Elastic Stack

Elastic Cloud on Kubernetes for best scalability

Comentarios: Organizing chat data to be searchable and log management to proactively fix issues.

Puntos a favor:

One of the best features I like is that Elastic built their own kubernetes operator to extend the k8s orchestration and make it easy to deploy, scale, change, secure and configure hot-warm infrastructures. Their operator saves a ton of time during configuration. I have deployed stacks on different k8s architectures like Azure Kubernetes Service, Amazon Elastic Kubernetes Service and small on prem clusters with microk8s without issues. When we reach performance thresholds we add more elastic nodes and ECK secures and joins it to the cluster and in minutes we can leverage the extra compute. A lot of changes that are done after going to PROD are non-disruptive since ECK is aware of the main node and makes sure to pass the master role before the main one is re-deployed. I have also migrated Elastic Cloud Enterprise deployments running on bare metal and the stability of ECK is unmatched.

Puntos en contra:

Currently it is not recommended or supported for a PROD cluster to do its own self monitoring so you have to deploy a monitoring cluster. In cloud scenarios this adds costs and extra complexity so it will be great to have this feature supported.

Elastic Stack for Application Logs

Comentarios: Elastic Stack is an open source full stack solution for logs of modern day big data applications processing logs with its different applications of Logstash, Elastic and Kibana. We are using it to read through application logs, storing logs data and using dashboard to easily navigate thru the big chunk of files. Its an amazing combo of applications, completely free of cost with easy implementation and powerful online support.

Puntos a favor:

1. End to End Solution of enterprise logs with services such as Logstash, Elastic and Kibana. 2. Strong User Community and support. 3. Easy to use and implement. 4. Proactive updates on possible downtimes. 5. Dashboards for easy navigation.

Puntos en contra:

1. Cloud performance is slower than on premises installation. 2. It crashes in between which delay things sometimes.

This powerful tool allows you to take data from any source and format to search and analyze.

Puntos a favor:

It is a super fast and efficient data extraction tool. Recommended for medium-sized projects. Handles large amounts of data, is scalable.

Puntos en contra:

Usable from any device, however these must be state-of-the-art and offer great calculation speeds and ram storage.

Powerful stack for event collection, management and visualisation

Comentarios: A solid product with a rich feature set, if you get past the initial setup complexity.

Puntos a favor:

Provides great features for log ingestion, normalisation and visualisation. Has a free open source tier which can be used to cover many use cases. Visualisation options are diverse and powerful. Solid community support in forums.

Puntos en contra:

Initial setup can be tedious and is rather complex. The provided security ruleset tends to produce many false positives and requires fine tuning. Log ingestion options are not entirely covered by the web user interface.

Best for Website Monitoring, Event Management and Log Analysis.

Comentarios: This lightweight, yet powerful, modern SIEM is well-suited for the modern security operations center as it can handle a wide range of activities with ease. elastic Stack is a powerful and flexible SIEM with feature-rich out-of-the-box tools that make it easy to get the job.

Puntos a favor:

We are using ELK Stack SIEM, a scalable aggregation engine that helps us find patterns in our data as well as provides a wide array of customizable analytics and reports. With Elastic Stack, we have a better understanding of flaws and security issues, particularly memory tier support that ensures the security of our data and networks.

Puntos en contra:

It is very challenging and time-consuming to upgrade cluster node roles and data replication.