Elastic licensing policy agressively pushes to cloud, what a let down

Elastic is quick enough to respond but boy what a let down.

The sales persons barely knew the product or licensing, it took two calls to be left almost as poorly informed as before. They could not tell with confidence or verifiably so what on-prem would cost and what would be offered in return. Just one price was given as the only price.

The on-prem self-managed licensing is obscene at 4K / node per year with a minimum of three nodes to license. No informative sheet was provided to asssess how an implementation could evolve. Volume appears to be capped at 64GB per year per node (179MB/day !?) or was that 64GB RAM required ?

Somehow elastic considers it more agreeable to agressively push prospects to the cloud for which many security professionals have grown an aversion. The cloud is a flawed concept which is especially good at raking massive profits. Not a defendable secure design.

At this point i feel like i completely lost face to my partners and got punished for proposing elastic, not endorsed or rewarded.

Sorry to hear this. If you'd like to drop me a DM with your email address, I can follow this up for you and see if we can get you what you are after.



Apologies you had that experience, I would follow up with @warkolm.

I suspect the was a little miscommunication that 64 GB cap refers to 64GB of Host RAM.

On that host with 64GB of RAM you might choose to put anywhere from 2TB to 10 TB of storage which means that cluster could hold for example from 6 TB to 30 TB of data. There are a number of things to consider how you would configure.

3 three nodes refers to how many nodes it takes to have a safe quorum on a distributed system such as Elasticsearch that's why we suggest a minimum of three nodes. So you could lose one node and continue to operate.

Finally just to do a little bit of math suppose you were ingesting a .5TB / day with one replica of data to support HA with the 30 TB of storage you could store about 30 days of retention.

There is a little more subtlety to that but I thought that might help you think about that.

So for 12K a year you could have a security use case that supports a .5TB / day with 30 days retention or .25 TB/ day for 60 days retention.

These are example numbers but I thought it might help provide a little bit of clarity.

We sometimes recommend the cloud because you could actually do a hot / warm architecture perhaps could be more cost-effective and give you longer-term retention at a reasonable cost, but that might not work for you.

Hope that helps a bit.


Thanks, this is exactly the explanation i was hoping to learn but is somehow kept from visitor eyes on the elastic portal. I'm quite certain i'm far from alone in this.

The cost of 12K a year is steep to many mid-size organisations so if they go for it it must show return.

The cost of even a formiddable server is typically returned in just one year compared to cloud solutions. In the end 'the cloud is just someone elses computer' still holds.

In almost 30 years of IT i have not run into a single occurence which warrants what "the cloud" offers, neither have i ever heard of one. As such I'm with customers who prefer to stick to on-prem and endorse it for some use cases. External cloud i only endorse for hosting websites and encrypted backups. Otherwise i endorse on-prem private clouds before anything.

My experience with the elastic sales reps is cloud is basically forced fed to customers by not endorsing anything else during sales. It was such i assumed i had been fooled by people, none the wiser before and after two video calls. I darned not contact info@elastic.co again so i ended up here.

Personally i hoped for a more flexible offering for on-prem deployments, such as for example an alternate offering of appliances we can deploy on-prem but are in-line with cloud deployed machines in terms of configuration, hardening, compliance.

Thanks again for the kind and informative response.
Now maybe i can go and save face with my business partners.


One other thought is to start with just the Basic (Free License) to get everything up and running, then perhaps try the trial license to see if there is enough business value. If not you can revert to the Basic and still have a lot of functionality at no license charge.

In the security world (which is not my expertise) there are some other Open Source Projects such as Wazuh and HELK you might take a look at.

Good Hunting...

Thanks for sharing.

The customer wanted a supported solution, with a limited budget for a small-mid-size company it seems out of scope for now.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.