I'm evaluating the ELK stack or Elasticsearch + a datastore to solve a problem that basically boils down to log analytics. I had built a simple POC using mongodb and a quick/dirty webapp, when it hit me that this is a solved problem.
Initially, what I need to do is store what are essentially log files (contain mostly application configuration values), dumped at runtime, and analyze these files over time. The key is over time. What we need to be able to track is when specific key/value pairs changed, and what that change was. Also, this needs to be somewhat free-form so users can query the logs for values as needed. Long term, this will definitely grow in complexity.
What I was hoping to do is get confirmation that Elasticsearch is indeed the right tool for the job. My main concern is the ability to diff different 'versions' of files (each config dump on start up), as from what I've read, Elasticsearch is more for finding a needle in a haystack (tracking specific warnings/errors, etc.) type of log analysis vs. comparing entire files over time.