What do icebergs and ducks have in common with Elasticsearch solutions? Basically, that what you see is the attractive bit, but that there's an awful lot more going on under the surface.
Kibana is a really lovely piece of software to use, making it easy to handle big data and create attractive visualisations. Elasticsearch is an advanced and flexible search tool. But the trouble is, in order to enjoy Kibana and Elasticsearch, you need to have Logstash.
Don't get us wrong - Logstash is a great piece of software too. But one of the things that makes it so great is that it's very flexible, so it's able to cope with a wide variety of systems and configurations. And as every software engineer knows, "flexible enough to cope with almost any configuration" tends to mean "fiddly and frustrating to get all the options exactly right for the specific configuration that you actually have". Logstash can be a real memory hog if it is not set up right, and its numerous plug-ins don't always work nicely with one another.
More or less everyone (http://blog.scottlogic.com/2014/12/19/elk-3-things-i-wish-id-known.html) who has installed (http://engineering.chartbeat.com/2015/05/26/logstash-deployment-and-scaling-tips) ELK stack seems to have written a blog post detailing all the things that they learned during the process. This is not to criticise these blogs - they have a lot of good tips and we're glad they got their system working - but it seems to us that they're missing the big picture here. The big picture in question being that this is exactly what SaaS is for; if you go for an SaaS ELK stack solution, you don't have to worry about these issues.