The ELK stack (Elasticsearch, Logstash, and Kibana) or Elastic Stack has been increasingly coming up in my conversations and meetings.
I wanted to get a sense of how popular the open source projects were becoming. One great indicator I’ve found to see how much activity there is around a specific topic is to use Google trends to compare and contrast what terms are being searched for on Google.
Google searches are not an exact measurement of who is using the tool, but they are a good measurement of interest. Google trends will show how often a particular search-term is entered relative to the total search-volume.
So how popular is the Elastic Stack becoming? I did some research on Google Trends. I started by comparing the Elasticsearch term to a couple of historically common tools used for monitoring and managing network data: SNMP and SYSLOG.
I expected the trends to be going in different directions, but was surprised to see that the Elasticsearch term has actually surpassed both SNMP and SYSLOG in actual count in the past year.
Next, I compared specific security analytic’s vendors: ArcSight and Splunk. Splunk is probably the most comparable to Elasticsearch because both are more general search tools, whereas ArcSight is used specifically for security log analysis.
It wasn’t a surprise that searches for Elasticsearch was growing faster than both ArcSight and Splunk. The big surprise here was that in the last year it has passed Splunk in the number of searches on Google.
Elasticsearch also depends on other components of the ‘ElasticStack’ for security and log data analysis. Let’s take a look at how the main three components of the ElasticStack compare.
All three components of the Elastic stack are growing in interest. Elasticsearch is out pacing Logstash and Kibana. Through all five years Logstash and Kibana have maintained approximately 25-35% of the number of searches as Elasticsearch.