Elasticsearch is a distributed, RESTful search and analytics engine built on Apache Lucene that serves as the foundation of the Elastic Stack for log aggregation, full-text search, application monitoring, and security analytics. It indexes and searches structured, semi-structured, and unstructured data at scale with near-real-time performance, processing millions of log events per minute and returning query results across billions of documents in milliseconds. The Elastic Stack ecosystem — Elasticsearch for storage, Kibana for visualization, Logstash for data transformation, and Beats for lightweight data collection — provides a complete pipeline from data ingestion to interactive analysis.
Elastic Observability extends the platform beyond log management into application performance monitoring with distributed tracing, infrastructure monitoring with system metrics collection, and synthetic monitoring for uptime verification. Elastic Security adds SIEM functionality with threat detection rules, investigation workflows, and compliance reporting that operate on the same indices used for operational logging. Machine learning capabilities detect anomalies in log patterns, forecast capacity trends, and categorize log messages automatically. This breadth makes the Elastic Stack suitable as both an operational observability platform and a security analytics foundation.
Available as open-source software under AGPL for self-hosted deployment or through Elastic Cloud managed service on AWS, Azure, and Google Cloud. Self-hosted installations provide complete data sovereignty and control over retention policies but require significant operational expertise for shard management, capacity planning, and cluster health monitoring. Elastic Cloud eliminates this operational burden with managed upgrades, scaling, and backup. The OpenSearch fork under Apache 2.0 provides an alternative for organizations that require permissive licensing for commercial SaaS products built on the technology.