Elastic

What Is Elastic?

Every time you search within an application, check server logs, or receive a security alert from your infrastructure, there is a reasonable chance Elasticsearch is doing the work behind the scenes. It is one of those technologies that most internet users interact with daily without knowing it exists. Wikipedia's search, GitHub's code search, major e-commerce product catalogues, and countless internal enterprise systems all run on Elasticsearch. It is, by a significant margin, the most widely deployed search engine for structured and unstructured data in the world.

Elastic, the company behind it, is headquartered in Amsterdam, Netherlands — an EU member state. Founded in 2012 by Shay Banon (who created the original Elasticsearch project in 2010), the company is publicly traded on the New York Stock Exchange under the ticker ESTC. With approximately 3,000 employees and revenue exceeding USD 1 billion annually, Elastic is one of the largest European-headquartered technology companies in the infrastructure software space.

The Elastic product suite extends well beyond search. The company offers three solution areas: Search (application search, site search, workplace search), Observability (logs, metrics, APM, and uptime monitoring), and Security (SIEM, endpoint protection, and cloud security). All three are built on the same underlying technology: Elasticsearch for storage and search, Kibana for visualisation, and the Elastic Agent for data collection. This unified architecture means teams using Elastic for one use case can expand into others without deploying separate infrastructure.

The "ELK Stack" — Elasticsearch, Logstash (data processing), and Kibana (visualisation) — remains one of the most important open-source software stacks in existence, though the licensing situation has become complicated. Elastic changed its license from Apache 2.0 to a dual SSPL/Elastic License in 2021, which restricts cloud providers from offering Elasticsearch as a managed service. This prompted AWS to fork the project as OpenSearch. The source code remains publicly available, but the open-source community is divided on whether Elastic's current licenses qualify as genuinely open source.

Key Features

Elasticsearch Engine

Elasticsearch is a distributed search and analytics engine capable of handling petabytes of data across clusters of servers. It excels at full-text search with relevance scoring, structured data queries, aggregations, and near-real-time indexing. Documents are indexed in JSON format and searchable within seconds of ingestion. The engine supports complex query types including fuzzy matching, geospatial queries, nested document queries, and aggregation pipelines that can produce analytics across billions of records. For developers, the REST API and comprehensive client libraries (Java, Python, JavaScript, Go, Ruby, PHP, .NET) make integration straightforward. The learning curve is not in connecting to Elasticsearch — it is in understanding how to model data, configure mappings, and tune queries for your specific use case.

Kibana Visualisation

Kibana is Elastic's visualisation and dashboard platform. It transforms Elasticsearch data into charts, maps, tables, and time-series graphs. Lens, the drag-and-drop visualisation builder, makes creating dashboards accessible to non-technical users, while the more advanced TSVB and Vega options serve power users. Kibana Discover provides an interactive log exploration interface — the bread and butter for operations teams debugging production issues. Canvas allows building custom, live presentations from Elasticsearch data. For many teams, Kibana is the primary interface for all their Elasticsearch data, and its quality directly affects how much value they extract from the platform.

Observability Stack

Elastic Observability unifies logs, metrics, APM (Application Performance Monitoring), uptime monitoring, and synthetic monitoring into a single platform. The Elastic Agent collects all telemetry types from a single deployment, eliminating the need for separate log shippers, metrics collectors, and APM agents. Correlating logs with metrics and traces in a single tool significantly reduces mean time to resolution for production incidents. Compared to purpose-built observability tools like Datadog, Elastic's observability offering is less polished in its out-of-box dashboards but more flexible and significantly cheaper at scale — particularly for self-hosted deployments.

Elastic Security

Elastic Security provides SIEM (Security Information and Event Management) and endpoint protection built on Elasticsearch. The SIEM ingests security events from across the infrastructure, applies detection rules (with hundreds pre-built based on the MITRE ATT&CK framework), and surfaces alerts in Kibana. The endpoint protection agent, Elastic Defend, provides malware prevention, ransomware protection, and memory threat detection. For organisations already running the ELK Stack for observability, adding security creates a unified platform that eliminates the data silos between operations and security teams.

Self-Hosted or Managed

Elastic offers full flexibility in deployment: you can run the entire stack on your own infrastructure (bare metal, VMs, Kubernetes), use Elastic Cloud (the managed service available on AWS, Google Cloud, and Azure), or deploy through the cloud marketplaces. Self-hosting provides complete control over data residency, configuration, and cost — but requires significant operational expertise. Elastic Cloud removes the operational burden and provides automatic scaling, upgrades, and security patches. For EU organisations, self-hosting in European data centres or selecting EU regions on Elastic Cloud ensures full data sovereignty.

Pricing

Elastic's pricing model differs fundamentally depending on whether you self-host or use Elastic Cloud.

Self-hosted Elasticsearch is available under the Elastic License or SSPL at no licensing cost. You pay only for infrastructure. For organisations with the engineering talent to manage Elasticsearch clusters, this can be dramatically cheaper than any managed alternative. A mid-size deployment handling 100 GB/day of log data might cost USD 2,000-5,000/month in cloud infrastructure — a fraction of what Splunk or Datadog would charge for equivalent volume.

