Elasticsearch® helps power the on-line world, providing sophisticated and powerful searching and analytics of documents, text, logs, metrics, and more. It's distributed, scalable, and almost absurdly flexible, yet relatively easy to use.
On the other hand, Elasticsearch® has a reputation for being a bear to manage, and, at least in older versions, unstable or easy to crash. It's come a long way in recent versions, but remains a challenge to deeply understand, troubleshoot, and tune.
This is due to its inherit power and complexity, but also to the relative lack of management tools. In that sense, it's the still the Stone Age of ELK Stack management, relying mostly on YAML files and JSON queries. Kibana is getting better, but is very much first-generation management, and only of a few core features (though it's been improving of late).
This lack of tools makes it hard to manage, especially at scale, with multiple clusters, many use cases, and the occasional problems that arise. Nearly all the docs and blogs leave user with cURL calls and JSON, or in the Dev Tools section of Kibana. Frankly, this is not the right way to manage and troubleshoot large distributed data systems.
At its core, Elasticsearch® is a distributed set of nodes, segments, shards, and indexes, all distributed around a cluster. This architecture is flexible and nearly infinitely-scalable, but often quickly becomes overwhelming to understand, especially with its dynamic nature, automatic data movement, redundancy, and somewhat obscure rules-of-thumb that, when violated, lead to weirdness.
Historically, Elasticsearch® often ran into RAM problems, with big queries, too many indexes, and various mis-configurations. Sysadmin knowledge and poor defaults in the midst of scaling systems often led to instability, slow performance, and a myriad of challenges. But it persisted because of its power, flexibility, and ease of getting started. And it's come a long way in the last 2-3 years with version 5, 6, and now 7 greatly improving overall stability, defaults, documentation, and ease of use.
ELKman™ strives to help solve these problems, with the first professional-level management tool for Elasticsearch®, and over time, the ELK stack. Providing a visual and forms interface with no JSON, it's designed to provide both broad and deep management, troubleshooting, tuning, security, audit, and more for large and complex ELK systems.
Elasticsearch® is a great product and our goal is to make it easier to manage, so it can reach its full potential in your environment. See www.ELKman.io today for more information, free trials, and how you can take control of your ELK stack today.