvements in operational efficiency, along with cost, time, and resource savings.

I previously used Graylog.

I am currently working with Elastic Search as the primary solution.

My role is Senior DevOps engineer at UVIK Digital.

On a scale of 1 to 10, with 10 being the highest, I would rate Elastic Search as an 8 overall as a product and solution.

Our primary use case was primarily for data storage and quick searching. We focused on getting objects from the database and filtering them efficiently. This involved getting and searching through objects.

Our productivity was consistently maintained while using this database. Its consistent performance allowed us to maintain steady productivity levels.

The most valuable feature of Elasticsearch was the quick search capability, allowing us to search by any criteria needed. The searches were executed very quickly, which made the process reliable. Additionally, full-text queries were integral to our usage. Our productivity was consistently maintained with this database. Its consistent performance allowed us to maintain steady productivity levels.

It would be useful if a feature for renaming indices could be added without affecting the performance of other features. However, overall, the consistency and stability of Elasticsearch are already commendable, and they should keep up the good work.

I have been using Elasticsearch for two and a half years while at this company.

The stability of Elasticsearch was very high, and I would rate it a ten. It was consistent and reliable in our usage.

Elasticsearch was decently scalable, matching our data growth. I would rate its scalability a ten.

I was not involved in the initial setup. However, the setup process for smaller projects was straightforward.

One person from our DevOps team was responsible for the maintenance of Elasticsearch.

We used the open-source version of Elasticsearch, which was free.

If a feature for renaming indices could be added without affecting the performance of all other features, it would be nice to have. Overall, I rate Elasticsearch a ten out of ten.

Public Cloud

Amazon Web Services (AWS)