We use EK but not L, instead writing own daemon that rsyslog sends loglines to and bulk inserts them into ES. We use kibana & grafana for visualization. We index approx 20k log-lines per sec (at peak) w/o a sweat (whereas logstash would choke up fairly often). A little over half a billion log lines a day - retained for a week - costs us around $800/mo on GCE (for storage & compute).
We use ENK instead. N as nxlog, open source release is great for many backends. Unlike Logstash, it's fast, written in C. Scriptable, no downtime for reconfig. Extendable with Ansible&co through include files.