Elastic Cloud pricing is usage-based, starting at approximately USD 95/month for a Standard deployment. Costs scale with storage, compute, and data transfer. A production deployment with multiple nodes, replicas, and machine learning typically runs USD 500-3,000/month depending on data volume and retention requirements. Enterprise features (cross-cluster replication, searchable snapshots, advanced security) require Gold, Platinum, or Enterprise subscription tiers.

The free tier provides a single-node deployment with core search and analytics — sufficient for development, prototyping, and small-scale use cases.

The pricing advantage over competitors like Splunk is substantial: organisations routinely report 50-80% cost savings when migrating from Splunk to Elasticsearch for log analytics. The pricing disadvantage compared to newer competitors like Grafana with Loki is that Elasticsearch's resource requirements are higher — it uses more memory and storage per GB of indexed data.

EU Compliance & Data Privacy

Elastic N.V. is incorporated and headquartered in Amsterdam, Netherlands, placing it under EU jurisdiction and GDPR. As a publicly traded company (NYSE: ESTC), Elastic is subject to stringent corporate governance and financial reporting requirements that provide additional transparency.

Elastic Cloud offers EU-hosted deployment regions including Frankfurt, Amsterdam, Paris, and other European locations. Organisations can select their data region during deployment, ensuring that all indexed data, configurations, and backups remain within the EU. Self-hosted deployments provide complete data sovereignty — the data never leaves your infrastructure.

Elastic holds SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, and FedRAMP certifications. For regulated industries, Elastic's combination of EU headquarters, deployment flexibility, and certification portfolio makes it one of the most compliance-friendly platforms in the observability and search space.

The self-hosting option is particularly valuable for organisations with strict data sovereignty requirements. Unlike purely SaaS platforms where data is necessarily stored on the vendor's infrastructure, Elasticsearch can run entirely within an organisation's own data centres, air-gapped from external networks if necessary.

Who It's Best For

Engineering and DevOps teams that need a unified platform for search, log analytics, and observability — especially those with the operational expertise to manage self-hosted clusters and benefit from the significant cost advantages.

Organisations with large data volumes (100+ GB/day) where the cost differences between Elastic and commercial alternatives like Splunk or Datadog become measured in hundreds of thousands of dollars annually.

Security teams seeking a SIEM platform that integrates with their existing observability infrastructure, avoiding the data silos and duplicate ingestion costs of running separate security and operations tools.

European enterprises with strict data sovereignty requirements that need a platform from an EU-headquartered company with self-hosting capability, EU cloud regions, and comprehensive compliance certifications.

The Verdict

Elastic occupies a unique position in the infrastructure software market: it is simultaneously the most widely deployed search engine in the world and one of the most operationally demanding platforms a team can run. The feature depth is unmatched — no other single platform covers search, observability, and security with this level of integration. The EU headquarters, public company transparency, and deployment flexibility provide compliance advantages that matter for European organisations. But the complexity is real. Running Elasticsearch at scale requires dedicated expertise, and the licensing controversy has fragmented the community. Elastic Cloud reduces the operational burden but at a cost premium. For teams with the skills to manage it, Elastic is extraordinarily powerful and cost-effective. For teams without that expertise, the total cost of ownership — including the engineering hours — may exceed simpler alternatives.

Frequently Asked Questions

Is Elastic an EU company?

Yes. Elastic N.V. is incorporated and headquartered in Amsterdam, Netherlands. The company is publicly traded on the New York Stock Exchange (ESTC) and has a global workforce, but its legal domicile and corporate headquarters are in the EU. This places it under EU jurisdiction including GDPR.

Is Elasticsearch still open source?

Elasticsearch changed its license from Apache 2.0 to a dual license of Server Side Public License (SSPL) and the Elastic License in 2021, following a dispute with AWS. These licenses allow free use but restrict offering Elasticsearch as a managed service. The Open Source Initiative does not consider SSPL or Elastic License to be open-source licenses. The source code remains publicly available on GitHub.

What is the ELK Stack?

The ELK Stack is the combination of Elasticsearch (search and analytics engine), Logstash (data processing pipeline), and Kibana (visualisation dashboard). Together, they form a complete platform for ingesting, storing, searching, and visualising log and event data. Beats (lightweight data shippers) are often added as a fourth component.

How does Elastic compare to Splunk?

Elastic is significantly cheaper than Splunk for comparable data volumes, especially when self-hosted. Elasticsearch requires more operational expertise to manage, while Splunk offers a more turnkey experience. Elastic has a stronger open-source ecosystem and more flexibility. Splunk has historically had better out-of-box security analytics, though Elastic Security has narrowed this gap.

Can I run Elasticsearch in the EU?

Yes. Elastic Cloud offers EU-hosted regions including Frankfurt, Amsterdam, Paris, and other European locations. You can also self-host Elasticsearch on your own EU-based infrastructure for complete data sovereignty. The self-hosted option provides full control over where data is stored and processed.